Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Are WiFi Network Names Protected by the First Amendment?

Featured Deal: Get 96% off the MCSA SQL Server Training Deal

Photo

Google Redirect, XP doesn't update, Security disabled

Started by panegyris , Feb 18 2011 12:33 AM

  • This topic is locked This topic is locked
24 replies to this topic

#1 panegyris

panegyris

  • Members
  • 12 posts
  • OFFLINE
    •  
  • Local time:12:09 PM

Posted 18 February 2011 - 12:33 AM

Hello,

I am having very similar issues that are shown in this thread: http://www.bleepingcomputer.com/forums/topic379129.html

I am running Windows XP and I have Symantec, MBAM, and Spybot installed on my computer.

The way my computer became infected was strange: I was on some forums, then I shut down my computer for a while and opened it back up. When the computer booted, I think there was a notice in my tray telling me my computer was infected. The icon looked like the yellow shield, with the exclamation point in the center, that Windows has when it alerts you to download updates. I haven't opened any programs, and all of a sudden I started receiving tons of pop-ups about my computer being infected, to install programs, etc. The computer automatically connects to a wireless router when it loads. I did not do a system restore previous so I wasn't able to go back to a previous saved point.

I ran all of the above programs, and the first few times they found some stuff I got rid of. But every few days, I would update all the files and rescan my computer and more things would pop up, trojan.agent and backdoor.ircbot being some examples. When I try to get rid of them, MBAM tells me it cannot do so. When I run Spybot, it tells me that windows security center is disabled (Microsoft.WindowsSecurityCenter_diabled). Once I tried to auto-enable it, but as soon as it is enabled it disables itself again. Google continuously redirects me, and I am not sure what else is messing with the computer system.

I went to make sure my firewall is on (it is), and I also made sure that the Windows updates box was checked. Normally every once in a while Windows will let me know that I have to download updates but since this has happened, there have been no updates.

Also, I apologize if I'm cluttering this, but is any of this indicative of any of my personal information being compromised (I log in for email, etc)?

Please let me know if I have left anything out!

Thanks so much.

The following is the DDS Log:


DDS (Ver_10-12-12.02) - NTFSx86
Run by Fanny at 23:39:00.04 on Thu 02/17/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.140 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Pharos\bin\popnet.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Fanny\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Fanny\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: SfcDisable=-99 (0xffffff9d)
uWinlogon: Shell=,explorer.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\fanny\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08d8 -f video -m logitech -d 12.0.1278.0
StartupFolder: c:\docume~1\fanny\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {28ABC5C0-4FCB-33CF-AAX5-35GX1C642122} - c:\restore\s-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\fanny\applic~1\mozilla\firefox\profiles\chdyuqpz.default\
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\fanny\application data\mozilla\firefox\profiles\chdyuqpz.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\fanny\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\fanny\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\fanny\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Status-bar Scientific Calculator: ststusscicalc@sunny - %profile%\extensions\ststusscicalc@sunny
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-15 102448]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-1-13 38224]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110204.002\naveng.sys [2011-2-4 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110204.002\navex15.sys [2011-2-4 1360760]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]

=============== Created Last 30 ================

2011-02-10 02:36:40 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2011-02-10 02:36:34 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll
2011-02-10 02:36:26 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2011-02-10 02:35:45 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2011-01-30 19:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-01-30 19:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-01-30 02:14:38 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2011-01-30 02:14:38 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-14 01:48:37 122880 --sha-r- c:\windows\system32\lnkstubw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 23:40:37.54 ===============

Hi, it's been a while and I haven't received a reply yet, will anyone be able to help me?

Thanks.

EDIT: Please be patient. There are over 120 unanswered topics in this forum at present and the current average wait time to receive help is 5 days. ~BP

Attached Files


Edited by Budapest, 20 February 2011 - 04:39 PM.

BC AdBot (Login to Remove)

 

#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:09 PM

Posted 21 February 2011 - 03:02 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 panegyris

panegyris
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
    •  
  • Local time:12:09 PM

Posted 22 February 2011 - 10:14 PM

Hi Gringo, thanks for helping!!

DDS Log


DDS (Ver_10-12-12.02) - NTFSx86
Run by Fanny at 22:04:54.06 on Tue 02/22/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.206 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Pharos\bin\popnet.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Documents and Settings\Fanny\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\Fanny\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: SfcDisable=-99 (0xffffff9d)
uWinlogon: Shell=,explorer.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\fanny\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08d8 -f video -m logitech -d 12.0.1278.0
StartupFolder: c:\docume~1\fanny\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {28ABC5C0-4FCB-33CF-AAX5-35GX1C642122} - c:\restore\s-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\fanny\applic~1\mozilla\firefox\profiles\chdyuqpz.default\
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\fanny\application data\mozilla\firefox\profiles\chdyuqpz.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\fanny\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\fanny\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\fanny\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Status-bar Scientific Calculator: ststusscicalc@sunny - %profile%\extensions\ststusscicalc@sunny
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-15 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110204.002\naveng.sys [2011-2-4 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110204.002\navex15.sys [2011-2-4 1360760]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]

=============== Created Last 30 ================

2011-02-18 04:41:53 54016 ----a-w- c:\windows\system32\drivers\vitbc.sys
2011-02-10 02:36:40 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2011-02-10 02:36:34 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll
2011-02-10 02:36:26 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2011-02-10 02:35:45 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2011-01-30 19:57:00 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-01-30 19:57:00 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-01-30 02:14:38 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2011-01-30 02:14:38 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-14 01:48:37 122880 --sha-r- c:\windows\system32\lnkstubw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe

============= FINISH: 22:06:52.40 ===============






















Rootkit

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xF6800000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5857280 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xAA31A000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4874240 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xBF1E7000 C:\WINDOWS\System32\igxpdx32.DLL 2699264 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF655A000 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 2531328 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2265088 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2265088 bytes
0x804D7000 RAW 2265088 bytes
0x804D7000 WMIxWDM 2265088 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04F000 C:\WINDOWS\System32\igxpdv32.DLL 1671168 bytes (Intel Corporation, Component GHAL Driver)
0xA82CB000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110204.002\navex15.sys 1355776 bytes (Symantec Corporation, AV Engine)
0xAA1E3000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1126400 bytes (Agere Systems, SoftModem Device Driver)
0xF748D000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF62C5000 C:\WINDOWS\System32\Drivers\wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0xA9CD1000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xA9D6C000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 413696 bytes (Symantec Corporation, SPBBC Driver)
0xA9C73000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xF63D6000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA9E7A000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xAA163000 C:\Program Files\Symantec AntiVirus\savrt.sys 360448 bytes (Symantec Corporation, AutoProtect)
0xA8C61000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xF64EA000 C:\WINDOWS\system32\drivers\tifm21.sys 311296 bytes (Texas Instruments, tifm21.sys)
0xBF47A000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA8EDA000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xA9E1B000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 233472 bytes (Symantec Corporation, Network Dispatch Driver)
0xF6434000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF75EF000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA93C5000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7460000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 176128 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xA7AA5000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA9D41000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF67C4000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xA9DF3000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF64AF000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 159744 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xF757B000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA9E54000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xA7C8B000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xAA2F6000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6536000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF648C000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA9DD1000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAA141000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 139264 bytes (Symantec Corporation, Symantec Event Library)
0x80700000 ACPI_HAL 134400 bytes
0x80700000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7543000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF75A1000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF75C0000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xA9C56000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xF7446000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA8044000 C:\DOCUME~1\Fanny\LOCALS~1\Temp\afeyrpob.sys 98304 bytes
0xF7563000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA9C16000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF751A000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6475000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA9ABF000 C:\WINDOWS\system32\DRIVERS\WudfPf.sys 94208 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xA95FA000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xA82B7000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110204.002\naveng.sys 81920 bytes (Symantec Corporation, AV Engine)
0xAA12D000 C:\Program Files\Symantec AntiVirus\Savrtpel.sys 81920 bytes (Symantec Corporation, SAVRTPEL)
0xF64D6000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xF67EC000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA9ED3000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xF7531000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF75DE000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6464000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF63B6000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF787E000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF784E000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF764E000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF76CE000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF77CE000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF788E000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA9A67000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF77EE000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF765E000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF775E000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0xF769E000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF785E000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF76FE000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF767E000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF771E000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76EE000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF786E000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF766E000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF770E000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF774E000 C:\WINDOWS\system32\DRIVERS\zumbus.sys 45056 bytes (Microsoft Corporation, Zune User-Mode Bus Enumerator)
0xF763E000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF778E000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF76AE000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xA8BB9000 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 40960 bytes (Symantec Corporation, Redirector Filter Driver)
0xF773E000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF768E000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF782E000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF783E000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF772E000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF76DE000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA7EBC000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF78AE000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF799E000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7A46000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF79EE000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7946000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF79FE000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF79DE000 C:\DOCUME~1\Fanny\LOCALS~1\Temp\mbr.sys 28672 bytes
0xF78BE000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF795E000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF794E000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7956000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF793E000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7A36000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7926000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xF7A3E000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF78C6000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF796E000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7976000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF7966000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF790E000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7A56000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7B2A000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF7416000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9AB7000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7A5A000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xF7A4E000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF7A52000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xA9FDA000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF62B9000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF62B5000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7B2E000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xAA1DF000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7BD0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B42000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7BFA000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7BCE000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7B3E000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7BD4000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7BD6000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B7E000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B96000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7B40000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C96000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7D62000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7CC2000 C:\WINDOWS\system32\Drivers\mchInjDrv.sys 4096 bytes
0xF7D8E000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7C07000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7C06000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

Attached Files


Edited by panegyris, 22 February 2011 - 10:15 PM.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:09 PM

Posted 23 February 2011 - 06:07 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 panegyris

panegyris
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
    •  
  • Local time:12:09 PM

Posted 23 February 2011 - 09:05 PM

Hi,

Here is my log from Combofix. The first time I ran it, my computer got a black screen upon reboot so I shut off and restarted the computer and ran it again.

I am still getting redirected by Google.

MBAM found Backdoor.IRC
Symantec found Bloodhound.MalPE
Spybot is still telling me that Windows security is disabled.

I am looking at the Quarantine and there are a lot of Backdoor.IRC, Trojan.FakeAlert, and Trojan.Agent with MBAM. Symantec also has a lot of stuff I can't delete, only keep in quarantine. Is there a way to permanently delete these files?

Thanks.

COMBOFIX LOG

ComboFix 11-02-23.05 - Fanny 02/23/2011 20:32:40.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.350 [GMT -5:00]
Running from: c:\documents and settings\Fanny\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
The following files were disabled during the run:
c:\progra~1\PHAROS~1\Core\PRNTRACK.DLL

/wow section - STAGE 25
The system cannot find the path specified.
@DO was unexpected at this time.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Fanny\Application Data\AdVantage
C:\restore
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2011-01-24 to 2011-02-24 )))))))))))))))))))))))))))))))
.

2011-02-10 02:36 . 2010-12-22 12:34 301568 ------w- c:\windows\system32\dllcache\kerberos.dll
2011-02-10 02:36 . 2011-01-21 14:44 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll
2011-02-10 02:36 . 2010-12-20 17:26 730112 ------w- c:\windows\system32\dllcache\lsasrv.dll
2011-02-10 02:35 . 2010-12-09 15:15 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
2011-01-30 19:57 . 2011-01-30 19:57 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-01-30 19:57 . 2011-01-30 19:57 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-01-30 02:14 . 2001-08-17 22:56 7552 ----a-w- c:\windows\system32\drivers\SONYPVU1.SYS
2011-01-30 02:14 . 2001-08-17 22:56 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2006-03-15 08:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-03-15 08:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2009-08-25 11:16 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2009-08-25 11:15 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2009-08-25 11:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2006-03-15 08:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2006-03-15 08:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:09 . 2011-01-14 04:02 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2011-01-14 04:02 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 17:26 . 2009-08-25 11:15 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2009-08-25 11:15 385024 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2009-02-09 08:10 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2006-03-15 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42 . 2009-08-25 11:15 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2009-02-06 10:32 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Fanny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-09-17 136176]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-10 16861184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2006-03-04 184320]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-04 88204]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-12-03 274608]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-09-24 159472]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2009-04-30 460048]

c:\documents and settings\Fanny\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Fanny\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/15/2010 3:09 PM 102448]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 7:48 PM 116664]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [9/24/2010 1:19 PM 268528]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2011-02-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1336601894-1801674531-1003Core.job
- c:\documents and settings\Fanny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-17 01:39]

2011-02-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1336601894-1801674531-1003UA.job
- c:\documents and settings\Fanny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-17 01:39]

2011-02-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-343818398-1336601894-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]

2011-02-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-1336601894-1801674531-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Fanny\Application Data\Mozilla\Firefox\Profiles\chdyuqpz.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Status-bar Scientific Calculator: ststusscicalc@sunny - %profile%\extensions\ststusscicalc@sunny
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-23 20:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1640)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\progra~1\PHAROS~1\Core\PRNTRACK.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\AGRSMMSG.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\PHAROS~1\Core\CTskMstr.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\ZuneBusEnum.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2011-02-23 20:52:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-24 01:51

Pre-Run: 53,047,468,032 bytes free
Post-Run: 53,549,772,800 bytes free

- - End Of File - - BC61265B5FEB643B3D987EFB52286404

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:09 PM

Posted 24 February 2011 - 06:08 AM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 panegyris

panegyris
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
    •  
  • Local time:12:09 PM

Posted 25 February 2011 - 12:08 AM

Nothing was found.

TDSS Killer Log

2011/02/25 00:06:05.0124 1304 TDSS rootkit removing tool 2.4.18.0 Feb 21 2011 11:08:08
2011/02/25 00:06:05.0218 1304 ================================================================================
2011/02/25 00:06:05.0218 1304 SystemInfo:
2011/02/25 00:06:05.0218 1304
2011/02/25 00:06:05.0218 1304 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/25 00:06:05.0218 1304 Product type: Workstation
2011/02/25 00:06:05.0218 1304 ComputerName: FANNY-BE3BEFECB
2011/02/25 00:06:05.0218 1304 UserName: Fanny
2011/02/25 00:06:05.0218 1304 Windows directory: C:\WINDOWS
2011/02/25 00:06:05.0218 1304 System windows directory: C:\WINDOWS
2011/02/25 00:06:05.0218 1304 Processor architecture: Intel x86
2011/02/25 00:06:05.0218 1304 Number of processors: 2
2011/02/25 00:06:05.0218 1304 Page size: 0x1000
2011/02/25 00:06:05.0218 1304 Boot type: Normal boot
2011/02/25 00:06:05.0218 1304 ================================================================================
2011/02/25 00:06:05.0796 1304 Initialize success
2011/02/25 00:06:28.0702 3440 ================================================================================
2011/02/25 00:06:28.0702 3440 Scan started
2011/02/25 00:06:28.0702 3440 Mode: Manual;
2011/02/25 00:06:28.0702 3440 ================================================================================
2011/02/25 00:06:29.0437 3440 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/25 00:06:29.0484 3440 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/02/25 00:06:29.0546 3440 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/25 00:06:29.0655 3440 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/25 00:06:29.0984 3440 AgereSoftModem (c41a5740468d0b9cb46e6390a0e15ce3) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
2011/02/25 00:06:30.0562 3440 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/25 00:06:30.0702 3440 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/25 00:06:30.0843 3440 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/25 00:06:30.0890 3440 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/25 00:06:31.0015 3440 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/25 00:06:31.0046 3440 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/25 00:06:31.0140 3440 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/25 00:06:31.0296 3440 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/25 00:06:31.0437 3440 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/25 00:06:31.0624 3440 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/25 00:06:31.0702 3440 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/25 00:06:31.0827 3440 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/02/25 00:06:32.0077 3440 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/02/25 00:06:32.0499 3440 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/25 00:06:32.0577 3440 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/25 00:06:32.0734 3440 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/25 00:06:32.0796 3440 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/25 00:06:32.0843 3440 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/25 00:06:33.0109 3440 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/25 00:06:33.0296 3440 E100B (ac9cf17ee2ae003c98eb4f5336c38058) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/25 00:06:33.0515 3440 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/02/25 00:06:33.0640 3440 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/02/25 00:06:33.0921 3440 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/25 00:06:34.0015 3440 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/02/25 00:06:34.0140 3440 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/25 00:06:34.0187 3440 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/02/25 00:06:34.0296 3440 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/25 00:06:34.0359 3440 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/25 00:06:34.0390 3440 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/25 00:06:34.0452 3440 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/02/25 00:06:34.0749 3440 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/25 00:06:34.0874 3440 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/25 00:06:34.0984 3440 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/25 00:06:35.0062 3440 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/25 00:06:35.0202 3440 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/25 00:06:35.0734 3440 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/02/25 00:06:36.0140 3440 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/25 00:06:36.0484 3440 IntcAzAudAddService (b2957d6c1226f029230dac2c46d34286) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/02/25 00:06:37.0109 3440 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/25 00:06:37.0140 3440 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/25 00:06:37.0218 3440 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/25 00:06:37.0327 3440 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/25 00:06:37.0390 3440 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/25 00:06:37.0468 3440 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/25 00:06:37.0499 3440 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/25 00:06:37.0593 3440 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/25 00:06:37.0780 3440 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/25 00:06:37.0874 3440 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/25 00:06:37.0921 3440 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/25 00:06:38.0015 3440 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
2011/02/25 00:06:38.0218 3440 LVRS (87ecce893d8aec5a9337b917742d339c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
2011/02/25 00:06:38.0484 3440 LVUSBSta (be5e104be263921d6842c555db6a5c23) C:\WINDOWS\system32\drivers\LVUSBSta.sys
2011/02/25 00:06:38.0562 3440 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/02/25 00:06:38.0655 3440 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/25 00:06:38.0734 3440 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/25 00:06:38.0827 3440 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/25 00:06:38.0968 3440 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/25 00:06:39.0077 3440 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/25 00:06:39.0109 3440 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/25 00:06:39.0202 3440 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/25 00:06:39.0280 3440 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/25 00:06:39.0327 3440 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/25 00:06:39.0390 3440 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/25 00:06:39.0437 3440 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/25 00:06:39.0499 3440 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/25 00:06:39.0640 3440 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/25 00:06:39.0874 3440 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/25 00:06:39.0905 3440 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/25 00:06:40.0077 3440 NAVENG (c8ef74e4d8105b1d02d58ea4734cf616) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110223.002\naveng.sys
2011/02/25 00:06:40.0234 3440 NAVEX15 (94b3164055d821a62944d9fe84036470) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110223.002\navex15.sys
2011/02/25 00:06:40.0640 3440 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/25 00:06:40.0749 3440 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/25 00:06:40.0874 3440 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/25 00:06:40.0952 3440 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/25 00:06:40.0984 3440 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/25 00:06:41.0046 3440 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/25 00:06:41.0093 3440 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/25 00:06:41.0140 3440 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/25 00:06:41.0624 3440 NETw4x32 (d57258165aba8162de8e29d71487fc4b) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2011/02/25 00:06:42.0202 3440 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/25 00:06:42.0280 3440 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/25 00:06:42.0374 3440 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/25 00:06:42.0577 3440 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/25 00:06:42.0671 3440 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/25 00:06:42.0796 3440 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/25 00:06:42.0952 3440 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/25 00:06:43.0046 3440 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/02/25 00:06:43.0140 3440 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/25 00:06:43.0218 3440 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/25 00:06:43.0234 3440 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/25 00:06:43.0296 3440 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/25 00:06:43.0327 3440 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/02/25 00:06:43.0421 3440 pepifilter (b20f958b207e6aaac5f70d04dd2c30d8) C:\WINDOWS\system32\DRIVERS\lv302af.sys
2011/02/25 00:06:44.0030 3440 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
2011/02/25 00:06:44.0468 3440 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/25 00:06:44.0702 3440 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/25 00:06:44.0843 3440 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/25 00:06:44.0905 3440 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/25 00:06:45.0030 3440 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/25 00:06:45.0093 3440 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/25 00:06:45.0171 3440 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/25 00:06:45.0234 3440 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/25 00:06:45.0327 3440 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/25 00:06:45.0452 3440 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/25 00:06:45.0640 3440 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/25 00:06:45.0765 3440 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/25 00:06:45.0921 3440 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/25 00:06:46.0109 3440 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
2011/02/25 00:06:46.0155 3440 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2011/02/25 00:06:46.0421 3440 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/02/25 00:06:46.0593 3440 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/25 00:06:46.0687 3440 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/02/25 00:06:46.0843 3440 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/02/25 00:06:46.0999 3440 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/02/25 00:06:47.0140 3440 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/25 00:06:47.0280 3440 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/25 00:06:47.0452 3440 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/02/25 00:06:47.0780 3440 SPBBCDrv (60053e9c1fc4f6887c296c19cb825244) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/02/25 00:06:48.0077 3440 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/25 00:06:48.0187 3440 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/25 00:06:48.0265 3440 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/25 00:06:48.0343 3440 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/25 00:06:48.0374 3440 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/25 00:06:48.0421 3440 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/25 00:06:48.0562 3440 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/02/25 00:06:48.0718 3440 SYMREDRV (e919f0922248a826964428f479a3dc24) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/02/25 00:06:48.0999 3440 SYMTDI (c177d5a655af572c456ec977582b9bc0) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/02/25 00:06:49.0296 3440 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/25 00:06:49.0577 3440 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/25 00:06:50.0249 3440 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/25 00:06:50.0671 3440 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/25 00:06:51.0140 3440 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/25 00:06:51.0780 3440 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\WINDOWS\system32\drivers\tifm21.sys
2011/02/25 00:06:52.0093 3440 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/25 00:06:52.0296 3440 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/25 00:06:52.0499 3440 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/25 00:06:52.0593 3440 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/25 00:06:52.0718 3440 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/25 00:06:52.0812 3440 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/25 00:06:52.0921 3440 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/25 00:06:53.0046 3440 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/25 00:06:53.0280 3440 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/25 00:06:53.0437 3440 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/25 00:06:53.0546 3440 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/25 00:06:53.0765 3440 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/25 00:06:53.0859 3440 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/25 00:06:53.0952 3440 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/02/25 00:06:54.0155 3440 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/25 00:06:54.0265 3440 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/02/25 00:06:54.0484 3440 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/25 00:06:54.0718 3440 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/25 00:06:54.0890 3440 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/25 00:06:55.0077 3440 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
2011/02/25 00:06:55.0327 3440 ================================================================================
2011/02/25 00:06:55.0327 3440 Scan finished
2011/02/25 00:06:55.0327 3440 ================================================================================

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:09 PM

Posted 25 February 2011 - 12:14 AM

we are going to check the router

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 panegyris

panegyris
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
    •  
  • Local time:12:09 PM

Posted 25 February 2011 - 01:09 AM

I'm on the school network via ethernet cable. I've replaced the domain name with "server". I hope this is ok.

Windows IP Configuration



Host Name . . . . . . . . . . . . : fanny-be3befecb

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hand-resnet.server.edu



Ethernet adapter Wireless Network Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection

Physical Address. . . . . . . . . : 00-18-DE-A7-2B-BC



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hand-resnet.server.edu

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-A0-D1-60-F3-DD

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 130.245.192.77

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 130.245.192.1

DHCP Server . . . . . . . . . . . : 130.245.255.2

DNS Servers . . . . . . . . . . . : 129.49.7.170

Primary WINS Server . . . . . . . : 130.245.255.4

Lease Obtained. . . . . . . . . . : Friday, February 25, 2011 1:02:53 AM

Lease Expires . . . . . . . . . . : Friday, February 25, 2011 3:02:53 AM

Server: recursion.server.edu
Address: 129.49.7.170

Name: google.com
Addresses: 74.125.226.115, 74.125.226.116, 74.125.226.112, 74.125.226.113
74.125.226.114

Server: recursion.server.edu
Address: 129.49.7.170

Name: yahoo.com
Addresses: 67.195.160.76, 69.147.125.65, 72.30.2.43, 98.137.149.56
209.191.122.70



Pinging google.com [74.125.226.116] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 74.125.226.116:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Request timed out.

Request timed out.



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 18 de a7 2b bc ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
0x3 ...00 a0 d1 60 f3 dd ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 130.245.192.1 130.245.192.77 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
130.245.192.0 255.255.255.0 130.245.192.77 130.245.192.77 20
130.245.192.77 255.255.255.255 127.0.0.1 127.0.0.1 20
130.245.255.255 255.255.255.255 130.245.192.77 130.245.192.77 20
169.254.0.0 255.255.0.0 130.245.192.77 130.245.192.77 20
224.0.0.0 240.0.0.0 130.245.192.77 130.245.192.77 20
255.255.255.255 255.255.255.255 130.245.192.77 2 1
255.255.255.255 255.255.255.255 130.245.192.77 130.245.192.77 1
Default Gateway: 130.245.192.1
===========================================================================
Persistent Routes:
None

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:09 PM

Posted 25 February 2011 - 01:33 AM

I want you to go here - https://store.opendns.com/setup/device/windows-xp/ and change the dns settings on the computer and see if you still have the same problem


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 panegyris

panegyris
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
    •  
  • Local time:12:09 PM

Posted 25 February 2011 - 02:31 AM

When I changed the DNS settings, the computer wasn't able to connect to the internet, so I changed it back to automatic.

I am still having problem with the redirect.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:09 PM

Posted 25 February 2011 - 03:23 AM

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 panegyris

panegyris
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
    •  
  • Local time:12:09 PM

Posted 25 February 2011 - 11:10 AM

I've attached Extras.txt just in case.

OTL File

OTL logfile created on: 2/25/2011 10:55:49 AM - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\Fanny\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 411.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.80 Gb Total Space | 49.53 Gb Free Space | 33.29% Space Free | Partition Type: NTFS

Computer Name: FANNY-BE3BEFECB | User Name: Fanny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Fanny\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
PRC - C:\Program Files\CDisplay\CDisplay.exe (David Ayton)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Fanny\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\PharosSystems\Core\PRNTRACK.DLL (Pharos Systems International)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (ZuneWlanCfgSvc) -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (ZuneBusEnum) -- C:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Pharos Systems ComTaskMaster) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110223.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110223.002\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (NETw4x32) Intel® -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-343818398-1336601894-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-343818398-1336601894-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 E4 F0 40 B0 C1 CB 01 [binary data]
IE - HKU\S-1-5-21-343818398-1336601894-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-343818398-1336601894-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: ststusscicalc@sunny:4.9.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/03 02:40:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/17 00:26:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/17 08:29:47 | 000,000,000 | ---D | M]

[2010/09/16 20:09:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fanny\Application Data\Mozilla\Extensions
[2011/02/23 21:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Fanny\Application Data\Mozilla\Firefox\Profiles\chdyuqpz.default\extensions
[2010/12/07 18:29:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Fanny\Application Data\Mozilla\Firefox\Profiles\chdyuqpz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/13 10:58:36 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Fanny\Application Data\Mozilla\Firefox\Profiles\chdyuqpz.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/09/23 22:44:52 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Documents and Settings\Fanny\Application Data\Mozilla\Firefox\Profiles\chdyuqpz.default\extensions\DeviceDetection@logitech.com
[2010/10/05 20:12:14 | 000,000,000 | ---D | M] ("Status-bar Scientific Calculator") -- C:\Documents and Settings\Fanny\Application Data\Mozilla\Firefox\Profiles\chdyuqpz.default\extensions\ststusscicalc@sunny
[2011/02/23 21:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/17 02:25:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/09/15 16:02:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/15 23:28:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/03 02:40:55 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2010/09/15 14:14:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 11:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/02/23 20:41:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-343818398-1336601894-1801674531-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [WUAppSetup] C:\Program Files\Common Files\logishrd\WUApp32.exe ()
O4 - Startup: C:\Documents and Settings\Fanny\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-1336601894-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-1336601894-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-343818398-1336601894-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-343818398-1336601894-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 129.49.7.170
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Fanny\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Fanny\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/15 14:12:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/23 21:31:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/02/23 19:37:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/23 19:33:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/23 19:33:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/23 19:33:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/23 19:33:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/23 19:29:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/23 19:26:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/22 22:07:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanny\Desktop\New Folder (3)
[2011/02/21 22:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanny\My Documents\Britney Spears - The Singles Collection
[2011/02/21 00:58:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanny\My Documents\Britney Spears - Circus
[2011/02/21 00:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanny\My Documents\Britney Spears - Greatest Hits_ My Prerogative
[2011/02/20 18:55:43 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/02/20 16:17:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanny\My Documents\[8059][Our_KHR Project][Noushuku YamaGoku 100%][PART 4]
[2011/02/20 16:17:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanny\My Documents\[8059][Our_KHR Project][Noushuku YamaGoku 100%][PART 3]
[2011/02/20 15:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanny\My Documents\[8059][Our_KHR Project][Noushuku YamaGoku 100%][PART 2]
[2011/02/20 15:51:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanny\My Documents\[8059][Our_KHR Project][Noushuku YamaGoku 100%][PART 1]
[2011/02/17 23:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanny\Desktop\gmer
[2011/02/09 21:36:40 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kerberos.dll
[2011/02/09 21:36:34 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/02/09 21:36:26 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2011/02/05 22:24:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanny\Desktop\Examkrackers MCAT Complete Study Package (Searchable)
[2011/02/05 00:25:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanny\My Documents\[Zaria] Pet Keiyaku [ENG]
[2011/02/04 18:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanny\My Documents\Fanfiction
[2011/02/02 21:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanny\Desktop\Music Study Project
[2011/01/31 20:36:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Fanny\Desktop\New Folder (2)
[2011/01/29 21:14:38 | 000,007,552 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\dllcache\sonypvu1.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Fanny\My Documents\*.tmp files -> C:\Documents and Settings\Fanny\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/25 10:54:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1336601894-1801674531-1003UA.job
[2011/02/25 02:29:45 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-1336601894-1801674531-1003.job
[2011/02/25 02:29:45 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-1336601894-1801674531-1003.job
[2011/02/23 20:41:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/23 20:41:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/23 20:40:59 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/23 19:50:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/23 19:37:06 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/02/23 19:19:05 | 004,273,912 | R--- | M] () -- C:\Documents and Settings\Fanny\Desktop\ComboFix.exe
[2011/02/22 22:06:44 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\RKUnhookerLE.EXE
[2011/02/22 22:05:01 | 021,217,046 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\[silver_lining]Dreams.zip
[2011/02/22 22:03:23 | 014,974,991 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\[silver_lining]the_nurse_and_my_beginning.zip
[2011/02/22 22:03:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Fanny\defogger_reenable
[2011/02/22 22:03:08 | 009,661,200 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\[silver_lining]error_trap.zip
[2011/02/21 22:30:22 | 029,952,722 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\Gintama_-_Kienu_Akuji_wo_Hyakumanben_-_Part_01_[SilverSoul].zip
[2011/02/21 22:29:21 | 035,789,706 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\Gintama_-_KienuAkujiwoHyakumanben_Conclusion_[SilverSoul].zip
[2011/02/21 22:26:58 | 016,667,666 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\Gintama_-_AidanoKoidano_[SilverSoul].zip
[2011/02/21 22:25:52 | 015,882,062 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\Gintama_-_Akuji_Extra_[SilverSoul].zip
[2011/02/21 22:02:39 | 062,539,590 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\David Arkenstone - Caravan Of Light.zip
[2011/02/21 21:47:48 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\dds.scr
[2011/02/21 21:39:52 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\Defogger.exe
[2011/02/21 11:11:18 | 000,096,768 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\BIO311 - Lab A - Molecular Biology Lab Basics - Shao Fanny Section 1 Group 2 02.doc
[2011/02/21 10:34:23 | 031,209,427 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\bio311 partb.pdf
[2011/02/21 08:54:10 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1336601894-1801674531-1003Core.job
[2011/02/21 04:45:55 | 109,015,222 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\David Arkenstone - Caribbean Dreams.zip
[2011/02/21 04:18:25 | 090,808,758 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\David Arkenstone - Chronicles.zip
[2011/02/21 04:15:51 | 006,030,366 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\12 - Lindsay Lohan - Rumors.mp3
[2011/02/21 03:59:31 | 003,286,788 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\17 Tabloid Magazine.mp3
[2011/02/21 03:47:29 | 133,273,124 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\David Arkenstone - Citizen Of The World.zip
[2011/02/21 03:29:59 | 008,973,293 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\bleep_You.mp3
[2011/02/21 03:15:18 | 057,051,612 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\David Arkenstone - Citizen Of Time.zip
[2011/02/21 02:41:08 | 056,167,829 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\David ArkenstoneDavid Lanz - Convergence.zip
[2011/02/21 02:24:06 | 053,967,108 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\David Arkenstone - Island.zip
[2011/02/21 02:18:42 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\absorption of ssp.xls
[2011/02/21 01:44:14 | 046,755,278 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\David Arkenstone - Spirit Of Tibet.zip
[2011/02/21 01:34:32 | 061,095,737 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\David Arkenstone - Spirit Wind.zip
[2011/02/21 01:10:55 | 081,591,908 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Britney Spears - B In The Mix (The Remixes).zip
[2011/02/21 00:26:01 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\BIO311 - Lab A - Molecular Biology Lab Basics - Shao Fanny Section 1 Group 2.doc
[2011/02/20 23:58:17 | 009,330,963 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\01 Hold It Against Me.mp3
[2011/02/20 21:13:46 | 000,013,614 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\BIO 311 Lab A results1.doc
[2011/02/20 18:39:50 | 016,375,790 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Guilty_Game_[SilverSoul].zip
[2011/02/20 18:38:30 | 006,663,328 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_KiraKiraPikaPika_[SilverSoul].zip
[2011/02/20 18:38:11 | 003,125,773 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Kotonoha_[SilverSoul].zip
[2011/02/20 18:38:07 | 007,284,296 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Rendez-vous_[SilverSoul].zip
[2011/02/20 18:38:06 | 005,648,301 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Across_the_Universe_[SilverSoul].zip
[2011/02/20 18:37:36 | 004,099,646 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Suki_[SilverSoul].zip
[2011/02/20 18:30:39 | 012,306,804 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Sora_no_Namae_[SilverSoul].zip
[2011/02/20 18:30:38 | 004,325,590 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Over_[SilverSoul].zip
[2011/02/20 18:20:13 | 003,360,428 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Crazy_For_You_[SilverSoul].zip
[2011/02/20 18:19:40 | 002,273,245 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_NightLine_[SilverSoul].zip
[2011/02/20 18:18:19 | 007,482,921 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Love_Hospitalisation_[SilverSoul].zip
[2011/02/20 18:07:04 | 005,110,514 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Otonaru_Gradations_[SilverSoul].zip
[2011/02/20 18:05:21 | 008,192,703 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Hachigatsu_no_Himitsu_[SilverSoul].zip
[2011/02/20 18:04:55 | 007,570,528 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Sennichikou_[SilverSoul].zip
[2011/02/20 18:04:42 | 001,767,958 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Justaway!!_[SilverSoul].zip
[2011/02/20 18:03:55 | 003,170,632 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Boku_ga_Kimi_wo_Korosu_made_[SilverSoul].zip
[2011/02/20 18:02:56 | 001,609,582 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_TamaHoe_[SilverSoul].zip
[2011/02/20 17:40:34 | 015,253,827 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_StrangeNight_[SilverSoul].zip
[2011/02/20 17:39:57 | 008,350,641 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_laissez_fair_no_Sokubaku_[SilverSoul].zip
[2011/02/20 17:39:34 | 004,072,542 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Satou_Kashi_no_you_da_[SilverSoul].zip
[2011/02/20 17:36:28 | 005,963,297 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Hikari_no_Delta_[SilverSoul].zip
[2011/02/20 17:36:18 | 003,630,592 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Kyoushi_no_Honbun_[SilverSoul].zip
[2011/02/20 17:34:19 | 009,477,965 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Me_to_Kuchi_kara_Kotoba_[SilverSoul].zip
[2011/02/20 17:26:32 | 014,467,469 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Into The Blue_KHR {Mirusmayhem}.zip
[2011/02/20 17:10:41 | 018,020,830 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Scanlated - Totally Captivated - Last Episode Book 1 - YOO Hajin.rar
[2011/02/20 17:07:06 | 025,868,243 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Scanlated - Totally Captivated - Last Episode Book 2 - YOO Hajin.zip.zip
[2011/02/19 02:33:09 | 016,522,524 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\[silver_lining]hamsro_offworks_scrap.rar
[2011/02/19 02:09:34 | 013,348,837 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\[silver_lining]Under_Azure.rar
[2011/02/19 02:07:51 | 009,710,335 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_Furueru_[futarikiri].zip
[2011/02/19 02:07:48 | 006,982,828 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_Beginning_[Futarikiri].zip
[2011/02/19 02:07:39 | 006,212,964 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gundama00_-_Anniversary_[Futarikiri].zip
[2011/02/19 02:07:23 | 005,203,394 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gundam00_-_Andante_[futarikiri].zip
[2011/02/18 09:46:23 | 016,722,547 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_Moshimo_Kono_Te_ga_Kimi_ni_Todokanai Tok_wa_Vol_01_[Futarikiri].zip
[2011/02/18 09:45:55 | 015,794,562 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_Be_My_Last_1_[Futarikiri][Silver_Lining].zip
[2011/02/18 09:45:51 | 013,041,637 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gundam00_-_Fureru_[Futarikiri].zip
[2011/02/18 09:45:49 | 012,779,860 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_You_'re_My_Sweetheart_[silver_lining][futarikiri].zip
[2011/02/18 09:45:28 | 017,052,354 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_i_do_[Futarikiri].zip
[2011/02/18 09:44:55 | 002,653,401 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gundam00_-_Sense_of_Apprehension_[Futarikiri].zip
[2011/02/18 09:44:50 | 006,495,963 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_My_DearDays_[Futarikiri].zip
[2011/02/18 09:44:48 | 007,855,836 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_La_Dolce_Vita_[Futarikiri].zip
[2011/02/18 09:44:44 | 002,328,400 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gundam00 - Near By [Setsuko] (futarikiri 2ndAnniversary).zip
[2011/02/18 09:44:31 | 002,016,778 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gundam00_-_Akazukinchan_to_Ookamisan_[Futarikiri].zip
[2011/02/18 09:44:28 | 008,482,409 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_incomplete_love_story_[futarikiri-silver_lining].zip
[2011/02/18 09:44:27 | 012,133,092 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_Lose_Control_[Futarikiri].zip
[2011/02/18 09:44:25 | 002,572,038 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_Kiss_Me_[Futarikiri].zip
[2011/02/18 09:41:09 | 022,405,244 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Nerves_(Egomix_B)NakamuraTomomi_SakiOtoh_[Futari_Kiri].zip
[2011/02/18 09:40:46 | 019,774,152 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_once_upon_a_time_[silver_lining][futarikiri].zip
[2011/02/18 09:40:32 | 015,166,003 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\One_Piece_-_-Grand Martini_[Futarikiri].zip
[2011/02/18 00:16:06 | 007,886,244 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\Turning_Point_ch03_[Biblo_Eros].zip
[2011/02/18 00:15:37 | 008,020,293 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\Turning_Point_ch02_[Biblo_Eros].zip
[2011/02/18 00:15:06 | 009,818,879 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\Turning_Point_ch01_[Biblo_Eros].zip
[2011/02/18 00:06:38 | 004,478,922 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\Chapter 17 - Even Raoul Declares his Love.zip
[2011/02/18 00:06:31 | 004,982,150 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\Chapter 16 - Dinner At The Masquerade Ball.zip
[2011/02/17 23:57:10 | 038,163,134 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\Vassalord chapter 22.rar
[2011/02/17 23:44:02 | 000,003,149 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\Attach.zip
[2011/02/17 23:42:55 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\gmer.zip
[2011/02/17 23:41:47 | 000,003,031 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\Attach.rar
[2011/02/17 08:29:48 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/02/17 00:54:44 | 000,277,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/09 23:06:54 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/08 08:41:43 | 000,007,503 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\taikomain.html
[2011/02/05 23:35:02 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\bio 310 - 02 - methods in cell biology.doc
[2011/02/05 22:05:46 | 407,311,696 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\Examkrackers MCAT Complete Study Package (Searchable).zip
[2011/02/05 00:46:29 | 018,137,987 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Purism [eng].zip
[2011/02/05 00:45:32 | 010,982,558 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\kinbaku.rar
[2011/02/05 00:44:59 | 008,368,041 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Kyuujitsu to satou [eng].zip
[2011/02/05 00:44:17 | 010,524,512 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Mob#2 for Jack.zip
[2011/02/05 00:44:03 | 005,847,163 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Mob#2.zip
[2011/02/05 00:23:58 | 010,404,751 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\[Zaria] Pet Keiyaku [ENG].zip
[2011/02/05 00:23:54 | 015,429,693 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\[Zaria] Pet Keiyaku.zip
[2011/02/04 20:55:42 | 048,298,906 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\Mada Shiranai Oretachi ©.zip
[2011/02/04 20:41:37 | 000,034,589 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\dt0138.jpg
[2011/02/04 19:32:30 | 000,015,155 | ---- | M] () -- C:\Documents and Settings\Fanny\Desktop\alivetorrents_com Cell Biology 2nd Edition with Student Consult Access chmjason cowboyh33t.torrent
[2011/02/03 00:39:05 | 015,963,160 | ---- | M] () -- C:\Documents and Settings\Fanny\My Documents\36565230-Ethnoarchaeology-in-Action.pdf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Fanny\My Documents\*.tmp files -> C:\Documents and Settings\Fanny\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/23 19:37:06 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/02/23 19:37:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/23 19:33:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/23 19:33:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/23 19:33:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/23 19:33:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/23 19:33:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/23 19:18:56 | 004,273,912 | R--- | C] () -- C:\Documents and Settings\Fanny\Desktop\ComboFix.exe
[2011/02/22 22:06:43 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\RKUnhookerLE.EXE
[2011/02/22 22:03:18 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Fanny\defogger_reenable
[2011/02/22 22:01:45 | 009,661,200 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\[silver_lining]error_trap.zip
[2011/02/22 22:00:57 | 021,217,046 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\[silver_lining]Dreams.zip
[2011/02/22 22:00:44 | 014,974,991 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\[silver_lining]the_nurse_and_my_beginning.zip
[2011/02/21 22:24:35 | 016,667,666 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\Gintama_-_AidanoKoidano_[SilverSoul].zip
[2011/02/21 22:24:28 | 035,789,706 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\Gintama_-_KienuAkujiwoHyakumanben_Conclusion_[SilverSoul].zip
[2011/02/21 22:24:18 | 029,952,722 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\Gintama_-_Kienu_Akuji_wo_Hyakumanben_-_Part_01_[SilverSoul].zip
[2011/02/21 22:22:37 | 015,882,062 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\Gintama_-_Akuji_Extra_[SilverSoul].zip
[2011/02/21 21:50:00 | 062,539,590 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\David Arkenstone - Caravan Of Light.zip
[2011/02/21 21:47:47 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\dds.scr
[2011/02/21 21:40:03 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\Defogger.exe
[2011/02/21 10:32:35 | 031,209,427 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\bio311 partb.pdf
[2011/02/21 04:23:47 | 109,015,222 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\David Arkenstone - Caribbean Dreams.zip
[2011/02/21 04:15:38 | 006,030,366 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\12 - Lindsay Lohan - Rumors.mp3
[2011/02/21 04:00:00 | 090,808,758 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\David Arkenstone - Chronicles.zip
[2011/02/21 03:59:25 | 003,286,788 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\17 Tabloid Magazine.mp3
[2011/02/21 03:29:18 | 008,973,293 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\bleep_You.mp3
[2011/02/21 03:20:26 | 133,273,124 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\David Arkenstone - Citizen Of The World.zip
[2011/02/21 03:03:46 | 057,051,612 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\David Arkenstone - Citizen Of Time.zip
[2011/02/21 02:29:44 | 056,167,829 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\David ArkenstoneDavid Lanz - Convergence.zip
[2011/02/21 02:18:36 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\absorption of ssp.xls
[2011/02/21 02:13:09 | 053,967,108 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\David Arkenstone - Island.zip
[2011/02/21 01:34:47 | 046,755,278 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\David Arkenstone - Spirit Of Tibet.zip
[2011/02/21 01:22:09 | 061,095,737 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\David Arkenstone - Spirit Wind.zip
[2011/02/21 00:54:22 | 081,591,908 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Britney Spears - B In The Mix (The Remixes).zip
[2011/02/21 00:50:31 | 000,096,768 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\BIO311 - Lab A - Molecular Biology Lab Basics - Shao Fanny Section 1 Group 2 02.doc
[2011/02/20 23:56:27 | 009,330,963 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\01 Hold It Against Me.mp3
[2011/02/20 21:13:46 | 000,013,614 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\BIO 311 Lab A results1.doc
[2011/02/20 18:38:48 | 016,375,790 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Guilty_Game_[SilverSoul].zip
[2011/02/20 18:38:03 | 006,663,328 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_KiraKiraPikaPika_[SilverSoul].zip
[2011/02/20 18:37:52 | 003,125,773 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Kotonoha_[SilverSoul].zip
[2011/02/20 18:37:39 | 005,648,301 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Across_the_Universe_[SilverSoul].zip
[2011/02/20 18:37:28 | 007,284,296 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Rendez-vous_[SilverSoul].zip
[2011/02/20 18:37:16 | 004,099,646 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Suki_[SilverSoul].zip
[2011/02/20 18:30:17 | 004,325,590 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Over_[SilverSoul].zip
[2011/02/20 18:29:54 | 012,306,804 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Sora_no_Namae_[SilverSoul].zip
[2011/02/20 18:19:58 | 003,360,428 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Crazy_For_You_[SilverSoul].zip
[2011/02/20 18:19:34 | 002,273,245 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_NightLine_[SilverSoul].zip
[2011/02/20 18:17:50 | 007,482,921 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Love_Hospitalisation_[SilverSoul].zip
[2011/02/20 18:06:46 | 005,110,514 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Otonaru_Gradations_[SilverSoul].zip
[2011/02/20 18:04:52 | 008,192,703 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Hachigatsu_no_Himitsu_[SilverSoul].zip
[2011/02/20 18:04:32 | 001,767,958 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Justaway!!_[SilverSoul].zip
[2011/02/20 18:04:14 | 007,570,528 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Sennichikou_[SilverSoul].zip
[2011/02/20 18:03:41 | 003,170,632 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Boku_ga_Kimi_wo_Korosu_made_[SilverSoul].zip
[2011/02/20 18:02:50 | 001,609,582 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_TamaHoe_[SilverSoul].zip
[2011/02/20 17:39:23 | 015,253,827 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_StrangeNight_[SilverSoul].zip
[2011/02/20 17:39:16 | 008,350,641 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_laissez_fair_no_Sokubaku_[SilverSoul].zip
[2011/02/20 17:39:11 | 004,072,542 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Satou_Kashi_no_you_da_[SilverSoul].zip
[2011/02/20 17:35:55 | 003,630,592 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Kyoushi_no_Honbun_[SilverSoul].zip
[2011/02/20 17:35:50 | 005,963,297 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Hikari_no_Delta_[SilverSoul].zip
[2011/02/20 17:33:22 | 009,477,965 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gintama_-_Me_to_Kuchi_kara_Kotoba_[SilverSoul].zip
[2011/02/20 17:25:42 | 014,467,469 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Into The Blue_KHR {Mirusmayhem}.zip
[2011/02/20 17:10:36 | 018,020,830 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Scanlated - Totally Captivated - Last Episode Book 1 - YOO Hajin.rar
[2011/02/20 17:05:31 | 025,868,243 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Scanlated - Totally Captivated - Last Episode Book 2 - YOO Hajin.zip.zip
[2011/02/19 23:52:35 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\BIO311 - Lab A - Molecular Biology Lab Basics - Shao Fanny Section 1 Group 2.doc
[2011/02/19 02:32:12 | 016,522,524 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\[silver_lining]hamsro_offworks_scrap.rar
[2011/02/19 02:08:47 | 013,348,837 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\[silver_lining]Under_Azure.rar
[2011/02/19 02:07:14 | 006,982,828 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_Beginning_[Futarikiri].zip
[2011/02/19 02:07:08 | 009,710,335 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_Furueru_[futarikiri].zip
[2011/02/19 02:07:03 | 006,212,964 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gundama00_-_Anniversary_[Futarikiri].zip
[2011/02/19 02:06:58 | 005,203,394 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gundam00_-_Andante_[futarikiri].zip
[2011/02/18 09:44:07 | 013,041,637 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gundam00_-_Fureru_[Futarikiri].zip
[2011/02/18 09:43:59 | 002,653,401 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gundam00_-_Sense_of_Apprehension_[Futarikiri].zip
[2011/02/18 09:43:52 | 002,016,778 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gundam00_-_Akazukinchan_to_Ookamisan_[Futarikiri].zip
[2011/02/18 09:43:48 | 002,572,038 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_Kiss_Me_[Futarikiri].zip
[2011/02/18 09:43:44 | 002,328,400 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gundam00 - Near By [Setsuko] (futarikiri 2ndAnniversary).zip
[2011/02/18 09:43:39 | 007,855,836 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_La_Dolce_Vita_[Futarikiri].zip
[2011/02/18 09:43:34 | 006,495,963 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_My_DearDays_[Futarikiri].zip
[2011/02/18 09:43:29 | 016,722,547 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_Moshimo_Kono_Te_ga_Kimi_ni_Todokanai Tok_wa_Vol_01_[Futarikiri].zip
[2011/02/18 09:43:25 | 017,052,354 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_i_do_[Futarikiri].zip
[2011/02/18 09:43:21 | 008,482,409 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_incomplete_love_story_[futarikiri-silver_lining].zip
[2011/02/18 09:43:15 | 015,794,562 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_Be_My_Last_1_[Futarikiri][Silver_Lining].zip
[2011/02/18 09:43:11 | 012,779,860 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_You_'re_My_Sweetheart_[silver_lining][futarikiri].zip
[2011/02/18 09:43:05 | 012,133,092 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_Lose_Control_[Futarikiri].zip
[2011/02/18 09:39:22 | 015,166,003 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\One_Piece_-_-Grand Martini_[Futarikiri].zip
[2011/02/18 09:39:17 | 022,405,244 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Nerves_(Egomix_B)NakamuraTomomi_SakiOtoh_[Futari_Kiri].zip
[2011/02/18 09:39:09 | 019,774,152 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Gundam_00_-_once_upon_a_time_[silver_lining][futarikiri].zip
[2011/02/18 00:15:48 | 007,886,244 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\Turning_Point_ch03_[Biblo_Eros].zip
[2011/02/18 00:15:18 | 008,020,293 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\Turning_Point_ch02_[Biblo_Eros].zip
[2011/02/18 00:14:46 | 009,818,879 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\Turning_Point_ch01_[Biblo_Eros].zip
[2011/02/18 00:06:06 | 004,478,922 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\Chapter 17 - Even Raoul Declares his Love.zip
[2011/02/18 00:05:59 | 004,982,150 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\Chapter 16 - Dinner At The Masquerade Ball.zip
[2011/02/17 23:52:26 | 038,163,134 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\Vassalord chapter 22.rar
[2011/02/17 23:44:02 | 000,003,149 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\Attach.zip
[2011/02/17 23:42:56 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\gmer.zip
[2011/02/17 23:41:47 | 000,003,031 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\Attach.rar
[2011/02/08 08:38:23 | 000,007,503 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\taikomain.html
[2011/02/08 08:37:47 | 000,001,867 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\index.html
[2011/02/05 23:35:00 | 000,063,488 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\bio 310 - 02 - methods in cell biology.doc
[2011/02/05 21:57:28 | 407,311,696 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\Examkrackers MCAT Complete Study Package (Searchable).zip
[2011/02/05 00:44:47 | 010,982,558 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\kinbaku.rar
[2011/02/05 00:44:27 | 008,368,041 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Kyuujitsu to satou [eng].zip
[2011/02/05 00:44:05 | 018,137,987 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Purism [eng].zip
[2011/02/05 00:43:39 | 005,847,163 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Mob#2.zip
[2011/02/05 00:43:32 | 010,524,512 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Mob#2 for Jack.zip
[2011/02/05 00:23:12 | 010,404,751 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\[Zaria] Pet Keiyaku [ENG].zip
[2011/02/05 00:22:45 | 015,429,693 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\[Zaria] Pet Keiyaku.zip
[2011/02/04 20:53:09 | 048,298,906 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\Mada Shiranai Oretachi ©.zip
[2011/02/04 20:41:25 | 000,034,589 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\dt0138.jpg
[2011/02/04 19:32:38 | 000,015,155 | ---- | C] () -- C:\Documents and Settings\Fanny\Desktop\alivetorrents_com Cell Biology 2nd Edition with Student Consult Access chmjason cowboyh33t.torrent
[2011/02/03 00:38:22 | 015,963,160 | ---- | C] () -- C:\Documents and Settings\Fanny\My Documents\36565230-Ethnoarchaeology-in-Action.pdf
[2011/01/14 08:45:15 | 000,000,037 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/01/13 20:48:37 | 000,122,880 | RHS- | C] () -- C:\WINDOWS\System32\lnkstubw.dll
[2011/01/13 20:42:26 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/12/16 01:54:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2010/11/01 16:58:33 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Fanny\Local Settings\Application Data\fusioncache.dat
[2010/10/31 22:26:59 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Fanny\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/16 20:39:19 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Fanny\Application Data\setup_ldm.iss
[2010/09/16 20:33:39 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/09/15 16:04:27 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2010/09/15 16:04:27 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2010/09/15 16:04:27 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2010/09/15 16:04:27 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2010/09/15 09:22:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/15 09:18:07 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/10/07 00:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 00:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2005/08/05 13:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

< End of report >

Attached Files


Edited by panegyris, 25 February 2011 - 11:13 AM.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:09 PM

Posted 26 February 2011 - 03:31 AM

Gmer

Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Posted Image
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 panegyris

panegyris
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
    •  
  • Local time:12:09 PM

Posted 27 February 2011 - 06:37 PM

GMER log

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-27 10:22:33
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2160BT_PL rev.00000050
Running: umsftp70.exe; Driver: C:\DOCUME~1\Fanny\LOCALS~1\Temp\afeyrpob.sys


---- System - GMER 1.0.15 ----

SSDT 844D1B08 ZwAlertResumeThread
SSDT 844D1BC8 ZwAlertThread
SSDT 8429E598 ZwAllocateVirtualMemory
SSDT 86223F00 ZwConnectPort
SSDT 842AC7A8 ZwCreateMutant
SSDT 844D9450 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA155350]
SSDT 844DDCE0 ZwFreeVirtualMemory
SSDT 842AC868 ZwImpersonateAnonymousToken
SSDT 844D1A48 ZwImpersonateThread
SSDT 8429E368 ZwMapViewOfSection
SSDT 842AC6E8 ZwOpenEvent
SSDT 844CE4B8 ZwOpenProcessToken
SSDT 84514218 ZwOpenThreadToken
SSDT 84533F38 ZwQueryValueKey
SSDT 862D4F88 ZwResumeThread
SSDT 8451B900 ZwSetContextThread
SSDT 84535138 ZwSetInformationProcess
SSDT 8452BF48 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA155580]
SSDT 84533E78 ZwSuspendProcess
SSDT 84510BC0 ZwSuspendThread
SSDT 863A3B70 ZwTerminateProcess
SSDT 8429ED88 ZwTerminateThread
SSDT 845570F8 ZwUnmapViewOfSection
SSDT 844E48D0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 23E 804E4A98 4 Bytes CALL 65D27563
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\hkcmd.exe[264] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01340001
.text C:\WINDOWS\system32\hkcmd.exe[264] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\hkcmd.exe[264] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\hkcmd.exe[264] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\hkcmd.exe[264] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\hkcmd.exe[264] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\hkcmd.exe[264] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\hkcmd.exe[264] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[264] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\hkcmd.exe[264] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\hkcmd.exe[264] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\igfxpers.exe[288] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01280001
.text C:\WINDOWS\system32\igfxpers.exe[288] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\igfxpers.exe[288] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\igfxpers.exe[288] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\igfxpers.exe[288] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\igfxpers.exe[288] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\igfxpers.exe[288] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\igfxpers.exe[288] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[288] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\igfxpers.exe[288] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxpers.exe[288] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\ehome\ehtray.exe[400] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01610001
.text C:\WINDOWS\ehome\ehtray.exe[400] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\ehome\ehtray.exe[400] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\ehome\ehtray.exe[400] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\ehome\ehtray.exe[400] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\ehome\ehtray.exe[400] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\ehome\ehtray.exe[400] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\ehome\ehtray.exe[400] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[400] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\WINDOWS\ehome\ehtray.exe[400] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[400] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[428] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EA0001
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[428] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[428] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[428] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[428] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[428] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[428] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[428] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[428] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[428] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[428] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\ltmoh\Ltmoh.exe[492] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F40001
.text C:\Program Files\ltmoh\Ltmoh.exe[492] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\ltmoh\Ltmoh.exe[492] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\ltmoh\Ltmoh.exe[492] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\ltmoh\Ltmoh.exe[492] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\ltmoh\Ltmoh.exe[492] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\ltmoh\Ltmoh.exe[492] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\ltmoh\Ltmoh.exe[492] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ltmoh\Ltmoh.exe[492] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\ltmoh\Ltmoh.exe[492] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ltmoh\Ltmoh.exe[492] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\AGRSMMSG.exe[500] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00ED0001
.text C:\WINDOWS\AGRSMMSG.exe[500] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\AGRSMMSG.exe[500] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\AGRSMMSG.exe[500] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\AGRSMMSG.exe[500] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\AGRSMMSG.exe[500] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\AGRSMMSG.exe[500] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\AGRSMMSG.exe[500] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[500] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\WINDOWS\AGRSMMSG.exe[500] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\AGRSMMSG.exe[500] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[528] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FB0001
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[528] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[528] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[528] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[528] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[528] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[528] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[528] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[528] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[528] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[528] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\igfxsrvc.exe[556] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01660001
.text C:\WINDOWS\system32\igfxsrvc.exe[556] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[556] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[556] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[556] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[556] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[556] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\igfxsrvc.exe[556] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[556] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\igfxsrvc.exe[556] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxsrvc.exe[556] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[1080] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\iTunes\iTunesHelper.exe[1372] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 0AA70001
.text C:\Program Files\iTunes\iTunesHelper.exe[1372] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1372] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1372] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1372] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1372] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1372] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1372] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[1372] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[1372] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[1372] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1476] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01D60001
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1476] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1476] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1476] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1476] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1476] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1476] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1476] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1476] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1476] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1476] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1536] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01390001
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1536] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1536] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1536] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1536] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1536] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1536] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1536] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1536] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1536] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1536] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[1536] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\RTHDCPL.EXE[1648] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 047E0001
.text C:\WINDOWS\RTHDCPL.EXE[1648] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\RTHDCPL.EXE[1648] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\RTHDCPL.EXE[1648] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\RTHDCPL.EXE[1648] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\RTHDCPL.EXE[1648] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\RTHDCPL.EXE[1648] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\RTHDCPL.EXE[1648] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[1648] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\WINDOWS\RTHDCPL.EXE[1648] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[1648] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[1708] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01F30001
.text C:\WINDOWS\Explorer.EXE[1708] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[1708] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[1708] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\Explorer.EXE[1708] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Explorer.EXE[1708] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\Explorer.EXE[1708] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[1708] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1708] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\WINDOWS\Explorer.EXE[1708] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1708] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\msiexec.exe[1716] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1840] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 031B0001
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1840] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1840] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1840] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1840] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1840] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1840] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1840] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1840] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1840] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1840] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\dllhost.exe[1864] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\igfxtray.exe[1932] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01680001
.text C:\WINDOWS\system32\igfxtray.exe[1932] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\igfxtray.exe[1932] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\igfxtray.exe[1932] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\igfxtray.exe[1932] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\igfxtray.exe[1932] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\igfxtray.exe[1932] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\igfxtray.exe[1932] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxtray.exe[1932] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\igfxtray.exe[1932] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\igfxtray.exe[1932] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 050B0001
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[2244] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[2272] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D30001
.text C:\WINDOWS\system32\ctfmon.exe[2272] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2272] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[2272] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\ctfmon.exe[2272] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\ctfmon.exe[2272] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\ctfmon.exe[2272] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2272] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2272] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2272] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2272] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2496] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01A30001
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2496] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2496] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2496] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2496] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2496] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2496] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2496] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2496] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2496] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2496] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Skype\Phone\Skype.exe[2560] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02900001
.text C:\Program Files\Skype\Phone\Skype.exe[2560] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2560] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Skype\Phone\Skype.exe[2560] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2560] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2560] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2560] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2560] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Skype\Phone\Skype.exe[2560] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[2560] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Program Files\Skype\Phone\Skype.exe[2560] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[2560] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Documents and Settings\Fanny\Desktop\umsftp70.exe[3004] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003E0001
.text C:\Documents and Settings\Fanny\Desktop\umsftp70.exe[3004] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Fanny\Desktop\umsftp70.exe[3004] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Documents and Settings\Fanny\Desktop\umsftp70.exe[3004] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\Fanny\Desktop\umsftp70.exe[3004] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\Fanny\Desktop\umsftp70.exe[3004] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\Documents and Settings\Fanny\Desktop\umsftp70.exe[3004] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\Documents and Settings\Fanny\Desktop\umsftp70.exe[3004] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\Documents and Settings\Fanny\Desktop\umsftp70.exe[3004] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Fanny\Desktop\umsftp70.exe[3004] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\Documents and Settings\Fanny\Desktop\umsftp70.exe[3004] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Fanny\Desktop\umsftp70.exe[3004] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\eHome\ehmsas.exe[3324] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003E0001
.text C:\WINDOWS\eHome\ehmsas.exe[3324] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3324] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\eHome\ehmsas.exe[3324] kernel32.dll!ExitProcess 7C81CB12 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3324] GDI32.dll!EndPage 77F2DC61 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3324] GDI32.dll!EndDoc 77F2DEF1 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3324] GDI32.dll!StartPage 77F2F49E 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3324] GDI32.dll!AbortDoc 77F44CD2 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\eHome\ehmsas.exe[3324] GDI32.dll!StartDocW 77F45962 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehmsas.exe[3324] GDI32.dll!StartDocW + 4 77F45966 2 Bytes [11, 5F]
.text C:\WINDOWS\eHome\ehmsas.exe[3324] GDI32.dll!StartDocA 77F45E79 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\eHome\ehmsas.exe[3324] GDI32.dll!StartDocA + 4 77F45E7D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\alg.exe[3328] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\ehome\mcrdsvc.exe[3588] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
Back to Virus, Trojan, Spyware, and Malware Removal Logs


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Logs
  4. Privacy Policy
  5. Rules ·