Definitely have malware :(

**CamaroJeff** · 2009-09-28, 17:42

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:19 AM, on 9/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.98rock.com/cc-common/babes/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Shared\lib.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Ksebuhey] rundll32.exe "C:\WINDOWS\urufixej.dll",e
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: ikowin32.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://66.154.44.68/cam/Install.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...0/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/...s/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - https://cs7b.instantservice.com/jars...rxsigned42.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole...rcadeRdxIE.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...23/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab
O16 - DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - http://download.newaol.com/bkpromo/d...ormerSetup.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Filter hijack: text/html - {d9d9d031-9536-47bb-8aa2-d3a1501a502d} - C:\WINDOWS\system32\dsound3dd.dll
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 7849 bytes

**Blade81** · 2009-10-02, 16:24

Hi,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.

**CamaroJeff** · 2009-10-03, 02:47

okay, DDS came up with these.

DDS.txt

DDS (Ver_09-09-29.01) - NTFSx86
Run by Spiderman at 20:43:32.89 on Fri 10/02/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.201 [GMT -4:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\Documents and Settings\Spiderman\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.98rock.com/cc-common/babes/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: dsWebAllowBHO Class: {2f85d76c-0569-466f-a488-493e6bd0e955} - c:\program files\windows desktop search\dsWebAllow.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Browser Helper Object: {afd4ad01-58c1-47db-a404-fbe00a6c5486} - c:\program files\shared\lib.dll
TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [Ksebuhey] rundll32.exe "c:\windows\urufixej.dll",e
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\documents and settings\spiderman\start menu\programs\startup\ikowin32.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: &Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
DPF: {205FF73B-CA67-11D5-99DD-444553540000} - hxxp://66.154.44.68/cam/Install.cab
DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - hxxp://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - hxxp://chat.yahoo.com/cab/yacsui.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} - hxxps://cs7b.instantservice.com/jars/customerxsigned42.cab
DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} - hxxp://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D9EA64B2-B966-E177-332C-78B69886526D} - hxxp://download.newaol.com/bkpromo/download/PerformerSetup.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab
Filter: text/html - {d9d9d031-9536-47bb-8aa2-d3a1501a502d} - c:\windows\system32\dsound3dd.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {4A54500A-65FE-4F4A-B860-20EAE2F577F9} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
LSA: Notification Packages = scecli carcpc.dll

============= SERVICES / DRIVERS ===============

R2 lxcz_device;lxcz_device;c:\windows\system32\lxczcoms.exe -service --> c:\windows\system32\lxczcoms.exe -service [?]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-8-13 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [2006-8-13 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [2006-8-13 39552]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-8-13 60416]
S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\spider~1\locals~1\temp\dmskssrh.sys --> c:\docume~1\spider~1\locals~1\temp\DMSKSSRh.sys [?]
S3 SaiNtSub;SaiNtSub;c:\windows\system32\drivers\SaiNtSub.sys [2005-2-4 19200]
S3 samhid;samhid;c:\windows\system32\drivers\samhid.sys --> c:\windows\system32\drivers\samhid.sys [?]

=============== Created Last 30 ================

2009-10-02 20:39 14,514 a------- c:\windows\itecigitulob.dll
2009-10-02 17:41 13,067 a------- c:\windows\ifidevac.dll
2009-10-02 07:21 12,291 a------- c:\windows\anelizodowurafox.dll
2009-10-01 21:19 11,460 a------- c:\windows\eleharuculihi.dll
2009-10-01 17:28 11,650 a------- c:\windows\okehazuyosegefim.dll
2009-09-30 23:20 12,390 a------- c:\windows\urucozis.dll
2009-09-30 20:02 15,257 a------- c:\windows\ukoyuzubizeb.dll
2009-09-30 18:03 11,576 a------- c:\windows\imujoxuc.dll
2009-09-30 07:18 11,520 a------- c:\windows\ufiyosegef.dll
2009-09-29 21:32 11,581 a------- c:\windows\imunesey.dll
2009-09-29 19:30 11,638 a------- c:\windows\egayiyoh.dll
2009-09-29 17:32 11,520 a------- c:\windows\isitibuxer.dll
2009-09-29 07:02 13,701 a------- c:\windows\ajibatidedug.dll
2009-09-28 22:40 11,404 a------- c:\windows\okecuvuhoxuquxoj.dll
2009-09-28 15:27 11,638 a------- c:\windows\upotepin.dll
2009-09-28 13:25 11,520 a------- c:\windows\oxumopuduy.dll
2009-09-28 11:23 11,576 a------- c:\windows\iyatahixowetohe.dll
2009-09-27 21:45 11,706 a------- c:\windows\awaworucato.dll
2009-09-27 15:54 11,520 a------- c:\windows\ajayelovawubixax.dll
2009-09-27 09:26 11,644 a------- c:\windows\inutezezuquj.dll
2009-09-26 19:29 11,638 a------- c:\windows\ibimapiqiyonox.dll
2009-09-26 17:27 11,638 a------- c:\windows\ogipucovotuket.dll
2009-09-26 15:28 11,638 a------- c:\windows\asicolal.dll
2009-09-25 13:09 11,520 a------- c:\windows\oraluwen.dll
2009-09-25 07:19 13,740 a------- c:\windows\ugifiwuz.dll
2009-09-24 20:53 11,576 a------- c:\windows\ayimapiq.dll
2009-09-24 18:52 11,644 a------- c:\windows\opohugil.dll
2009-09-24 12:37 11,520 a------- c:\windows\eheriwesozo.dll
2009-09-24 10:35 13,675 a------- c:\windows\abozemiz.dll
2009-09-24 08:33 12,904 a------- c:\windows\ufihilofej.dll
2009-09-24 06:31 11,448 a------- c:\windows\odajezoweqoh.dll
2009-09-24 04:29 11,706 a------- c:\windows\oqegovagifobaw.dll
2009-09-24 02:27 11,448 a------- c:\windows\osutiles.dll
2009-09-24 00:25 11,162 a------- c:\windows\ifereweha.dll
2009-09-23 22:23 12,108 a------- c:\windows\ebocoroj.dll
2009-09-23 20:21 11,386 a------- c:\windows\orehifuc.dll
2009-09-23 18:19 11,588 a------- c:\windows\elujewuj.dll
2009-09-23 16:17 11,330 a------- c:\windows\amikulej.dll
2009-09-23 14:15 11,392 a------- c:\windows\ofuvozeraz.dll
2009-09-23 12:13 11,392 a------- c:\windows\edojolij.dll
2009-09-23 10:11 11,448 a------- c:\windows\udociluvunebur.dll
2009-09-23 08:09 11,330 a------- c:\windows\amezawuf.dll
2009-09-23 06:07 12,029 a------- c:\windows\ofofafawi.dll
2009-09-23 04:05 12,056 a------- c:\windows\edilaref.dll
2009-09-23 02:03 11,330 a------- c:\windows\uwodewiy.dll
2009-09-23 00:01 12,825 a------- c:\windows\ebimizih.dll
2009-09-22 21:59 11,650 a------- c:\windows\evayasomizih.dll
2009-09-22 19:57 11,588 a------- c:\windows\omelolac.dll
2009-09-22 17:55 11,386 a------- c:\windows\unuhovehula.dll
2009-09-22 15:53 11,386 a------- c:\windows\ubejefiq.dll
2009-09-22 13:51 11,386 a------- c:\windows\utogofor.dll
2009-09-22 11:49 11,386 a------- c:\windows\efemirux.dll
2009-09-22 09:47 11,448 a------- c:\windows\aduyamuk.dll
2009-09-22 07:45 11,448 a------- c:\windows\uhodesuvaruk.dll
2009-09-22 05:43 11,448 a------- c:\windows\uwapalir.dll
2009-09-22 03:41 12,895 a------- c:\windows\opunevif.dll
2009-09-22 01:39 12,116 a------- c:\windows\ofoqusiwoj.dll
2009-09-21 23:37 12,851 a------- c:\windows\ejodafaw.dll
2009-09-21 21:35 11,386 a------- c:\windows\irakarat.dll
2009-09-21 19:33 11,386 a------- c:\windows\amukupugebudax.dll
2009-09-21 17:32 87,168 a------- c:\windows\system32\drivers\3e3b0e9.sys
2009-09-21 17:31 11,448 a------- c:\windows\ixuqeduk.dll
2009-09-21 10:52 11,386 a------- c:\windows\imawiloji.dll
2009-09-21 08:50 12,047 a------- c:\windows\idogezorijegozu.dll
2009-09-21 06:48 11,650 a------- c:\windows\axinirumecahalev.dll
2009-09-21 04:46 11,448 a------- c:\windows\ojuqafar.dll
2009-09-21 02:44 11,448 a------- c:\windows\uvikuwafonut.dll
2009-09-21 00:42 12,329 a------- c:\windows\ukayewecig.dll
2009-09-20 22:40 13,645 a------- c:\windows\ojipevubeqovuzi.dll
2009-09-20 20:38 11,386 a------- c:\windows\enuxusum.dll
2009-09-20 18:36 11,330 a------- c:\windows\arihexop.dll
2009-09-20 16:34 12,198 a------- c:\windows\oheqazejo.dll
2009-09-20 14:32 11,448 a------- c:\windows\ukifefeqacolal.dll
2009-09-20 12:30 11,392 a------- c:\windows\ubelerih.dll
2009-09-20 10:28 11,448 a------- c:\windows\ejidiwoxewofes.dll
2009-09-20 08:26 11,706 a------- c:\windows\atomanap.dll
2009-09-20 06:24 12,112 a------- c:\windows\ikenalepetiyo.dll
2009-09-20 04:22 12,065 a------- c:\windows\uxosuloromazizu.dll
2009-09-20 02:20 12,001 a------- c:\windows\ejeruzifuloru.dll
2009-09-20 00:18 14,565 a------- c:\windows\atezosowuwu.dll
2009-09-19 22:16 12,293 a------- c:\windows\iwisefubemob.dll
2009-09-19 20:14 11,392 a------- c:\windows\arubawutilesol.dll
2009-09-19 18:12 11,448 a------- c:\windows\uhinufeworitulus.dll
2009-09-19 16:10 11,706 a------- c:\windows\uxeturet.dll
2009-09-19 14:08 11,588 a------- c:\windows\aweqasoqege.dll
2009-09-19 12:06 11,386 a------- c:\windows\okucuzuhifuci.dll
2009-09-19 10:04 11,386 a------- c:\windows\ifocoxicakihev.dll
2009-09-19 08:02 12,757 a------- c:\windows\owebalikoqatu.dll
2009-09-19 06:00 13,906 a------- c:\windows\ixikerevafidel.dll
2009-09-19 03:58 11,448 a------- c:\windows\eqavafidelujolij.dll
2009-09-19 01:56 11,386 a------- c:\windows\awequmofut.dll
2009-09-18 23:54 11,386 a------- c:\windows\ifiyuruwokuqisal.dll
2009-09-18 21:52 11,386 a------- c:\windows\uyezizaz.dll
2009-09-18 19:50 11,386 a------- c:\windows\ewovuzitoha.dll
2009-09-18 17:48 11,386 a------- c:\windows\orejulowu.dll
2009-09-18 15:49 11,588 a------- c:\windows\olenelanavecazu.dll
2009-09-18 01:52 12,368 a------- c:\windows\ofeholuh.dll
2009-09-17 23:50 11,386 a------- c:\windows\idujizuqu.dll
2009-09-17 21:48 11,588 a------- c:\windows\oteqesuhelehizu.dll
2009-09-17 19:46 11,448 a------- c:\windows\usotolix.dll
2009-09-17 17:44 11,448 a------- c:\windows\uhoyiger.dll
2009-09-17 15:42 11,448 a------- c:\windows\epulifipuluk.dll
2009-09-17 13:40 11,386 a------- c:\windows\uhikorilowadil.dll
2009-09-17 11:38 11,644 a------- c:\windows\ukonirumecah.dll
2009-09-17 09:36 11,588 a------- c:\windows\eleqafarip.dll
2009-09-17 07:34 11,386 a------- c:\windows\obawulevefi.dll
2009-09-17 05:32 13,586 a------- c:\windows\iqokilomi.dll
2009-09-17 03:30 11,706 a------- c:\windows\icopevubeqo.dll
2009-09-17 01:28 11,706 a------- c:\windows\udexusumo.dll
2009-09-16 23:26 11,448 a------- c:\windows\acerimuquj.dll
2009-09-16 21:24 13,060 a------- c:\windows\ecefotoc.dll
2009-09-16 19:22 11,330 a------- c:\windows\exelowunikazubi.dll
2009-09-16 17:20 11,588 a------- c:\windows\anurituci.dll
2009-09-16 15:18 11,386 a------- c:\windows\ekoboneravasam.dll
2009-09-16 13:16 11,386 a------- c:\windows\ucagosixaxeteted.dll
2009-09-16 11:14 11,706 a------- c:\windows\uxatigokidonot.dll
2009-09-16 09:12 11,448 a------- c:\windows\alewanulamolimar.dll
2009-09-16 07:10 11,280 a------- c:\windows\ajocetuw.dll
2009-09-16 05:08 11,330 a------- c:\windows\onehebaf.dll
2009-09-16 03:08 13,003 a------- c:\windows\odehusucam.dll
2009-09-16 00:30 11,392 a------- c:\windows\ufirubohojafabi.dll
2009-09-15 22:28 11,392 a------- c:\windows\ewizotuqo.dll
2009-09-15 20:26 11,392 a------- c:\windows\uvamibah.dll
2009-09-15 18:24 11,386 a------- c:\windows\ehigozux.dll
2009-09-15 16:22 11,588 a------- c:\windows\oliyonidopumam.dll
2009-09-15 14:20 11,386 a------- c:\windows\uribiyov.dll
2009-09-15 12:21 11,386 a------- c:\windows\ucijumuqobo.dll
2009-09-15 10:02 11,386 a------- c:\windows\eyudobuvo.dll
2009-09-15 08:00 11,386 a------- c:\windows\awiritadumo.dll
2009-09-15 05:58 11,448 a------- c:\windows\adafegizutaz.dll
2009-09-15 03:56 11,532 a------- c:\windows\ucelesolas.dll
2009-09-15 01:54 11,386 a------- c:\windows\ibuwunoz.dll
2009-09-14 23:52 12,277 a------- c:\windows\ajakigat.dll
2009-09-14 21:50 11,588 a------- c:\windows\ixiyetasoyu.dll
2009-09-14 19:48 11,386 a------- c:\windows\enebebaguwimu.dll
2009-09-14 17:46 11,392 a------- c:\windows\amifepohebafi.dll
2009-09-14 15:44 11,448 a------- c:\windows\ucezitoha.dll
2009-09-14 13:42 11,706 a------- c:\windows\abahakucadic.dll
2009-09-14 11:40 11,644 a------- c:\windows\ukicagayusaqitih.dll
2009-09-14 09:38 11,588 a------- c:\windows\ucoyenev.dll
2009-09-14 07:36 13,751 a------- c:\windows\obiwiyel.dll
2009-09-14 05:34 11,330 a------- c:\windows\ucikiwikisoxe.dll
2009-09-14 03:32 13,111 a------- c:\windows\usoniwulaqo.dll
2009-09-14 01:30 11,392 a------- c:\windows\agaqatuza.dll
2009-09-13 23:28 11,650 a------- c:\windows\uxucubalepi.dll
2009-09-13 21:26 11,448 a------- c:\windows\ijuxorigeg.dll
2009-09-13 19:38 11,386 a------- c:\windows\adexipab.dll
2009-09-13 17:36 11,330 a------- c:\windows\utodiqatarive.dll
2009-09-13 15:34 11,386 a------- c:\windows\eqamoyes.dll
2009-09-13 13:32 11,386 a------- c:\windows\uyazoquqisefac.dll
2009-09-13 11:29 11,448 a------- c:\windows\olumodet.dll
2009-09-13 09:27 11,448 a------- c:\windows\omiyeviw.dll
2009-09-13 08:18 12,762 a------- c:\windows\acavakadevi.dll
2009-09-13 06:20 12,791 a------- c:\windows\uvajivanoq.dll
2009-09-13 04:00 13,866 a------- c:\windows\apegupiditemekok.dll
2009-09-13 02:02 11,391 a------- c:\windows\urewixanimi.dll
2009-09-12 23:42 11,448 a------- c:\windows\eduhovoj.dll
2009-09-12 21:40 12,001 a------- c:\windows\eyogudorayeher.dll
2009-09-12 19:38 11,330 a------- c:\windows\olemopajeboy.dll
2009-09-12 17:36 11,391 a------- c:\windows\unuwevev.dll
2009-09-12 15:35 11,386 a------- c:\windows\ekesuyeg.dll
2009-09-12 15:11 <DIR> --d----- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2009-09-01 11:21 11,588 a------- c:\windows\urocawaj.dll
2009-09-01 09:19 12,091 a------- c:\windows\ipopuficuzuhi.dll
2009-09-01 07:17 13,025 a------- c:\windows\ebajurij.dll
2009-09-01 05:15 11,392 a------- c:\windows\oferesox.dll
2009-09-01 03:13 11,448 a------- c:\windows\exovevukov.dll
2009-09-01 01:11 11,392 a------- c:\windows\exapejid.dll
2009-08-31 23:09 13,676 a------- c:\windows\uracusezejoher.dll
2009-08-31 21:07 12,274 a------- c:\windows\ofazowem.dll
2009-08-31 19:05 11,330 a------- c:\windows\eximifora.dll
2009-08-31 17:03 11,330 a------- c:\windows\ewolorom.dll
2009-08-31 15:01 11,386 a------- c:\windows\ovadurayapeva.dll
2009-08-31 12:59 11,392 a------- c:\windows\uwemavab.dll
2009-08-31 10:57 11,386 a------- c:\windows\upuyosamavab.dll
2009-08-31 08:55 12,329 a------- c:\windows\oyolaloc.dll
2009-08-31 06:53 14,738 a------- c:\windows\iwewogij.dll
2009-08-31 04:51 11,330 a------- c:\windows\irenufuq.dll
2009-08-31 02:49 11,386 a------- c:\windows\ifogafek.dll
2009-08-31 00:47 11,448 a------- c:\windows\ibotuwef.dll
2009-08-30 22:45 11,392 a------- c:\windows\awayofik.dll
2009-08-30 20:43 11,335 a------- c:\windows\iqejinur.dll
2009-08-30 18:41 11,330 a------- c:\windows\ugiholur.dll
2009-08-30 16:39 11,330 a------- c:\windows\oxenozum.dll
2009-08-30 14:37 11,391 a------- c:\windows\ejotilarej.dll
2009-08-30 12:35 11,330 a------- c:\windows\usoxivaz.dll
2009-08-30 10:33 11,588 a------- c:\windows\alotakob.dll
2009-08-28 19:27 11,448 a------- c:\windows\acaderotegixiv.dll
2009-08-28 17:25 11,386 a------- c:\windows\avukejubetovapuz.dll
2009-08-28 15:23 11,386 a------- c:\windows\iqafovah.dll
2009-08-28 13:21 11,588 a------- c:\windows\oviloqetuguzele.dll
2009-08-28 11:19 11,386 a------- c:\windows\ejerivehamiro.dll
2009-08-28 09:17 11,588 a------- c:\windows\ogakupujaxakuqe.dll
2009-08-28 07:15 11,392 a------- c:\windows\aqugojudoyatupek.dll
2009-08-28 05:13 11,448 a------- c:\windows\ixitikapawogep.dll
2009-08-28 03:11 11,448 a------- c:\windows\aborerew.dll
2009-08-28 01:09 12,168 a------- c:\windows\avezaxifivufep.dll
2009-08-27 23:07 11,330 a------- c:\windows\ewihedil.dll
2009-08-27 21:05 11,330 a------- c:\windows\avanepoza.dll
2009-08-27 19:03 11,330 a------- c:\windows\itedowubucu.dll
2009-07-26 12:58 182,656 a------- c:\windows\system32\dllcache\ndis.sys
2009-07-19 09:33 3,597,824 a------- c:\windows\system32\dllcache\mshtml.dll
2009-07-19 09:32 6,067,200 -------- c:\windows\system32\dllcache\ieframe.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl(3)(3).dll
2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 23:43 286,208 -------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-10 09:27 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2007-03-29 09:13 87,608 a------- c:\docume~1\spider~1\applic~1\ezpinst.exe
2007-03-29 09:13 47,360 a------- c:\docume~1\spider~1\applic~1\pcouffin.sys
2006-11-25 03:57 482 a------- c:\program files\Del.js
2005-08-21 12:42 905 ac------ c:\program files\uninstal.log
2004-07-09 19:24 784 a------- c:\docume~1\spider~1\applic~1\mpauth.dat
2006-01-11 02:41 56 ---shr-- c:\windows\system32\6BBF71BA10.sys
2006-09-23 20:47 10,856 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-02-09 23:52 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020920090210\index.dat

============= FINISH: 20:44:57.71 ===============

**CamaroJeff** · 2009-10-03, 02:50

working on zipping attach.txt, says to zip the file and attach. might take me a few to do that...

**CamaroJeff** · 2009-10-03, 03:00

okay, i can unzip files, but im not sure how to go about zipping and attaching. it says in the text file:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

im not sure where to go from here.

GMER came up with this as an option before any scan was possible:

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity. Dou you want to fully scan your system ?

GMER showed up as jpi5ewj4.exe upon saving and as running through task manager. not sure where to go from there either.

i do appreciate your help very much and patience is definately a virtue of mine at the moment. i just want to ge this thing running like normal again

**Blade81** · 2009-10-03, 12:14

Hi,

It's ok to paste attach.txt contents into your post without zipping

In GMER case let it finish its scan and then:
-When scanning is ready, click Copy button (in GMER). This copies log to clipboard.
-Post log in your reply.

**CamaroJeff** · 2009-10-03, 14:40

alright, heres what attach.txt came up with. going to scan with GMER and post results momentarily

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-09-29.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/9/2004 6:12:37 PM
System Uptime: 9/29/2009 6:39:44 AM (86 hours ago)

Motherboard: Dell Computer Corp. | | 0C2425
Processor: Intel(R) Celeron(R) CPU 2.50GHz | Microprocessor | 2491/400mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 4.52 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96E-E325-11CE-BFC1-08002BE10318}
Description: Plug and Play Monitor
Device ID: DISPLAY\DELD002\4&328453E3&0&80861100&00&02
Manufacturer: (Standard monitor types)
Name: Plug and Play Monitor
PNP Device ID: DISPLAY\DELD002\4&328453E3&0&80861100&00&02
Service:

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 537EP V9x DFV PCI Modem
Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&3B1CAF2B&0&30F0
Manufacturer: Intel Corporation
Name: Intel(R) 537EP V9x DFV PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_1080&SUBSYS_10001028&REV_04\4&3B1CAF2B&0&30F0
Service: Modem

Class GUID: {4D36E980-E325-11CE-BFC1-08002BE10318}
Description: Floppy disk drive
Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&C4AE404&0&0
Manufacturer: (Standard floppy disk drives)
Name: Floppy disk drive
PNP Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&C4AE404&0&0
Service: flpydisk

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ATI WDM TV Tuner (Microsoft)
Device ID: ROOT\LEGACY_ATITUNEP\0000
Manufacturer:
Name: ATI WDM TV Tuner (Microsoft)
PNP Device ID: ROOT\LEGACY_ATITUNEP\0000
Service: ATITUNEP

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ATI WDM TV Audio Crossbar (Microsoft)
Device ID: ROOT\LEGACY_ATIXSAUDIO\0000
Manufacturer:
Name: ATI WDM TV Audio Crossbar (Microsoft)
PNP Device ID: ROOT\LEGACY_ATIXSAUDIO\0000
Service: ATIXSAudio

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ATI WDM Specialized MVD Codec (Microsoft)
Device ID: ROOT\LEGACY_MVDCODEC\0000
Manufacturer:
Name: ATI WDM Specialized MVD Codec (Microsoft)
PNP Device ID: ROOT\LEGACY_MVDCODEC\0000
Service: MVDCODEC

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: ATI WDM Specialized PCD Codec (Microsoft)
Device ID: ROOT\LEGACY_PCDCODEC\0000
Manufacturer:
Name: ATI WDM Specialized PCD Codec (Microsoft)
PNP Device ID: ROOT\LEGACY_PCDCODEC\0000
Service: PCDCODEC

==== System Restore Points ===================

RP536: 9/11/2009 6:08:04 PM - Restore Operation
RP537: 9/12/2009 3:07:10 PM - Restore Operation
RP538: 9/13/2009 3:49:33 PM - System Checkpoint
RP539: 9/14/2009 4:58:05 PM - System Checkpoint
RP540: 9/15/2009 5:29:48 PM - System Checkpoint
RP541: 9/16/2009 6:30:49 PM - System Checkpoint
RP542: 9/17/2009 7:03:11 PM - System Checkpoint
RP543: 9/18/2009 7:29:50 PM - System Checkpoint
RP544: 9/19/2009 8:57:54 PM - System Checkpoint
RP545: 9/20/2009 9:29:33 PM - System Checkpoint
RP546: 9/21/2009 9:36:49 PM - System Checkpoint
RP547: 9/22/2009 11:56:59 PM - System Checkpoint
RP548: 9/24/2009 12:34:10 AM - System Checkpoint
RP549: 9/25/2009 1:02:38 AM - System Checkpoint
RP550: 9/26/2009 2:02:31 AM - System Checkpoint
RP551: 9/27/2009 3:02:46 AM - System Checkpoint
RP552: 9/28/2009 4:02:32 AM - System Checkpoint
RP553: 9/29/2009 7:45:36 AM - System Checkpoint
RP554: 9/30/2009 8:44:28 AM - System Checkpoint
RP555: 10/1/2009 9:44:27 AM - System Checkpoint
RP556: 10/2/2009 10:44:17 AM - System Checkpoint

==== Installed Programs ======================

µTorrent
ABBYY FineReader 6.0 Sprint
AC3Filter (remove only)
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0
AOL Instant Messenger
AutoUpdate
Banctec Service Agreement
Battlefield 2(TM)
Bejeweled 2 Deluxe 1.0
Big Fish Games Client
Bookworm Deluxe 1.03
Broadcom Management Programs
Business Card Generator Fonts
Business Card Shop
Chutes and Ladders
Critical Update for Windows Media Player 11 (KB959772)
dBpoweramp DSP Effects
Deer Avenger
Dell Driver Reset Tool
Dell Networking Guide
Dell Solution Center
DivX Codec
DVDSentry
Dyno2000 Version 3.10
ffdshow [rev 1324] [2007-07-01]
Google Video Player
GTAIII
HarryThompson.com - Webjal Patcher
Help and Support Customization
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hot Rod Garage to Glory
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
ieSpell
Intel(R) 537EP V9x DFV PCI Modem
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
IrfanView (remove only)
Java 2 Runtime Environment, SE v1.4.2
Kaspersky Online Scanner
Learn2 Player (Uninstall Only)
Lexmark 1200 Series
Lexmark 640 Series
Lexmark Fax Solutions
Macromedia Flash Player
Macromedia Shockwave Player
MathPlayer
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires Gold
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MicroStaff WINASPI
Mobsters Superbot
Modem Event Monitor
MS Access 97 SP2
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MyJAL MediaPAL
Mystery Case Files: Madame Fate ™
Need For Speed Hot Pursuit 2
Network Play System (Patching)
NVIDIA Drivers
ObjectDock
PeerGuardian 2.0
PowerDVD
QuickTime
R/C Pilot Simulator
RealFlight G3 R/C Simulator
RealFlight Simulator
RealPlayer
Saitek Configuration Software
Saitek NT Controller Drivers
Samsung CamCorder Driver
Samsung Video Codec 1.1 Uninstall
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Shockwave
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SpywareBlaster v3.5.1
TVersity Codec Pack 1.1
TVersity Media Server 0.9.11.4 beta
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB968389)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual FoxPro ODBC Driver
WavePad Uninstall
WebFldrs XP
Webjal install by HarryThompson.com
Windows Desktop Search
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
ZoneAlarm Spy Blocker

==== Event Viewer Messages From Past Week ========

9/29/2009 6:59:20 AM, error: Service Control Manager [7034] - The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s).
9/29/2009 6:40:53 AM, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
9/27/2009 9:15:15 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
9/27/2009 9:00:15 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
9/26/2009 8:21:16 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 000D56EFBA03 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/25/2009 7:27:07 AM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
9/25/2009 7:27:07 AM, error: DCOM [10005] - DCOM got error "%2" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================

**CamaroJeff** · 2009-10-03, 19:01

wow, that took a lot longer than i thought. heres the results...

GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-10-03 12:54:54
Windows 5.1.2600 Service Pack 3
Running: jpi5ewj4.exe; Driver: C:\DOCUME~1\SPIDER~1\LOCALS~1\Temp\fgldqpow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\drivers\3e3b0e9.sys ZwCreateEvent [0xBAD2F595]
SSDT \SystemRoot\System32\drivers\3e3b0e9.sys ZwCreateKey [0xBAD2D585]
SSDT sptd.sys ZwEnumerateKey [0xF8772FB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF8773340]
SSDT \SystemRoot\System32\drivers\3e3b0e9.sys ZwOpenKey [0xBAD2D645]
SSDT sptd.sys ZwQueryKey [0xF8773418]
SSDT sptd.sys ZwQueryValueKey [0xF8773298]

Code 8334C500 pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload F7E228AC 5 Bytes JMP 831C41C8
? System32\Drivers\aef8tb7n.SYS The system cannot find the path specified. !
? C:\WINDOWS\System32\drivers\3e3b0e9.sys The system cannot find the file specified.

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[2860] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 04131088 C:\WINDOWS\system32\dsound3dd.dll
? C:\WINDOWS\System32\svchost.exe[4024] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;
? C:\WINDOWS\System32\svchost.exe[4032] image checksum mismatch; number of sections mismatch; time/date stamp mismatch;

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F878406C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8784018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F87A69AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F878406C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F876DAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F876DC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F876DB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F876E748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F876E61E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F878329A] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 9BE90043
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D4
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D48DE8
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D55CE856
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8B55C300
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] FF1075FF
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 10C48308
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 8B55C35D
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] FF1075FF
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 75FF0C75
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] DA58E808
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 458B0001
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 2300E800
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] F18B0002
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] E8F07589
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 0001D35B
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 8D0875FF
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [0043CB90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 001C95E8
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 000223B2
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 560004C2
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 006AF18B
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 4E8D016A
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] E80043CB
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 000021DF
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] E95ECE8B
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 0001D3EE
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] E8F18B56
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] FFFFFFDB
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 082444F6
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 56077401
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 01D4B5E8
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 0004C25E
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] CB9C01C7
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] BCE90043
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 56FFFFFF
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [0043CB9C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFAEE8
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 2444F6FF
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 07740108
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] D488E856
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] B8046A00
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [00436E6D] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 022265E8
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 7D8BF075
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 33E85708
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 830001D3
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8300FC65
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [0043CB90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 001BF5E8
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 00022312
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 830004C2
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 60830020
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0A8B0004
IAT C:\WINDOWS\System32\svchost.exe[4024] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 04728B56
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] CB8401C7
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 9BE90043
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 560001D4
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [0043CB84] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01D48DE8
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 2444F600
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 07740108
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] D55CE856
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 8B55C300
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] FF1075FF
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 10C48308
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 8B55C35D
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 1475FFEC
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] FF1075FF
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 75FF0C75
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] DA58E808
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 458B0001
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 2300E800
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] F18B0002
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] E8F07589
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 0001D35B
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 00FC6583
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 8D0875FF
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [0043CB90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 001C95E8
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 000223B2
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 560004C2
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 006AF18B
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 4E8D016A
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 9006C70C
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] E80043CB
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 000021DF
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] E95ECE8B
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 0001D3EE
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] E8F18B56
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] FFFFFFDB
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 082444F6
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 56077401
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 01D4B5E8
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 0004C25E
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] CB9C01C7
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] BCE90043
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] 56FFFFFF
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 06C7F18B
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [0043CB9C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] FFFFAEE8
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 2444F6FF
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 07740108
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] D488E856
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 8B590001
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 04C25EC6
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] B8046A00
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [00436E6D] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 022265E8
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 89F18B00
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 7D8BF075
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 33E85708
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 830001D3
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 8300FC65
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 06C70C4E
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [0043CB90] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 001BF5E8
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] E8C68B00
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 00022312
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 830004C2
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 60830020
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 0A8B0004
IAT C:\WINDOWS\System32\svchost.exe[4032] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 04728B56

...text is too long, continued in next post...

**CamaroJeff** · 2009-10-03, 19:02

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 3e3b0e9.sys
Device \FileSystem\Ntfs \Ntfs 8336A1E8
Device \Driver\NDIS \Device\Ndis [83273984] NDIS.sys[.reloc]
Device \Driver\Tcpip \Device\Ip 3e3b0e9.sys
Device \Driver\usbuhci \Device\USBPDO-0 8310F1E8
Device \Driver\PCI_NTPNP1052 \Device\00000044 sptd.sys
Device \Driver\usbuhci \Device\USBPDO-1 8310F1E8
Device \Driver\usbuhci \Device\USBPDO-2 8310F1E8
Device \Driver\usbehci \Device\USBPDO-3 831B51E8
Device \Driver\Tcpip \Device\Tcp 3e3b0e9.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 833D81E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 833D81E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{DC6DEC2A-4BED-4762-8851-E561345257A5} 82EEA1E8
Device \Driver\Cdrom \Device\CdRom0 830C11E8
Device \Driver\Cdrom \Device\CdRom1 830C11E8
Device \Driver\Cdrom \Device\CdRom2 830C11E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 82EEA1E8
Device \Driver\NetBT \Device\NetbiosSmb 82EEA1E8
Device \Driver\Tcpip \Device\Udp 3e3b0e9.sys
Device \Driver\Tcpip \Device\RawIp 3e3b0e9.sys
Device \Driver\usbuhci \Device\USBFDO-0 8310F1E8
Device \Driver\usbuhci \Device\USBFDO-1 8310F1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 831E9790
Device \Driver\Tcpip \Device\IPMULTICAST 3e3b0e9.sys
Device \Driver\usbuhci \Device\USBFDO-2 8310F1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 831E9790
Device \Driver\usbehci \Device\USBFDO-3 831B51E8
Device \Driver\Ftdisk \Device\FtControl 833D81E8
Device \Driver\aef8tb7n \Device\Scsi\aef8tb7n1 83051540
Device \Driver\aef8tb7n \Device\Scsi\aef8tb7n1Port2Path0Target0Lun0 83051540
Device \FileSystem\Fastfat \Fat 82CD5368
Device \FileSystem\Fastfat \Fat B5F75297
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs 831931E8
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\drivers\3e3b0e9.sys (*** hidden *** ) [SYSTEM] 3e3b0e9 <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\3e3b0e9@ImagePath \SystemRoot\System32\drivers\3e3b0e9.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\3e3b0e9@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\3e3b0e9@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\3e3b0e9@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\3e3b0e9@kadfmmqr 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\3e3b0e9@F96ZK6nPB YmF0dXJhbWViZWwuY29t
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 515188436
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -8797297
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3C 0xE9 0xF5 0x3B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE6 0x01 0x5F 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7A 0x9F 0x6C 0x5F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3C 0xE9 0xF5 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE6 0x01 0x5F 0x93 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7A 0x9F 0x6C 0x5F ...
Reg HKLM\SYSTEM\ControlSet004\Services\3e3b0e9@ImagePath \SystemRoot\System32\drivers\3e3b0e9.sys
Reg HKLM\SYSTEM\ControlSet004\Services\3e3b0e9@Type 1
Reg HKLM\SYSTEM\ControlSet004\Services\3e3b0e9@Start 1
Reg HKLM\SYSTEM\ControlSet004\Services\3e3b0e9@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet004\Services\3e3b0e9@kadfmmqr 1
Reg HKLM\SYSTEM\ControlSet004\Services\3e3b0e9@F96ZK6nPB YmF0dXJhbWViZWwuY29t
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3C 0xE9 0xF5 0x3B ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xE6 0x01 0x5F 0x93 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x7A 0x9F 0x6C 0x5F ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Spiderman\Local Settings\Temporary Internet Files\Content.IE5\1DPZU1I1\errorPageStrings[1] 850 bytes
File C:\Documents and Settings\Spiderman\My Documents\bobos stuff\INSANE CLOWN POSSE-47 ALBUMS\Insane Clown Posse - The Wraith (Remix Albums) [2006] - Rap [www.torrentazos.com]\Insane Clown Posse - The Wraith (Remix Albums) [2006] - Rap [www.torrentazos.com]\CD1\108-IN~1.MP3 6286753 bytes
File C:\I386\ndis.sys (size mismatch) 168192/182656 bytes executable
File C:\WINDOWS\$NtServicePackUninstall$\ndis.sys (size mismatch) 182912/182656 bytes executable
File C:\WINDOWS\SYSTEM32\DLLCACHE\ndis.sys (size mismatch) 212224/182656 bytes executable
File C:\WINDOWS\SYSTEM32\DRIVERS\ndis.sys (size mismatch) 212224/182656 bytes executable

---- EOF - GMER 1.0.15 ----

**Blade81** · 2009-10-04, 10:24

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent

I'd like you to read this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

After that:

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Thread: Definitely have malware :(

Thread Tools

Display

Definitely have malware :(

Posting Permissions