Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

JGH.EXE assistance


  • Please log in to reply
14 replies to this topic

#1 JasonJana

JasonJana

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 15 July 2011 - 10:14 AM

Hello, i'm jason i need help i read in topics that jgh.exe is a malicious virus but my TRENDmicro Titanium wont find it i don't know what else to do so i was wondering if anyone knows what i can do thats free and downloadable.. It lags my computer to all heck..


Now a Jgl.exe is comming up too...

Edited by JasonJana, 15 July 2011 - 10:31 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:14 AM

Posted 15 July 2011 - 11:54 AM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#3 JasonJana

JasonJana
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 15 July 2011 - 06:25 PM

Security Check:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Trend Micro Titanium Maximum Security
Trend Micro™ Titanium™ Maximum Security
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.3.181.34
Adobe Reader X (10.0.1)
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
Trend Micro Titanium plugin TMAS\TMAS_OE\TMAS_OEMon.exe
``````````End of Log````````````

#4 JasonJana

JasonJana
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 15 July 2011 - 06:29 PM

Mini Tool Box:

MiniToolBox by Farbar
Ran by JasonJanatsch (administrator) on 15-07-2011 at 19:27:23
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "localhost"
"network.proxy.type", 0
========================= Hosts content: =================================

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 3"

set address name="Local Area Connection 3" source=dhcp
set dns name="Local Area Connection 3" source=dhcp register=PRIMARY
set wins name="Local Area Connection 3" source=dhcp

# Interface IP Configuration for "Wireless Network Connection 10"

set address name="Wireless Network Connection 10" source=dhcp
set dns name="Wireless Network Connection 10" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 10" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : a820n

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection 3:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Physical Address. . . . . . . . . : 00-11-D8-40-A8-13



Ethernet adapter Wireless Network Connection 10:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Wireless N USB Adapter #2

Physical Address. . . . . . . . . : 00-14-D1-50-04-D1

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 10.0.1.84

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.0.1.1

DHCP Server . . . . . . . . . . . : 10.0.1.1

DNS Servers . . . . . . . . . . . : 10.0.1.1

Lease Obtained. . . . . . . . . . : Friday, July 15, 2011 12:15:47 PM

Lease Expires . . . . . . . . . . : Saturday, July 16, 2011 12:15:47 PM

Server: UnKnown
Address: 10.0.1.1

Name: google.com
Addresses: 74.125.229.82, 74.125.229.83, 74.125.229.80, 74.125.229.81
74.125.229.84



Pinging google.com [74.125.229.82] with 32 bytes of data:



Reply from 74.125.229.82: bytes=32 time=372ms TTL=50

Reply from 74.125.229.82: bytes=32 time=294ms TTL=50



Ping statistics for 74.125.229.82:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 294ms, Maximum = 372ms, Average = 333ms

Server: UnKnown
Address: 10.0.1.1

Name: yahoo.com
Addresses: 98.137.149.56, 209.191.122.70, 67.195.160.76, 69.147.125.65
72.30.2.43



Pinging yahoo.com [98.137.149.56] with 32 bytes of data:



Reply from 98.137.149.56: bytes=32 time=408ms TTL=40

Reply from 98.137.149.56: bytes=32 time=2591ms TTL=40



Ping statistics for 98.137.149.56:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 408ms, Maximum = 2591ms, Average = 1499ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 d8 40 a8 13 ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
0x20004 ...00 14 d1 50 04 d1 ...... Wireless N USB Adapter #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.1.1 10.0.1.84 40
10.0.1.0 255.255.255.0 10.0.1.84 10.0.1.84 40
10.0.1.84 255.255.255.255 127.0.0.1 127.0.0.1 40
10.255.255.255 255.255.255.255 10.0.1.84 10.0.1.84 40
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 10.0.1.84 10.0.1.84 40
255.255.255.255 255.255.255.255 10.0.1.84 10.0.1.84 1
255.255.255.255 255.255.255.255 10.0.1.84 2 1
Default Gateway: 10.0.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/15/2011 05:56:07 AM) (Source: Application Error) (User: )
Description: Faulting application speccy.exe, version 1.11.0.256, faulting module speccy.exe, version 1.11.0.256, fault address 0x0013876a.
Processing media-specific event for [speccy.exe!ws!]

Error: (07/13/2011 10:36:53 PM) (Source: MsiInstaller) (User: JasonJanatsch)JasonJanatsch
Description: Product: Platform -- 1: This installation can not be run by directly launching the MSI package; you must run setup.exe.

Error: (07/11/2011 08:31:20 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (07/10/2011 04:17:26 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (07/09/2011 06:12:01 AM) (Source: Application Error) (User: )
Description: Faulting application battlecry iii.exe, version 1.0.3.0, faulting module battlecry iii.exe, version 1.0.3.0, fault address 0x0004f4af.
Processing media-specific event for [battlecry iii.exe!ws!]

Error: (07/09/2011 06:06:41 AM) (Source: Application Error) (User: )
Description: Faulting application battlecry iii.exe, version 1.0.3.0, faulting module battlecry iii.exe, version 1.0.3.0, fault address 0x0004f4af.
Processing media-specific event for [battlecry iii.exe!ws!]

Error: (07/08/2011 05:16:54 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (07/08/2011 04:56:35 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog

Error: (07/08/2011 00:25:18 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\JASONJANATSCH\START MENU\PROGRAMS\STARTUP> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (07/08/2011 00:25:18 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\DOCUMENTS AND SETTINGS\JASONJANATSCH\START MENU\PROGRAMS\STARTUP> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (07/15/2011 00:16:28 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Error: (07/15/2011 00:15:39 PM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 0014D15004D1. The following error
occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Error: (07/15/2011 00:14:08 PM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service service failed to start due to the following error:
%%2

Error: (07/15/2011 00:14:08 PM) (Source: Service Control Manager) (User: )
Description: The IMF Service service failed to start due to the following error:
%%2

Error: (07/15/2011 00:12:11 PM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service service failed to start due to the following error:
%%2

Error: (07/15/2011 00:12:11 PM) (Source: Service Control Manager) (User: )
Description: The IMF Service service failed to start due to the following error:
%%2

Error: (07/15/2011 09:42:15 AM) (Source: Service Control Manager) (User: )
Description: The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).

Error: (07/15/2011 07:46:41 AM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Error: (07/15/2011 07:34:41 AM) (Source: Service Control Manager) (User: )
Description: The Advanced SystemCare Service service failed to start due to the following error:
%%2

Error: (07/15/2011 07:34:41 AM) (Source: Service Control Manager) (User: )
Description: The IMF Service service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (07/15/2011 05:56:07 AM) (Source: Application Error)(User: )
Description: speccy.exe1.11.0.256speccy.exe1.11.0.2560013876a

Error: (07/13/2011 10:36:53 PM) (Source: MsiInstaller)(User: JasonJanatsch)JasonJanatsch
Description: Product: Platform -- 1: This installation can not be run by directly launching the MSI package; you must run setup.exe. (NULL)(NULL)(NULL)

Error: (07/11/2011 08:31:20 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Error: (07/10/2011 04:17:26 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Error: (07/09/2011 06:12:01 AM) (Source: Application Error)(User: )
Description: battlecry iii.exe1.0.3.0battlecry iii.exe1.0.3.00004f4af

Error: (07/09/2011 06:06:41 AM) (Source: Application Error)(User: )
Description: battlecry iii.exe1.0.3.0battlecry iii.exe1.0.3.00004f4af

Error: (07/08/2011 05:16:54 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Error: (07/08/2011 04:56:35 PM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Error: (07/08/2011 00:25:18 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\JASONJANATSCH\START MENU\PROGRAMS\STARTUP

Error: (07/08/2011 00:25:18 AM) (Source: Windows Search Service)(User: )
Description: Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)
C:\DOCUMENTS AND SETTINGS\JASONJANATSCH\START MENU\PROGRAMS\STARTUP


========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 2551.29 MB
Available physical RAM: 1720.76 MB
Total Pagefile: 4440.12 MB
Available Pagefile: 3670.95 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.82 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:232.88 GB) (Free:214.78 GB) NTFS

========================= Users: ========================================

User accounts for \\A820N

Administrator ASPNET Chris King
Guest HelpAssistant JasonJanatsch
Ross Hickok SUPPORT_388945a0


== End of log ==

#5 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:14 AM

Posted 15 July 2011 - 08:56 PM

Go on...

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#6 JasonJana

JasonJana
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 17 July 2011 - 06:56 AM

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7153

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/15/2011 8:09:18 PM
mbam-log-2011-07-15 (20-09-18).txt

Scan type: Quick scan
Objects scanned: 185021
Time elapsed: 22 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8DDYX0ZBPZ (Trojan.FraudPack.Gen) -> Value: 8DDYX0ZBPZ -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.tangosearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Documents and Settings\JasonJanatsch\Local Settings\Temp\Jgl.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\jasonjanatsch\local settings\Temp\Jgj.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Jwigeb.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Jwigec.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.

#7 JasonJana

JasonJana
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 17 July 2011 - 09:13 AM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-17 09:54:11
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-e ST3250310AS rev.3.AAC
Running: 13s4neb4.exe; Driver: C:\DOCUME~1\JASONJ~1\LOCALS~1\Temp\axtdrpog.sys


---- System - GMER 1.0.15 ----

SSDT 8A0B27C0 ZwCreateKey
SSDT 8A083540 ZwCreateMutant
SSDT 8A0B15C0 ZwCreateProcess
SSDT 8A0B18C0 ZwCreateProcessEx
SSDT 8A083900 ZwCreateSymbolicLinkObject
SSDT 8A0B3FC0 ZwCreateThread
SSDT 8A0B2DC0 ZwDeleteKey
SSDT 8A0B36C0 ZwDeleteValueKey
SSDT 8A083AE0 ZwDuplicateObject
SSDT sptd.sys ZwEnumerateKey [0xB9F090EE]
SSDT sptd.sys ZwEnumerateValueKey [0xB9F0947C]
SSDT 8A083240 ZwLoadDriver
SSDT sptd.sys ZwOpenKey [0xB9ED49C0]
SSDT 8A0B1BC0 ZwOpenProcess
SSDT 8A0B3CA0 ZwOpenSection
SSDT 8A0B1EC0 ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xB9F09554]
SSDT sptd.sys ZwQueryValueKey [0xB9F093D4]
SSDT 8A0B30C0 ZwRenameKey
SSDT 8A0B33C0 ZwRestoreKey
SSDT 8A083720 ZwSetSystemInformation
SSDT 8A0B2AC0 ZwSetValueKey
SSDT 8A0B21C0 ZwTerminateProcess
SSDT 8A0B24C0 ZwTerminateThread
SSDT 8A0B3E80 ZwWriteVirtualMemory

INT 0x62 ? 8A8F9CB8
INT 0x63 ? 8A8F9CB8
INT 0x63 ? 8A8F9CB8
INT 0x63 ? 8A79DCB8
INT 0x63 ? 8A8F9CB8
INT 0x82 ? 8A8F9CB8
INT 0xA4 ? 8A79DCB8
INT 0xB4 ? 8A79DCB8

---- Kernel code sections - GMER 1.0.15 ----

PAGE sptd.sys B9EF8000 1 Byte [74]
PAGE sptd.sys B9EF8004 5 Bytes [40, 83, EF, B9, A3]
PAGE sptd.sys B9EF800C 5 Bytes [50, 84, EF, B9, 98]
PAGE sptd.sys B9EF8014 5 Bytes [B8, 83, EF, B9, 59] {MOV EAX, 0x59b9ef83}
PAGE sptd.sys B9EF801C 5 Bytes [78, 82, EF, B9, 61]
PAGE ...
.sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB9F720AD]
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B931C8AC 5 Bytes JMP 8A79D1C8
? System32\Drivers\afaj6fsz.SYS The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1808] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B9E9A22E] sptd.sys
IAT \WINDOWS\System32\Drivers\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B9E9971C] sptd.sys
IAT \WINDOWS\System32\Drivers\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B9E99F0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9E9971C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9E99910] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9E99852] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9E9A0EC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9E99F0E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EADCE8] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A8F81E8

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 8A6E11E8
Device \Driver\usbuhci \Device\USBPDO-1 8A6E11E8
Device \Driver\usbuhci \Device\USBPDO-2 8A6E11E8
Device \Driver\usbuhci \Device\USBPDO-3 8A6E11E8
Device \Driver\usbehci \Device\USBPDO-4 8A6CA1E8

AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \Driver\Cdrom \Device\CdRom0 8A7761E8
Device \Driver\atapi \Device\Ide\IdePort0 [B9DECB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9DECB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9DECB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-e [B9DECB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9DECB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9DECB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A263430
Device \Driver\NetBT \Device\NetbiosSmb 8A263430
Device \Driver\PCI_PNP5610 \Device\0000004e sptd.sys
Device \Driver\PCI_PNP5610 \Device\0000004e sptd.sys

AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{34814CDE-C3F1-45D1-B6CD-62B41D46A239} 8A263430
Device \Driver\usbuhci \Device\USBFDO-0 8A6E11E8
Device \Driver\usbuhci \Device\USBFDO-1 8A6E11E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A2281E8
Device \Driver\usbuhci \Device\USBFDO-2 8A6E11E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A2281E8
Device \Driver\usbuhci \Device\USBFDO-3 8A6E11E8
Device \Driver\usbehci \Device\USBFDO-4 8A6CA1E8
Device \Driver\afaj6fsz \Device\Scsi\afaj6fsz1 8A7691E8
Device \FileSystem\Cdfs \Cdfs 8A1C3430

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x1D 0x31 0xA7 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA1 0x2D 0x54 0x4F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC6 0xCE 0x13 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x9A 0xAF 0x1E 0xDB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x54 0x07 0x8E 0x51 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7C 0x02 0x2F 0x81 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA1 0x2D 0x54 0x4F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC6 0xCE 0x13 0xA2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x9A 0xAF 0x1E 0xDB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x54 0x07 0x8E 0x51 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\$NtUninstallKB52840$\1480326244 0 bytes
File C:\WINDOWS\$NtUninstallKB52840$\2995421981 0 bytes
File C:\WINDOWS\$NtUninstallKB52840$\2995421981\click.tlb 2144 bytes
File C:\WINDOWS\$NtUninstallKB52840$\2995421981\L 0 bytes
File C:\WINDOWS\$NtUninstallKB52840$\2995421981\L\imvmuess 138496 bytes
File C:\WINDOWS\$NtUninstallKB52840$\2995421981\loader.tlb 2540 bytes
File C:\WINDOWS\$NtUninstallKB52840$\2995421981\U 0 bytes
File C:\WINDOWS\$NtUninstallKB52840$\2995421981\U\@00000001 54368 bytes
File C:\WINDOWS\$NtUninstallKB52840$\2995421981\U\@000000c0 2560 bytes
File C:\WINDOWS\$NtUninstallKB52840$\2995421981\U\@000000cb 2048 bytes
File C:\WINDOWS\$NtUninstallKB52840$\2995421981\U\@000000cf 1536 bytes
File C:\WINDOWS\$NtUninstallKB52840$\2995421981\U\@80000000 24576 bytes
File C:\WINDOWS\$NtUninstallKB52840$\2995421981\U\@800000c0 33792 bytes
File C:\WINDOWS\$NtUninstallKB52840$\2995421981\U\@800000cb 27648 bytes
File C:\WINDOWS\$NtUninstallKB52840$\2995421981\U\@800000cf 27136 bytes
File C:\WINDOWS\$NtUninstallKB52840$\2995421981\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} 2048 bytes

---- EOF - GMER 1.0.15 ----

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:14 AM

Posted 17 July 2011 - 10:30 AM

Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/


  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
  • Close SUPERAntiSpyware.
Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

  • Open SUPERAntiSpyware.
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Post SUPERAntiSpyware log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#9 JasonJana

JasonJana
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 17 July 2011 - 12:05 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/17/2011 at 12:59 PM

Application Version : 4.55.1000

Core Rules Database Version : 7417
Trace Rules Database Version: 5229

Scan type : Complete Scan
Total Scan Time : 00:35:51

Memory items scanned : 228
Memory threats detected : 0
Registry items scanned : 6043
Registry threats detected : 0
File items scanned : 12802
File threats detected : 201

Adware.Tracking Cookie
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@imrworldwide[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@search.321findit[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@cdn1.trafficmp[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@search.clicksfind[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@pops.mybluefind[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@burstnet[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@pops.theredfind[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@cdn.jemamedia[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@mediabrandsww[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@servedby.adxpower[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@collective-media[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@questionmarket[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@bs.serving-sys[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@search.boltfind[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@fastclick[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@www.find-fast-answers[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@jmp.clickbooth[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@ru4[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@lucidmedia[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@advertise[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@pops.red-find[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@pops.myrainbowfind[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@atdmt[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@dc.tremormedia[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@pops.mypurplefind[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@specificclick[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@fidelity.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@counters.gigya[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@pro-market[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@search.hippofind[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@p141t1s1648558.kronos.bravenetmedia[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@network.realmedia[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@doubleclick[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@p169t1s5348396.kronos.bravenetmedia[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@r1-ads.ace.advertising[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@media6degrees[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@mediatraffic[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@findology[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@click.scour[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@www.findstuffforme[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@adxpose[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@mm.chitika[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@find.10topsearches[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@advertising[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@creditpaymentservices.122.2o7[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@search.amazeclick[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@a1.interclick[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@at.atwola[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@www.burstnet[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@apmebf[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@realmedia[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@ads.blogtalkradio[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@tacoda.at.atwola[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@atwola[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@invitemedia[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@ad.yieldmanager[3].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@yieldmanager[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@lfstmedia[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@search.toseeking[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@findlawonline[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@content.yieldmanager[3].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@interclick[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@statcounter[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@tribalfusion[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@adbrite[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@anrtx.tacoda[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@mediaplex[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@miva.cinomedia[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@media.contextweb[3].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@clickbank[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@search.clicksclick[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@search.clicksthis[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@digitalentertainment.122.2o7[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@search.seekfinds[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@clicks.search312[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@kontera[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@bidtraffic[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@surveymonkey.122.2o7[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@search.clicksthe[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@pops.rainbowfindonline[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@clicks.freesearchbuddy[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@pops.bluefindonline[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@bridge2.admarketplace[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@pointroll[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@search.orfind[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@search.clicksare[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@in.getclicky[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@ads.adk2[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@pops.purplefindonline[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@www.pixeltrack66[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@ads.pubmatic[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@trafficengine[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@bizzclick[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@ads.cpxadroit[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@goodcholesterolcount[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@liveperson[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@clickbooth[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@intermundomedia[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@www.findcontactlenses[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@ads.bridgetrack[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@track.clickpayz[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@revenue[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@pluckit.demandmedia[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@legolas-media[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@query.trafficsys[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@ads.financialcontent[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@tns-counter[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@dmtracker[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@pops.bluefinds[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@ads.undertone[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@search.clickwhale[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@ads.vidsense[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@ads.pointroll[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@clicks.thespecialsearch[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@adultswim[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@localfindlinks[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@pops.rainbowfinds[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@247realmedia[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@casalemedia[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@segment-pixel.invitemedia[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@serving-sys[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@zedo[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@pops.greenfindonline[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@ar.atwola[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@media.adfrontiers[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@2o7[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@emediatrack[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@search.clickbowl[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@xml.happytofind[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@www.clicksor[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@businessfind[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@p418t1s4361920.kronos.bravenetmedia[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@ads.lycos[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@eyewonder[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@trafficmp[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@content.yieldmanager[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@traffic.prod.cobaltgroup[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@glammedia[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@insightexpressai[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@search.clickcheer[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@media.contextweb[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@overture[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@www.mediatraffic[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@server.cpmstar[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@teennick[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@quizilla.teennick[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@p268t1s2329383.kronos.bravenetmedia[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@andomedia[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@adserver.adtechus[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@shopica[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@hornymatches[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@gotacha.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@ads.bighealthtree[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@statse.webtrendslive[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@pubads.g.doubleclick[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@www.cftrack[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@ads.shorttail[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@www.teennick[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@burstbeacon[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@totalbeauty.112.2o7[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@vidasco.rotator.hadj7.adjuggler[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@pops.thebluefind[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@tracking.sodta[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@ads.addynamix[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@adtech[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@trafficking.nabbr[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@uiadserver[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@server.iad.liveperson[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@xml.trafficengine[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@affiliate.a4dtracker[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@ads.react2media[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@pops.purplefindnow[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@www.burstbeacon[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@counter.hitslink[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@viacom.adbureau[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@counter2.hitslink[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@pops.purplefinds[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@revsci[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@admarketplace[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@adserving.versaneeds[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@pops.green-find[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@abovealladvertising[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@smartfindonline[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@pops.thepurplefind[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@media303[2].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@liveperson[3].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@p304t1s4725869.kronos.bravenetmedia[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@volvocarsofna.112.2o7[1].txt
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@clicksor[1].txt
C:\Documents and Settings\Chris King\Local Settings\Temp\Cookies\chris_king@adinterax[2].txt
C:\Documents and Settings\Chris King\Local Settings\Temp\Cookies\chris_king@doubleclick[1].txt
i.adultswim.com [ C:\Documents and Settings\JasonJanatsch\Application Data\Macromedia\Flash Player\#SharedObjects\PNLB5M2B ]
objects.tremormedia.com [ C:\Documents and Settings\JasonJanatsch\Application Data\Macromedia\Flash Player\#SharedObjects\PNLB5M2B ]
secure-us.imrworldwide.com [ C:\Documents and Settings\JasonJanatsch\Application Data\Macromedia\Flash Player\#SharedObjects\PNLB5M2B ]
www.petsex.com [ C:\Documents and Settings\JasonJanatsch\Application Data\Macromedia\Flash Player\#SharedObjects\PNLB5M2B ]
C:\Documents and Settings\JasonJanatsch\Cookies\jasonjanatsch@ad.yieldmanager[1].txt
C:\Documents and Settings\JasonJanatsch\Local Settings\Temp\Cookies\jasonjanatsch@content.yieldmanager[2].txt
C:\Documents and Settings\JasonJanatsch\Local Settings\Temp\Cookies\jasonjanatsch@content.yieldmanager[3].txt
C:\Documents and Settings\JasonJanatsch\Local Settings\Temp\Cookies\jasonjanatsch@ad.yieldmanager[2].txt
C:\Documents and Settings\JasonJanatsch\Local Settings\Temp\Cookies\jasonjanatsch@adinterax[1].txt
C:\Documents and Settings\JasonJanatsch\Local Settings\Temp\Cookies\jasonjanatsch@doubleclick[1].txt

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:14 AM

Posted 17 July 2011 - 12:14 PM

Nothing there.

How is computer doing?

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

===================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#11 JasonJana

JasonJana
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 17 July 2011 - 12:29 PM

.

Edited by JasonJana, 17 July 2011 - 12:36 PM.


#12 JasonJana

JasonJana
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 17 July 2011 - 12:34 PM

aswMBR version 0.9.7.753 Copyright© 2011 AVAST Software
Run date: 2011-07-17 13:27:42
-----------------------------
13:27:42.703 OS Version: Windows 5.1.2600 Service Pack 3
13:27:42.703 Number of processors: 2 586 0x401
13:27:42.703 ComputerName: A820N UserName:
13:27:45.937 Initialize success
13:28:22.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-e
13:28:22.046 Disk 0 Vendor: ST3250310AS 3.AAC Size: 238475MB BusType: 3
13:28:24.062 Disk 0 MBR read successfully
13:28:24.062 Disk 0 MBR scan
13:28:24.062 Disk 0 Windows XP default MBR code
13:28:26.078 Disk 0 scanning sectors +488392065
13:28:26.171 Disk 0 scanning C:\WINDOWS\system32\drivers
13:28:48.828 Service scanning
13:28:50.156 Disk 0 trace - called modules:
13:28:50.171
13:28:50.171 Scan finished successfully
13:29:07.765 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\JasonJanatsch\Application Data\IDM\MBR.dat"
13:29:07.781 The log file has been saved successfully to "C:\Documents and Settings\JasonJanatsch\Application Data\IDM\aswMBR.txt"

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:14 AM

Posted 17 July 2011 - 12:35 PM

I asked for RKUnhooker log, not another GMER log.

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 


#14 JasonJana

JasonJana
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 17 July 2011 - 02:42 PM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtCreateKey, Type: Address change 0x806240F0-->8A5377C0 [Unknown module filename]
ntkrnlpa.exe-->NtCreateMutant, Type: Address change 0x8061769E-->8A3D6540 [Unknown module filename]
ntkrnlpa.exe-->NtCreateProcess, Type: Address change 0x805D1230-->8A5365C0 [Unknown module filename]
ntkrnlpa.exe-->NtCreateProcessEx, Type: Address change 0x805D117A-->8A5368C0 [Unknown module filename]
ntkrnlpa.exe-->NtCreateSymbolicLinkObject, Type: Address change 0x805C39FA-->8A3D6900 [Unknown module filename]
ntkrnlpa.exe-->NtCreateThread, Type: Address change 0x805D1018-->8A538FC0 [Unknown module filename]
ntkrnlpa.exe-->NtDeleteKey, Type: Address change 0x8062458C-->8A537DC0 [Unknown module filename]
ntkrnlpa.exe-->NtDeleteValueKey, Type: Address change 0x8062475C-->8A5386C0 [Unknown module filename]
ntkrnlpa.exe-->NtDuplicateObject, Type: Address change 0x805BE008-->8A3D6AE0 [Unknown module filename]
ntkrnlpa.exe-->NtEnumerateKey, Type: Address change 0x8062493C-->B9F090EE [sptd.sys]
ntkrnlpa.exe-->NtEnumerateValueKey, Type: Address change 0x80624BA6-->B9F0947C [sptd.sys]
ntkrnlpa.exe-->NtLoadDriver, Type: Address change 0x80584160-->8A3D6240 [Unknown module filename]
ntkrnlpa.exe-->NtOpenKey, Type: Address change 0x806254CE-->B9ED49C0 [sptd.sys]
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x805CB440-->8A536BC0 [Unknown module filename]
ntkrnlpa.exe-->NtOpenSection, Type: Address change 0x805AA3EC-->8A538CA0 [Unknown module filename]
ntkrnlpa.exe-->NtOpenThread, Type: Address change 0x805CB6CC-->8A536EC0 [Unknown module filename]
ntkrnlpa.exe-->NtQueryKey, Type: Address change 0x80625810-->B9F09554 [sptd.sys]
ntkrnlpa.exe-->NtQueryValueKey, Type: Address change 0x80622314-->B9F093D4 [sptd.sys]
ntkrnlpa.exe-->NtRenameKey, Type: Address change 0x80623B12-->8A5380C0 [Unknown module filename]
ntkrnlpa.exe-->NtRestoreKey, Type: Address change 0x80625AD0-->8A5383C0 [Unknown module filename]
ntkrnlpa.exe-->NtSetSystemInformation, Type: Address change 0x8060FD06-->8A3D6720 [Unknown module filename]
ntkrnlpa.exe-->NtSetValueKey, Type: Address change 0x80622662-->8A537AC0 [Unknown module filename]
ntkrnlpa.exe-->NtTerminateProcess, Type: Address change 0x805D29E2-->A8655640 [C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS]
ntkrnlpa.exe-->NtTerminateThread, Type: Address change 0x805D2BDC-->8A5374C0 [Unknown module filename]
ntkrnlpa.exe-->NtWriteVirtualMemory, Type: Address change 0x805B43CC-->8A538E80 [Unknown module filename]
==============================================
>Shadow
==============================================
win32k.sys-->NtUserSetWindowsHookAW, Type: Address change 0xBF860364-->8A3D9940 [Unknown module filename]
win32k.sys-->NtUserSetWindowsHookEx, Type: Address change 0xBF85F852-->8A3D9720 [Unknown module filename]
==============================================
>Processes
==============================================
0x8A92E830 [4] System
0x8A3E35B0 [320] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java™ Quick Starter Service)
0x8A43DDA0 [360] C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x8A260560 [372] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x8A428860 [528] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A3E06B0 [548] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation, hkcmd Module)
0x8A42A740 [576] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A41E598 [724] C:\WINDOWS\system32\searchindexer.exe (Microsoft Corporation, Microsoft Windows Search Indexer)
0x8A52E158 [856] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x8A420A58 [908] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x8A376458 [932] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x8A381978 [976] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x8A39A978 [988] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x8A706968 [1012] C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc., AutoUpater Service Module)
0x8A25A988 [1172] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A388808 [1220] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A697020 [1364] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x89DB23B8 [1552] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x8A6B1B60 [1604] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation, Firefox)
0x8A39E650 [1848] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x8A3E8748 [1872] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x8A6DDBD0 [1920] C:\WINDOWS\system32\rundll32.exe (Microsoft Corporation, Run a DLL as an App)
0x89D36508 [2288] C:\Program Files\Trend Micro\Titanium\plugin\TMAS\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc., Trend Micro Anti-Spam for OE monitor)
0x89DA3888 [2316] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x89D7ADA0 [2340] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
0x8A3811C0 [2372] C:\WINDOWS\system32\searchprotocolhost.exe (Microsoft Corporation, Microsoft Windows Search Protocol Host)
0x89DBBA20 [2380] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x89C6FDA0 [2404] C:\WINDOWS\system32\LVComS.exe (Logitech Inc., LVCom Server)
0x89CBF020 [2620] C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation, Plugin Container for Firefox)
0x89CBE928 [2992] C:\Program Files\Internet Download Manager\IEMonitor.exe (Tonec Inc., Internet Download Manager agent for click monitoring in IE-based browsers)
0x89CA6500 [3020] C:\Program Files\TRENDnet\TEW-624UB_TEW-644UB\WlanCU.exe (-, WlanCU MFC Application)
0x89C719E0 [3596] C:\Documents and Settings\JasonJanatsch\My Documents\Downloads\Programs\RKUnhookerLE.EXE (UG North, RKULE, SR2 Overlord)
0x89884020 [3616] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc., Internet Download Manager (IDM))
0x89879360 [4068] C:\WINDOWS\system32\searchfilterhost.exe (Microsoft Corporation, Microsoft Windows Search Filter Host)
0x8A3CCDA0 [1984] C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc., Trend Micro Anti-Malware Solution Platform)
0x89DEEDA0 [2028] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc., Trend Micro Client Session Agent Monitor)
0x89DFB228 [2044] C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Trend Micro Inc., Trend Micro Anti-Malware Solution Platform)
0x89CCA6A0 [2268] C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe (Trend Micro Inc., Trend Micro Client Session Agent)
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2154496 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2154496 bytes
0x804D7000 RAW 2154496 bytes
0x804D7000 WMIxWDM 2154496 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB9E97000 PCI_PNP6474 1114112 bytes
0xB9E97000 sptd.sys 1114112 bytes
0xB8E2D000 C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF068000 C:\WINDOWS\System32\ialmdd5.DLL 843776 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xB8FD7000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 774144 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xB8D85000 C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9D0D000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA84BF000 C:\WINDOWS\system32\DRIVERS\rt2870.sys 565248 bytes (Ralink Technology, Corp., Ralink 802.11 USB Wireless Adapter Driver)
0xA8588000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB8C7E000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA871A000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA7FB4000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF136000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA7B63000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB8D34000 C:\WINDOWS\System32\Drivers\ad4bpynd.SYS 249856 bytes
0xB8F4F000 C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys 221184 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xA808B000 C:\WINDOWS\system32\DRIVERS\tmcomm.sys 212992 bytes (Trend Micro Inc., TrendMicro Common Module)
0xB8CDC000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9E51000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB9CE0000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA85F8000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBF03F000 C:\WINDOWS\System32\ialmdev5.DLL 167936 bytes (Intel Corporation, Component GHAL Driver)
0xA86F2000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9DFB000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA86CC000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB8F9F000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB8F2C000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA86AA000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xA864B000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806E5000 ACPI_HAL 134400 bytes
0x806E5000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9DC3000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9E21000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 126976 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xA8034000 C:\WINDOWS\system32\DRIVERS\tmactmon.sys 118784 bytes (Trend Micro Inc., TrendMicro Activity Monitor Module)
0xB9CC6000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB8F85000 C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 106496 bytes (Realtek Semiconductor Corporation , Realtek 10/100/1000 NDIS 5.1 Driver )
0xB9DE3000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA8407000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB9E7F000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xA8571000 C:\WINDOWS\system32\DRIVERS\idmtdi.sys 94208 bytes (Tonec Inc., Internet Download Manager TDI Driver)
0xB9D9A000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8D1D000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA8695000 C:\WINDOWS\system32\DRIVERS\tmtdi.sys 86016 bytes (Trend Micro Inc., Trend Micro TDI Driver (i386-fre))
0xB8D71000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB8FC3000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA8773000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9DB1000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xA8051000 C:\WINDOWS\system32\DRIVERS\tmevtmgr.sys 73728 bytes (Trend Micro Inc., TrendMicro Event Management Module)
0xB9E40000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB8D0C000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA218000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB936B000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA158000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA1C8000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB935B000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xBA188000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB938B000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB934B000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB932B000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA1D8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB937B000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB933B000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0C8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB92FB000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB930B000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xA80DF000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA318000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xA78EB000 C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 36864 bytes (Microsoft Corporation, IP FILTER DRIVER)
0xB931B000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA1A8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA3E8000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA4B0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA3E0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA328000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA3F0000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA370000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA4A0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA4A8000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA470000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA478000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA468000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA398000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA3B8000 C:\WINDOWS\system32\DRIVERS\wlndis50.sys 20480 bytes (-, WLAN NDIS 5.0 User Mode Control Driver)
0xB8C56000 C:\WINDOWS\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0xB9C32000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA83D7000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA863F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA8273000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xB9C4E000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9098000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xBA5D4000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AE000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5F2000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA5D2000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5AC000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5D6000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA654000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xBA5D8000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5CE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA5D0000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\System32\Drivers\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA739000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA69A000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA7E6000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8A8F81E8 unknown_irp_handler 3608 bytes
0x8A7571E8 unknown_irp_handler 3608 bytes
0x8A79B1E8 unknown_irp_handler 3608 bytes
0x8A27C1E8 unknown_irp_handler 3608 bytes
0x8A7841E8 unknown_irp_handler 3608 bytes
0x8A24B1E8 unknown_irp_handler 3608 bytes
0x8A6B9430 unknown_irp_handler 3024 bytes
0x89D2F430 unknown_irp_handler 3024 bytes
==============================================
>Stealth
==============================================
WARNING: File locked for read access [C:\WINDOWS\system32\drivers\sptd.sys]
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.dir
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.ci
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.dir
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.ci
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.dir
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.ci
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.dir
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.ci
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.dir
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.ci
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.dir
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid
!-->[Hidden] C:\Documents and Settings\All Users\Application Data\Real\setup\config.ini::$DATA
!-->[Hidden] C:\Documents and Settings\JasonJanatsch\Application Data\IDM\aswMBR.txt
!-->[Hidden] C:\Documents and Settings\JasonJanatsch\Application Data\IDM\MBR.dat
!-->[Hidden] C:\Documents and Settings\JasonJanatsch\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciw4hibn.default\Cache\0\8E\A5575d01
!-->[Hidden] C:\Documents and Settings\JasonJanatsch\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciw4hibn.default\Cache\3\F5\B1152d01
!-->[Hidden] C:\Documents and Settings\JasonJanatsch\Local Settings\Application Data\Mozilla\Firefox\Profiles\ciw4hibn.default\Cache\A\03\B3604d01
!-->[Hidden] C:\Documents and Settings\JasonJanatsch\Local Settings\Temporary Internet Files\Content.IE5\2GO3YZIZ\CA4Q47SW
!-->[Hidden] C:\Documents and Settings\JasonJanatsch\Local Settings\Temporary Internet Files\Content.IE5\2GO3YZIZ\CAEJKN8E
!-->[Hidden] C:\Documents and Settings\JasonJanatsch\Local Settings\Temporary Internet Files\Content.IE5\2GO3YZIZ\mgou[1]
!-->[Hidden] C:\Documents and Settings\JasonJanatsch\Local Settings\Temporary Internet Files\Content.IE5\2GO3YZIZ\SearchBandUI[1]
!-->[Hidden] C:\Documents and Settings\JasonJanatsch\Local Settings\Temporary Internet Files\Content.IE5\2GO3YZIZ\wbkEF.tmp
!-->[Hidden] C:\Documents and Settings\JasonJanatsch\Local Settings\Temporary Internet Files\Content.IE5\2GO3YZIZ\wbkF1.tmp
!-->[Hidden] C:\Documents and Settings\JasonJanatsch\Local Settings\Temporary Internet Files\Content.IE5\42OCRZTG\dog[1]
!-->[Hidden] C:\Documents and Settings\JasonJanatsch\Local Settings\Temporary Internet Files\Content.IE5\42OCRZTG\mgou[1]
!-->[Hidden] C:\Documents and Settings\JasonJanatsch\Local Settings\Temporary Internet Files\Content.IE5\42OCRZTG\SearchBandUI[1]
!-->[Hidden] C:\Documents and Settings\JasonJanatsch\Local Settings\Temporary Internet Files\Content.IE5\Q6INLWV5\elipses_normal[1]
!-->[Hidden] C:\Documents and Settings\JasonJanatsch\Local Settings\Temporary Internet Files\Content.IE5\Q6INLWV5\WDS_logo5[1]
!-->[Hidden] C:\Documents and Settings\JasonJanatsch\Local Settings\Temporary Internet Files\Content.IE5\U0J9GZLL\alert[1]
!-->[Hidden] C:\Documents and Settings\JasonJanatsch\Local Settings\Temporary Internet Files\Content.IE5\U0J9GZLL\sbtnbk[1]
!-->[Hidden] C:\Documents and Settings\JasonJanatsch\Local Settings\Temporary Internet Files\Content.IE5\U0J9GZLL\SEARCHBANDUI[1]
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Trend Micro\AMSP\data\10010\events\EventsDB\URL\9\1
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Trend Micro\AMSP\data\10010\events\EventsDB\URL\9\11
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Trend Micro\AMSP\data\10010\events\EventsDB\URL\9\12
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Trend Micro\AMSP\data\10010\events\EventsDB\URL\9\14
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Trend Micro\AMSP\data\10010\events\EventsDB\URL\9\15
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Trend Micro\AMSP\data\10010\events\EventsDB\URL\9\2
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Trend Micro\AMSP\data\10010\events\EventsDB\URL\9\3
!-->[Hidden] C:\Documents and Settings\NetworkService\Application Data\Trend Micro\AMSP\data\10010\events\EventsDB\URL\9\4
!-->[Hidden] C:\WINDOWS\$NtUninstallKB52840$\1480326244
!-->[Hidden] C:\WINDOWS\$NtUninstallKB52840$\2995421981\click.tlb
!-->[Hidden] C:\WINDOWS\$NtUninstallKB52840$\2995421981\loader.tlb
!-->[Hidden] C:\WINDOWS\$NtUninstallKB52840$\2995421981\L\imvmuess
!-->[Hidden] C:\WINDOWS\$NtUninstallKB52840$\2995421981\U\@00000001
!-->[Hidden] C:\WINDOWS\$NtUninstallKB52840$\2995421981\U\@000000c0
!-->[Hidden] C:\WINDOWS\$NtUninstallKB52840$\2995421981\U\@000000cb
!-->[Hidden] C:\WINDOWS\$NtUninstallKB52840$\2995421981\U\@000000cf
!-->[Hidden] C:\WINDOWS\$NtUninstallKB52840$\2995421981\U\@80000000
!-->[Hidden] C:\WINDOWS\$NtUninstallKB52840$\2995421981\U\@800000c0
!-->[Hidden] C:\WINDOWS\$NtUninstallKB52840$\2995421981\U\@800000cb
!-->[Hidden] C:\WINDOWS\$NtUninstallKB52840$\2995421981\U\@800000cf
!-->[Hidden] C:\WINDOWS\$NtUninstallKB52840$\2995421981\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D5A4, Type: Inline - RelativeJump 0x805045A4-->8050453E [ntkrnlpa.exe]
ntkrnlpa.exe+0x0002D884, Type: Inline - RelativeJump 0x80504884-->805048E2 [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006ECEE, Type: Inline - RelativeJump 0x80545CEE-->80545CF5 [ntkrnlpa.exe]
[1604]firefox.exe-->gdi32.dll-->ExtTextOutA, Type: Inline - RelativeJump 0x77F1D3FA-->0638D430 [unknown_code_page]
[1604]firefox.exe-->gdi32.dll-->ExtTextOutW, Type: Inline - RelativeJump 0x77F18086-->0638D514 [unknown_code_page]
[1604]firefox.exe-->gdi32.dll-->GetGlyphIndicesA, Type: Inline - RelativeJump 0x77F3DFE3-->0638D8D4 [unknown_code_page]
[1604]firefox.exe-->gdi32.dll-->GetGlyphIndicesW, Type: Inline - RelativeJump 0x77F52604-->0638D9A1 [unknown_code_page]
[1604]firefox.exe-->gdi32.dll-->TextOutA, Type: Inline - RelativeJump 0x77F1BA4F-->0638CF14 [unknown_code_page]
[1604]firefox.exe-->gdi32.dll-->TextOutW, Type: Inline - RelativeJump 0x77F17EAC-->0638CFE0 [unknown_code_page]
[1604]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C91632D-->00401410 [firefox.exe]
[1604]firefox.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->0638C23C [unknown_code_page]
[1604]firefox.exe-->user32.dll-->DrawTextA, Type: Inline - RelativeJump 0x7E43C702-->0638D0AC [unknown_code_page]
[1604]firefox.exe-->user32.dll-->DrawTextExA, Type: Inline - RelativeJump 0x7E43C739-->0638D262 [unknown_code_page]
[1604]firefox.exe-->user32.dll-->DrawTextExW, Type: Inline - RelativeJump 0x7E42B415-->0638D349 [unknown_code_page]
[1604]firefox.exe-->user32.dll-->DrawTextW, Type: Inline - RelativeJump 0x7E42D7E2-->0638D187 [unknown_code_page]
[1604]firefox.exe-->user32.dll-->SetClipboardData, Type: Inline - RelativeJump 0x7E430F9E-->0638CDFD [unknown_code_page]
[1604]firefox.exe-->wininet.dll-->InternetCrackUrlA, Type: Inline - RelativeJump 0x3D954928-->0638DC67 [unknown_code_page]
[1604]firefox.exe-->wininet.dll-->InternetCrackUrlW, Type: Inline - RelativeJump 0x3D9340C0-->0638DDB0 [unknown_code_page]
[1604]firefox.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x71AB3E2B-->0638CD56 [unknown_code_page]
[1604]firefox.exe-->ws2_32.dll-->getaddrinfo, Type: Inline - RelativeJump 0x71AB2A6F-->0638BD87 [unknown_code_page]
[1604]firefox.exe-->ws2_32.dll-->gethostbyname, Type: Inline - RelativeJump 0x71AB5355-->0638BCC6 [unknown_code_page]
[1604]firefox.exe-->ws2_32.dll-->recv, Type: Inline - RelativeJump 0x71AB676F-->0638C970 [unknown_code_page]
[1604]firefox.exe-->ws2_32.dll-->send, Type: Inline - RelativeJump 0x71AB4C27-->0638C8CB [unknown_code_page]
[1604]firefox.exe-->ws2_32.dll-->WSAAsyncGetHostByName, Type: Inline - RelativeJump 0x71ABE99D-->0638C15D [unknown_code_page]
[1604]firefox.exe-->ws2_32.dll-->WSARecv, Type: Inline - RelativeJump 0x71AB4CB5-->0638CAF2 [unknown_code_page]
[1604]firefox.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x71AB68FA-->0638CA1E [unknown_code_page]
[1848]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->5CB77774 [shimeng.dll]
[1848]explorer.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A81188-->5CB77774 [shimeng.dll]
[1848]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->5CB77774 [shimeng.dll]
[1848]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->5CB77774 [shimeng.dll]
[1848]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->5CB77774 [shimeng.dll]
[1848]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->5CB77774 [shimeng.dll]
[1848]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->5CB77774 [shimeng.dll]
[1848]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->5CB77774 [shimeng.dll]
[2620]plugin-container.exe-->user32.dll-->GetWindowInfo, Type: Inline - RelativeJump 0x7E42C49C-->104A5451 [xul.dll]
[2620]plugin-container.exe-->user32.dll-->SetWindowLongA, Type: Inline - RelativeJump 0x7E42C29D-->1068EDA6 [xul.dll]
[2620]plugin-container.exe-->user32.dll-->SetWindowLongW, Type: Inline - RelativeJump 0x7E42C2BB-->1068ED38 [xul.dll]
[2620]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->104A5A99 [xul.dll]
[724]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00585C0C [mssrch.dll]
[724]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[724]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]

#15 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,738 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:14 AM

Posted 17 July 2011 - 02:45 PM

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users