View Full Version : Computer acting very strangely (Resolved)
demonic_angel
2009-04-06, 03:52
Hi. My computer has been acting weird lately. It's amazingly slow, and just yesterday, my msn has been signing me off repeatedly, and my messages do not send through. I've tried scanning my computer numerous times, but the problem still persists.
Here's my HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 5:50:48 PM, on 2009-04-05
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Raxco\PerfectDisk2008\PerfectDisk.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Scanner.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91AgentS1.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\PROGRA~1\MICROS~2\OFFICE11\POWERPNT.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\HI JACK!\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: MSIEPlugin - {4B0FAF5A-67C4-4625-AE07-B0DBADA16EBF} - C:\Documents and Settings\All Users\Application Data\uPlayMe\plugins\upm_msie_plugin.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - HKCU\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204442097479
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
Thanks!
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
demonic_angel
2009-04-10, 22:03
HI Katana, thanks for taking the time to help me out.
Here's log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by Darrell Lau at 2009-04-10 11:58:16
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (22%) free of 50 GB
Total RAM: 1023 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58:38, on 2009-04-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AIM6\aim6.exe
D:\Program Files\Xfire\Xfire.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Darrell Lau\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Darrell Lau.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: MSIEPlugin - {4B0FAF5A-67C4-4625-AE07-B0DBADA16EBF} - C:\Documents and Settings\All Users\Application Data\uPlayMe\plugins\upm_msie_plugin.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\Comodo\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\Xfire.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1204442097479
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
--
End of file - 7777 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B0FAF5A-67C4-4625-AE07-B0DBADA16EBF}]
MSIEPlugin Class - C:\Documents and Settings\All Users\Application Data\uPlayMe\plugins\upm_msie_plugin.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
Click-to-Call BHO - C:\Program Files\Windows Live\Messenger\wlchtc.dll [2009-02-06 73072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-11-21 813912]
"QuickTime Task"=D:\Program Files\QuickTime\qttask.exe -atboottime []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"COMODO Internet Security"=C:\Program Files\Comodo\COMODO Internet Security\cfp.exe -h []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"=C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe [2004-09-16 538112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security]
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe -h []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE [2003-06-03 99840]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
C:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-11-21 813912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2008-07-02 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-29 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2006-05-24 1372160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2007-02-14 171448]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uPlayMe]
C:\Documents and Settings\All Users\Application Data\uPlayMe\uPlayMeNotifier.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2009-02-10 270128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [2008-01-11 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
C:\PROGRA~1\Adobe\READER~1.0\Reader\ADOBEC~1.EXE [2007-05-11 738968]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
C:\PROGRA~1\Last.fm\LASTFM~1.EXE [2007-12-19 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NOD32 Control Center.lnk]
C:\PROGRA~1\ESET\nod32kui.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PenPower PenKeyboard.lnk]
C:\PPENSB\Win32\PenKeybd.exe [2001-08-09 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PenPower Start-Up.lnk]
C:\PPENSB\Win32\ppshell.exe [2001-10-15 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
C:\PROGRA~1\WinZip\WZQKPICK.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Darrell Lau^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2000-08-24 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Darrell Lau^Start Menu^Programs^Startup^hamachi.lnk]
C:\PROGRA~1\Hamachi\hamachi.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Darrell Lau^Start Menu^Programs^Startup^Last.fm Helper.lnk]
C:\PROGRA~1\Last.fm\LASTFM~1.EXE [2007-12-19 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ekrn"=2
"EhttpSrv"=3
"cmdAgent"=2
C:\Documents and Settings\Darrell Lau\Start Menu\Programs\Startup
Xfire.lnk - D:\Program Files\Xfire\Xfire.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-10-28 143360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoThemesTab"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktopChanges"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Xfire\Xfire.exe"="D:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4"
"C:\ijji\ENGLISH\u_gunz.exe"="C:\ijji\ENGLISH\u_gunz.exe:*:Enabled:<ijji Downloader>"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe"="C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe"="C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2"
"C:\WINDOWS\system32\p3xsvr.exe"="C:\WINDOWS\system32\p3xsvr.exe:*:Enabled:P3XferSvr test"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Electronic Arts\Red Alert 3\Data\ra3_1.4.game"="C:\Program Files\Electronic Arts\Red Alert 3\Data\ra3_1.4.game:*:Enabled:Command & Conquer™ Red Alert™ 3"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Nexon\Combat Arms\CombatArms.exe"="C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\Nexon\Combat Arms\Engine.exe"="C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97487f08-cb7f-11dc-a2e6-00018010dc06}]
shell\AutoRun\command - L:\setupSNK.exe
======List of files/folders created in the last 1 months======
2009-04-10 11:58:16 ----D---- C:\rsit
2009-04-09 20:16:34 ----D---- C:\WINDOWS\SxsCaPendDel
2009-04-08 08:10:18 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-04-08 08:10:18 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-04-08 08:10:18 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-04-08 08:10:18 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-04-08 08:10:18 ----A---- C:\WINDOWS\system32\swsc.exe
2009-04-08 08:10:18 ----A---- C:\WINDOWS\system32\swreg.exe
2009-04-08 08:10:18 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-04-08 08:10:18 ----A---- C:\WINDOWS\system32\Process.exe
2009-04-08 08:10:18 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-04-08 08:10:18 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-04-08 08:10:18 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-04-08 08:10:18 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-04-08 08:10:18 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-04-08 08:10:18 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-04-07 00:20:19 ----D---- C:\WINDOWS\temp
2009-04-07 00:20:07 ----A---- C:\ComboFix.txt
2009-04-06 20:05:15 ----D---- C:\Program Files\Viewpoint
2009-04-06 20:05:14 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2009-04-06 20:05:02 ----D---- C:\Documents and Settings\All Users\Application Data\AOL OCP
2009-04-06 20:04:43 ----D---- C:\Program Files\Common Files\AOL
2009-04-06 20:04:26 ----D---- C:\Program Files\AIM6
2009-04-06 16:13:21 ----D---- C:\Program Files\Trend Micro
2009-04-05 20:40:18 ----A---- C:\Boot.bak
2009-04-05 20:40:11 ----RASHD---- C:\cmdcons
2009-04-05 20:26:53 ----A---- C:\WINDOWS\NIRCMD.exe
2009-04-05 18:07:09 ----D---- C:\32788R22FWJFW.2.tmp
2009-04-05 17:58:53 ----D---- C:\32788R22FWJFW.1.tmp
2009-04-05 17:55:14 ----D---- C:\32788R22FWJFW.0.tmp
2009-04-05 11:57:03 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-04 23:05:29 ----D---- C:\WINDOWS\system32\Te_mp_B_S!!
2009-03-20 15:25:02 ----A---- C:\WINDOWS\system32\xfcodec.dll
======List of files/folders modified in the last 1 months======
2009-04-10 11:58:24 ----D---- C:\WINDOWS\Prefetch
2009-04-10 11:57:23 ----D---- C:\Program Files\Mozilla Firefox
2009-04-10 11:56:30 ----A---- C:\MDL 2.0 Debug.txt
2009-04-10 10:40:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-10 01:52:47 ----D---- C:\Documents and Settings\Darrell Lau\Application Data\HouseCall 6.6
2009-04-10 00:48:49 ----AD---- C:\Documents and Settings\Darrell Lau\Application Data\Xfire
2009-04-09 23:15:58 ----D---- C:\WINDOWS\Microsoft.NET
2009-04-09 23:15:57 ----RSD---- C:\WINDOWS\assembly
2009-04-09 21:42:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-09 21:42:12 ----D---- C:\WINDOWS\system32\drivers
2009-04-09 20:37:52 ----D---- C:\WINDOWS\system32
2009-04-09 20:37:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-09 20:30:24 ----SHD---- C:\WINDOWS\Installer
2009-04-09 20:30:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-09 20:30:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-09 20:30:19 ----D---- C:\Program Files\Windows Live
2009-04-09 20:29:29 ----D---- C:\WINDOWS\WinSxS
2009-04-09 20:19:24 ----RASH---- C:\boot.ini
2009-04-09 20:19:24 ----N---- C:\WINDOWS\system.ini
2009-04-09 20:19:24 ----A---- C:\WINDOWS\win.ini
2009-04-09 20:16:56 ----ASD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-09 20:16:34 ----D---- C:\WINDOWS
2009-04-09 20:15:02 ----RD---- C:\Program Files
2009-04-08 08:37:49 ----D---- C:\WINDOWS\pss
2009-04-08 08:19:32 ----A---- C:\rapport.txt
2009-04-08 08:16:46 ----A---- C:\WINDOWS\system32\tmp.txt
2009-04-08 08:16:44 ----SD---- C:\WINDOWS\Tasks
2009-04-08 07:52:03 ----D---- C:\Documents and Settings\Darrell Lau\Application Data\uTorrent
2009-04-07 22:10:45 ----D---- C:\Program Files\Messenger Plus! Live
2009-04-07 21:13:42 ----D---- C:\downloads
2009-04-07 19:25:39 ----D---- C:\WINDOWS\system32\config
2009-04-07 00:20:24 ----D---- C:\QooBox
2009-04-07 00:16:20 ----D---- C:\WINDOWS\AppPatch
2009-04-07 00:16:13 ----D---- C:\Program Files\Common Files
2009-04-07 00:00:04 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-04-06 20:19:35 ----AD---- C:\Documents and Settings\Darrell Lau\Application Data\acccore
2009-04-06 20:05:18 ----AD---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-04-06 20:05:03 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-04-06 07:47:49 ----D---- C:\Program Files\Comodo
2009-04-05 21:08:06 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2009-04-05 20:48:57 ----D---- C:\Program Files\HI JACK!
2009-04-05 19:40:49 ----ASD---- C:\Documents and Settings\Darrell Lau\Application Data\Microsoft
2009-04-05 15:42:10 ----D---- C:\Program Files\Nakido
2009-04-05 09:45:17 ----AD---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-05 09:36:29 ----D---- C:\Program Files\Internet Explorer
2009-04-04 23:03:20 ----D---- C:\Program Files\Garena
2009-04-03 23:00:38 ----D---- C:\Documents and Settings\All Users\Application Data\uPlayMe
2009-04-03 22:23:36 ----D---- C:\Documents and Settings\Darrell Lau\Application Data\FrostWire
2009-04-03 01:06:24 ----D---- C:\WINDOWS\Debug
2009-04-03 00:49:57 ----D---- C:\Program Files\CCleaner
2009-03-29 23:37:26 ----D---- C:\Incomplete
2009-03-28 09:44:45 ----A---- C:\WINDOWS\BRWMARK.INI
2009-03-28 09:44:40 ----HD---- C:\WINDOWS\inf
2009-03-27 18:10:57 ----AD---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-23 15:06:07 ----D---- C:\Program Files\MessengerDiscovery
2009-03-18 00:29:48 ----D---- C:\Program Files\FrostWire
2009-03-17 10:11:52 ----RSD---- C:\WINDOWS\Fonts
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-08-21 5632]
R1 StyleXPHelper;StyleXPHelper; \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe []
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 DefragFS;DefragFS; C:\WINDOWS\system32\drivers\DefragFS.sys [2008-08-28 71184]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-10-28 3341824]
R3 ATIAVAIW;ATI T200 Unified AVStream service; C:\WINDOWS\system32\DRIVERS\atinavt2.sys [2008-05-14 171520]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-07-24 47360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-03 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-06-02 578304]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2004-11-26 224000]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 a5dw3v85;a5dw3v85; C:\WINDOWS\system32\drivers\a5dw3v85.sys []
S3 a6uek0od;a6uek0od; C:\WINDOWS\system32\drivers\a6uek0od.sys []
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
S3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DC1300;DC 1300 WDM Video Capture; C:\WINDOWS\System32\Drivers\BSC504AV.SYS []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2002-02-25 139776]
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2008-07-24 94208]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\DARREL~1\LOCALS~1\Temp\ZOQ18.tmp []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-12-15 10976]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-12-15 22368]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-07-08 25280]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MidiSyn;MidiSyn; C:\WINDOWS\system32\drivers\MidiSyn.sys [2002-09-20 235100]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2006-12-13 20992]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-03 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 npkcrypt;npkcrypt; \??\C:\Program Files\Lineage II\system\npkcrypt.sys []
S3 rtl8029;Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8029.SYS []
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]
S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]
S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]
S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TIEHDUSB;TIEHDUSB; C:\WINDOWS\system32\drivers\tiehdusb.sys [2004-02-04 49536]
S3 USBCamera;DC 1300 Still Image Capture; C:\WINDOWS\System32\Drivers\BscBulk.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva224;XDva224; \??\C:\WINDOWS\system32\XDva224.sys []
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-03 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-10-28 585728]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-11-25 935208]
R2 PD91Agent;PD91Agent; C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-12-31 693512]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 StyleXPService;StyleXPService; C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe [2006-05-24 372736]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2008-10-15 439632]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-10-28 593920]
S2 NMSSvc;Intel(R) NMS; C:\WINDOWS\system32\NMSSvc.exe [2002-05-03 1118208]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-11-23 655624]
S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PD91Engine;PD91Engine; C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-12-31 910600]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe []
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe []
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 D428BA68;D428BA68; C:\WINDOWS\system32\8C4ED30.EXE -k []
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []
-----------------EOF-----------------
demonic_angel
2009-04-10, 22:04
Here's info.txt
info.txt logfile of random's system information tool 1.06 2009-04-10 11:58:43
======Uninstall list======
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.62-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware SE Professional-->C:\PROGRA~1\Lavasoft\AD-AWA~2\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~2\INSTALL.LOG
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Panorama Maker 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D45E8C45-B601-4A80-AFD8-E16338744DE1}\Setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x336d
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avanquest update-->C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\Setup.exe -runfromtemp -l0x0009 -removeonly
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
CNC3 Map: Scorched Earth 2 -->C:\Documents and Settings\Darrell Lau\Application Data\Command & Conquer 3 Tiberium Wars\Maps\Scorched_Earth_2\uninst.exe
CodeWarrior for Windows, Version 7.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67B975B2-483A-41BA-85F4-838A12407C47}\setup.exe"
Combined Community Codec Pack 2007-07-22-->"C:\Program Files\Combined Community Codec Pack\unins001.exe"
Command & Conquer 3-->MsiExec.exe /I{B0C30E93-D3D9-4F04-A2AC-54749B573275}
Command & Conquer™ Red Alert™ 3-->MsiExec.exe /X{296D8550-CB06-48E4-9A8B-E5034FB64715}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
ConvertXtoDVD 2.1.18.242-->"D:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
EPSON CardMonitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
EPSON PhotoStarter3.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C48817E7-AA05-4151-A99D-1E1E550CE801}\Setup.exe" -l0x9 uninst
EPSON Print CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\Setup.exe" -l0x9 -SYSTEM
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON SPR300 Reference Guide-->C:\Program Files\epson\guide\spr300_e\uninstall.exe
FLAC 1.1.4a (remove only)-->D:\Program Files\FLAC\uninstall.exe
FrostWire 4.17.2-->C:\Program Files\FrostWire\Uninstall.exe
Garena-->C:\Program Files\Garena\uninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
HouseCall 6.6-->"C:\Documents and Settings\Darrell Lau\Application Data\HouseCall 6.6\uninstaller.exe"
Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe" -INTELUNINST
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
Intel(R) PROSet II-->MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
Java DB 10.3.1.4-->MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Last.fm 1.4.2.58376-->"C:\Program Files\Last.fm\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
MessengerDiscovery 1.5-->"C:\Program Files\MessengerDiscovery\unins001.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Monkey's Audio-->"C:\Program Files\Monkey's Audio\unins000.exe"
Mozilla Firefox (3.0.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MPlugin-->"C:\Program Files\InstallShield Installation Information\{6102D63A-9387-4FC8-98E4-181121F8C0BA}\setup.exe" -runfromtemp -l0x0009 -removeonly
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Napster for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CF2606C7-63AF-40F4-8919-F2EC654ACC91}\setup.exe" -l0x9
Nero 7 Ultra Edition-->MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31033}
Nero 9 Trial-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-249K-1T0E-3A1A-C7AA-MUZ3-8EL4-2U9W"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
Oracle JInitiator 1.3.1.22-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAFECAFE-0013-0001-0122-ABCDEFABCDEF}\Setup.exe" -l0x9 -uninst
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
PenPower Handwriting 9.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0389EFF-9A3A-4723-A202-1DFBEA7D7C4E}\setup.exe" -l0x9
PerfectDisk 2008 Professional-->MsiExec.exe /I{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sony Ericsson DRM Packager 1.35-->C:\Program Files\Sony Ericsson\DRM Packager\Uninstall.exe
Sony Ericsson Media Manager 1.2-->MsiExec.exe /X{9EB1504E-FD95-4BCD-8E93-B4039F59C469}
Sony Ericsson PC Suite 4.010.00-->C:\Program Files\InstallShield Installation Information\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}\ISAdmin.exe -runfromtemp -l0x0009 -removeonly
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
StyleXP (remove only)-->"C:\Program Files\TGTSoft\StyleXP\StyleXP-uninstall.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SUPER © Version 2008.bld.24 (Jan 18, 2008)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
TI Connect 1.6-->MsiExec.exe /I{A8B94669-8654-4126-BD28-D0D2412CDED6}
Update Service-->C:\Program Files\Sony Ericsson\Update Service\uninst.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
VNC Free Edition 4.1.3-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"D:\Program Files\Xfire\uninst.exe"
=====HijackThis Backups=====
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') [2009-04-06]
O16 - DPF: {0CC52A09-A146-4AC4-85E5-B9A575CA8196} - [2009-04-06]
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') [2009-04-06]
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" [2009-04-06]
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') [2009-04-06]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank [2009-04-06]
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - [2009-04-06]
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - [2009-04-06]
O16 - DPF: {9D8CCE0F-2E2C-41EB-B37F-9852DB989CAC} - [2009-04-06]
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} - [2009-04-06]
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - [2009-04-09]
O16 - DPF: {0CC52A09-A146-4AC4-85E5-B9A575CA8196} - [2009-04-09]
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - [2009-04-09]
O16 - DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180} - [2009-04-09]
O16 - DPF: {9D8CCE0F-2E2C-41EB-B37F-9852DB989CAC} - [2009-04-09]
======Hosts File======
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
======System event log======
Computer Name: DARRELL
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 29615
Source Name: Tcpip
Time Written: 20090118092556.000000-480
Event Type: warning
User:
Computer Name: DARRELL
Event Code: 7000
Message: The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 29595
Source Name: Service Control Manager
Time Written: 20090118092446.000000-480
Event Type: error
User:
Computer Name: DARRELL
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 0013D4C1DCD8. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Record Number: 29593
Source Name: Dhcp
Time Written: 20090118092419.000000-480
Event Type: warning
User:
Computer Name: DARRELL
Event Code: 8003
Message: The master browser has received a server announcement from the computer KENNY-MOBILE
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DEA81EC5-5BEE-4.
The master browser is stopping or an election is being forced.
Record Number: 29586
Source Name: MRxSmb
Time Written: 20090117233949.000000-480
Event Type: error
User:
Computer Name: DARRELL
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Record Number: 29585
Source Name: W32Time
Time Written: 20090117224715.000000-480
Event Type: warning
User:
=====Application event log=====
Computer Name: DARRELL
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Interop.PortableDeviceApiLib, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
Record Number: 26761
Source Name: .NET Runtime Optimization Service
Time Written: 20081208180146.000000-480
Event Type:
User:
Computer Name: DARRELL
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Interfaces, Version=2.5.3027.23877, Culture=neutral, PublicKeyToken=null
Record Number: 26759
Source Name: .NET Runtime Optimization Service
Time Written: 20081208180146.000000-480
Event Type:
User:
Computer Name: DARRELL
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: GCPlayer, Version=1.0.3027.23833, Culture=neutral, PublicKeyToken=null
Record Number: 26757
Source Name: .NET Runtime Optimization Service
Time Written: 20081208180145.000000-480
Event Type:
User:
Computer Name: DARRELL
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Interop.IWshRuntimeLibrary, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
Record Number: 26755
Source Name: .NET Runtime Optimization Service
Time Written: 20081208180144.000000-480
Event Type:
User:
Computer Name: DARRELL
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: MediaManager.Utils, Version=2.5.3027.23873, Culture=neutral, PublicKeyToken=null
Record Number: 26753
Source Name: .NET Runtime Optimization Service
Time Written: 20081208180144.000000-480
Event Type:
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;D:\Program Files\QuickTime\QTSystem;C:\Program Files\Metrowerks\CodeWarrior\Bin;C:\Program Files\Metrowerks\CodeWarrior\Other Metrowerks Tools\Command Line Tools;C:\Program Files\Metrowerks\CodeWarrior\Win32-x86 Support\Libraries\Runtime\Libs\MSL_All-DLLs;D:\Program Files\Samsung\Samsung PC Studio 3;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Samsung\Samsung PC Studio 3
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CWFolder"=C:\Program Files\Metrowerks\CodeWarrior
"LM_LICENSE_FILE"=%CWFolder%\license.dat
"MWCWinx86Includes"=+%CWFolder%\MSL;+%CWFolder%\Win32-X86 Support;%CWFolder%\MSL\MSL_C\MSL_Common\Include;%CWFolder%\Win32-X86 Support\Headers\Win32 SDK;
"MWWinx86Libraries"=+%CWFolder%\MSL;+%CWFolder%\Win32-x86 Support;
"MWWinx86LibraryFiles"=MSL_C_x86.lib;MSL_Extras_x86.lib;MSL_Runtime_x86.lib;MSL_C++_x86.lib;gdi32.lib;user32.lib;kernel32.lib;
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_04\lib\ext\QTJava.zip
-----------------EOF-----------------
Thanks
REMOVE P2P PROGRAMS
IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
uTorrent
FrostWire
Please read the Guidelines for P2P Programs (http://forums.spybot.info/showpost.php?p=218503&postcount=4) where we explain why it's not a good idea to have them.
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected.
The bad guys use P2P filesharing as a major conduit to spread their wares.
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) NOW.
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
demonic_angel
2009-04-11, 03:21
Here's the Combofix log:
ComboFix 09-04-04.01 - Darrell Lau 2009-04-10 17:12:42.16 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.491 [GMT -7:00]
Running from: c:\documents and settings\Darrell Lau\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.
2009-04-10 11:58 . 2009-04-10 11:58 <DIR> d-------- C:\rsit
2009-04-09 20:30 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-04-09 20:16 . 2009-04-09 20:20 <DIR> d-------- c:\windows\SxsCaPendDel
2009-04-06 20:05 . 2009-04-06 20:05 <DIR> d-------- c:\program files\Viewpoint
2009-04-06 20:05 . 2009-04-06 20:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP
2009-04-06 20:05 . 2009-04-06 20:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2009-04-06 20:04 . 2009-04-06 20:04 <DIR> d-------- c:\program files\Common Files\AOL
2009-04-06 20:04 . 2009-04-06 20:05 <DIR> d-------- c:\program files\AIM6
2009-04-06 20:04 . 2009-04-09 07:59 1,115 --ah----- C:\IPH.PH
2009-04-06 16:13 . 2009-04-06 16:13 <DIR> d-------- c:\program files\Trend Micro
2009-04-05 18:07 . 2009-04-05 19:41 <DIR> d-------- C:\32788R22FWJFW.2.tmp
2009-04-05 17:58 . 2009-04-05 19:19 <DIR> d-------- C:\32788R22FWJFW.1.tmp
2009-04-05 17:55 . 2009-04-05 19:18 <DIR> d-------- C:\32788R22FWJFW.0.tmp
2009-04-05 09:28 . 2007-08-01 23:47 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-04-04 23:05 . 2009-04-04 23:19 <DIR> d-------- c:\windows\system32\Te_mp_B_S!!
2009-03-20 15:25 . 2009-03-20 15:25 41,808 --a------ c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 08:52 --------- d-----w c:\documents and settings\Darrell Lau\Application Data\HouseCall 6.6
2009-04-10 07:48 --------- d---a-w c:\documents and settings\Darrell Lau\Application Data\Xfire
2009-04-10 04:42 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-10 03:30 --------- d-----w c:\program files\Windows Live
2009-04-08 14:52 --------- d-----w c:\documents and settings\Darrell Lau\Application Data\uTorrent
2009-04-08 05:10 --------- d-----w c:\program files\Messenger Plus! Live
2009-04-07 07:00 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-07 03:19 --------- d---a-w c:\documents and settings\Darrell Lau\Application Data\acccore
2009-04-07 03:05 --------- d---a-w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-06 22:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 22:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-06 14:47 --------- d-----w c:\program files\Comodo
2009-04-06 04:08 --------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2009-04-06 03:48 --------- d-----w c:\program files\HI JACK!
2009-04-05 22:42 --------- d-----w c:\program files\Nakido
2009-04-05 16:45 --------- d---a-w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-05 06:03 --------- d-----w c:\program files\Garena
2009-04-04 06:00 --------- d-----w c:\documents and settings\All Users\Application Data\uPlayMe
2009-04-04 05:23 --------- d-----w c:\documents and settings\Darrell Lau\Application Data\FrostWire
2009-04-03 07:49 --------- d-----w c:\program files\CCleaner
2009-04-01 04:12 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-03-23 22:06 --------- d-----w c:\program files\MessengerDiscovery
2009-03-18 07:29 --------- d-----w c:\program files\FrostWire
2009-03-02 05:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-17 04:45 --------- d-----w c:\program files\Avanquest update
2009-02-17 04:45 --------- d-----w c:\documents and settings\Darrell Lau\Application Data\InstallShield
2009-02-07 01:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2008-09-15 06:04 94,208 ----a-w c:\documents and settings\Darrell Lau\Application Data\ezplay.sys
2008-09-07 02:50 22,328 ----a-w c:\documents and settings\Darrell Lau\Application Data\PnkBstrK.sys
2008-07-25 01:54 47,360 ----a-w c:\documents and settings\Darrell Lau\Application Data\pcouffin.sys
2007-07-25 05:23 45,008 ----a-w c:\documents and settings\Darrell Lau\Application Data\GDIPFONTCACHEV1.DAT
2006-11-05 21:52 92,064 ----a-w c:\documents and settings\Darrell Lau\mqdmmdm.sys
2006-11-05 21:52 9,232 ----a-w c:\documents and settings\Darrell Lau\mqdmmdfl.sys
2006-11-05 21:52 79,328 ----a-w c:\documents and settings\Darrell Lau\mqdmserd.sys
2006-11-05 21:52 66,656 ----a-w c:\documents and settings\Darrell Lau\mqdmbus.sys
2006-11-05 21:52 6,208 ----a-w c:\documents and settings\Darrell Lau\mqdmcmnt.sys
2006-11-05 21:52 5,936 ----a-w c:\documents and settings\Darrell Lau\mqdmwhnt.sys
2006-11-05 21:52 4,048 ----a-w c:\documents and settings\Darrell Lau\mqdmcr.sys
2006-11-05 21:52 25,600 ----a-w c:\documents and settings\Darrell Lau\usbsermptxp.sys
2006-11-05 21:52 22,768 ----a-w c:\documents and settings\Darrell Lau\usbsermpt.sys
2006-05-03 10:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 --sha-r c:\windows\system32\msfDX.dll
2007-12-17 13:43 27,648 --sha-w c:\windows\system32\Smab0.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-04-05_20.33.10.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-10 06:14:59 163,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\52c667b908ec9743a89d84c1488cd687\WindowsLive.Client.ni.dll
+ 2009-04-10 06:14:40 114,688 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0beb591084aed64186c769eb0f37885e\WindowsLive.Writer.Api.ni.dll
+ 2009-04-10 06:14:37 143,360 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\141308b20a693541b3c740ea896e3997\WindowsLive.Writer.Extensibility.ni.dll
+ 2009-04-10 06:13:41 335,872 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1f175e9917122e43aaf76ead884d69b2\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2009-04-10 06:14:12 286,720 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\33d484d6418469459964ff4cd0552085\WindowsLive.Writer.Mshtml.ni.dll
+ 2009-04-10 06:13:50 176,128 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\36334043ce7cb541960b62b1f38e7be7\WindowsLive.Writer.HtmlParser.ni.dll
+ 2009-04-10 06:12:41 2,093,056 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3be539373c41cf4983b67dcd2cbdfdc8\WindowsLive.Writer.CoreServices.ni.dll
+ 2009-04-10 06:14:34 1,163,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4911e1294c1f924088a98141d660cf89\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2009-04-10 06:15:32 643,072 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\551fb5eef066fa418e0a5fae833385ca\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2009-04-10 06:14:01 135,168 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5901ce1cb57a6b4182a3a4dbeb536653\WindowsLive.Writer.Passport.ni.dll
+ 2009-04-10 06:11:56 6,516,736 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5d8b8c1cd230e4408469063058517e67\WindowsLive.Writer.PostEditor.ni.dll
+ 2009-04-10 06:15:39 376,832 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\72a539cd4d018b43a74d10f1633f8c17\WindowsLive.Writer.SpellChecker.ni.dll
+ 2009-04-10 06:12:52 335,872 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\82ba935029d0cc4ab98db1d3d5736456\WindowsLive.Writer.Interop.ni.dll
+ 2009-04-10 06:14:56 929,792 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\936a86f48639e04ebdf8ed6ac2c26887\WindowsLive.Writer.BlogClient.ni.dll
+ 2009-04-10 06:12:08 876,544 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\967a6d85c658974d8c43ac66fa504685\WindowsLive.Writer.Controls.ni.dll
+ 2009-04-10 06:13:55 475,136 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\9d3aa2418b4ef2489d4f03ab9d1363c3\WindowsLive.Writer.Localization.ni.dll
+ 2009-04-10 06:13:06 352,256 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b935f34c9d6dc6498a8f94417d3a8393\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2009-04-10 06:15:43 139,264 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\caa9e09f2cac904281be353c1fb947b1\WindowsLive.Writer.FileDestinations.ni.dll
+ 2009-04-10 06:15:47 163,840 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e56bda27e747004ab4fbc5c0f4d09dc8\WindowsLive.Writer.Instrumentation.ni.dll
+ 2009-04-10 06:12:57 204,800 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fb3959e81fe149458616a903808bd1f6\WindowsLive.Writer.BrowserControl.ni.dll
+ 2009-04-10 06:15:56 638,976 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\87777d8117b6f148b0b7b2b1f4ca89fb\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2009-04-10 06:09:17 49,152 ----a-w c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\0d47faddd26182499935ec391338240c\WindowsLiveWriter.ni.exe
+ 2007-01-24 01:41:42 841,304 ----a-w c:\windows\Downloaded Program Files\ampAx3.0.84.2.dll
+ 2009-04-07 03:05:03 38,428 ----a-w c:\windows\Downloaded Program Files\unagiuninst.exe
- 2009-02-19 15:47:30 80,395 ----a-r c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe
+ 2009-04-10 03:29:36 80,395 ----a-r c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe
- 2009-02-19 15:48:04 58,945 ----a-r c:\windows\Installer\{63C1109E-D977-49ED-BCE3-D00D0BF187D6}\wlmail.exe
+ 2009-04-10 03:29:56 58,945 ----a-r c:\windows\Installer\{63C1109E-D977-49ED-BCE3-D00D0BF187D6}\wlmail.exe
- 2009-02-19 15:43:48 62,304 ----a-r c:\windows\Installer\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}\IconWlc.exe
+ 2009-04-10 03:29:09 62,304 ----a-r c:\windows\Installer\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}\IconWlc.exe
- 2008-12-09 01:01:56 55,136 -c--a-w c:\windows\system32\DRVSTORE\fssfltr_A1BAE7BA557F7F8ABCBF040E8C71D6B14223DCB0\fssfltr_tdi.sys
+ 2009-02-07 01:08:42 55,152 -c--a-w c:\windows\system32\DRVSTORE\fssfltr_A1BAE7BA557F7F8ABCBF040E8C71D6B14223DCB0\fssfltr_tdi.sys
- 2009-03-09 22:46:19 62,750 ----a-w c:\windows\system32\perfc009.dat
+ 2009-04-10 03:37:52 62,750 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-09 22:46:19 401,264 ----a-w c:\windows\system32\perfh009.dat
+ 2009-04-10 03:37:52 401,264 ----a-w c:\windows\system32\perfh009.dat
+ 2006-01-09 17:36:06 40,960 ----a-w c:\windows\system32\swsc.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B0FAF5A-67C4-4625-AE07-B0DBADA16EBF}]
c:\documents and settings\All Users\Application Data\uPlayMe\plugins\upm_msie_plugin.dll [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"="c:\program files\TheWeatherNetwork\WeatherEye\WeatherEye" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [BU]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [BU]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"COMODO Internet Security"="c:\program files\Comodo\COMODO Internet Security\cfp.exe" [BU]
c:\documents and settings\Darrell Lau\Start Menu\Programs\Startup\
Xfire.lnk - d:\program files\Xfire\Xfire.exe [2009-03-20 3025232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"MSACM.MSNAUDIO"= msnaudio.acm
"VIDC.SP54"= SP5X_32.DLL
"vidc.CDVC"= cdvccodc.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NOD32 Control Center.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NOD32 Control Center.lnk
backup=c:\windows\pss\NOD32 Control Center.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PenPower PenKeyboard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PenPower PenKeyboard.lnk
backup=c:\windows\pss\PenPower PenKeyboard.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PenPower Start-Up.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PenPower Start-Up.lnk
backup=c:\windows\pss\PenPower Start-Up.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Darrell Lau^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Darrell Lau\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Darrell Lau^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\documents and settings\Darrell Lau\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Darrell Lau^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\Darrell Lau\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
--a------ 2004-09-16 16:15 538112 c:\program files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
--a------ 2003-06-03 12:00 99840 c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
--a------ 2006-11-21 18:08 813912 c:\program files\Microsoft IntelliType Pro\itype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
c:\program files\MSN Messenger\msnmsgr.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
c:\program files\Skype\Phone\Skype.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--------- 2008-07-02 17:16 393216 c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-03-05 16:07 2260480 c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-29 17:11 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2006-05-24 11:31 1372160 c:\program files\TGTSoft\StyleXP\StyleXP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-02-14 18:08 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uPlayMe]
c:\documents and settings\All Users\Application Data\uPlayMe\uPlayMeNotifier.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
--a------ 2009-02-10 08:37 270128 c:\program files\uTorrent\uTorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"cmdAgent"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\WINDOWS\\system32\\p3xsvr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.4.game"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19103:TCP"= 19103:TCP:BitComet 19103 TCP
"19103:UDP"= 19103:UDP:BitComet 19103 UDP
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-04-09 55152]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-12-31 693512]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-04-06 24652]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2008-10-15 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2008-10-15 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2008-10-15 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2008-10-15 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2008-10-15 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2008-10-15 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2008-10-15 115752]
S3 DC1300;DC 1300 WDM Video Capture;c:\windows\system32\Drivers\BSC504AV.SYS --> c:\windows\system32\Drivers\BSC504AV.SYS [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\DARREL~1\LOCALS~1\Temp\ZOQ18.tmp --> c:\docume~1\DARREL~1\LOCALS~1\Temp\ZOQ18.tmp [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-10-16 10976]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-12-31 910600]
S3 USBCamera;DC 1300 Still Image Capture;c:\windows\system32\Drivers\BscBulk.sys --> c:\windows\system32\Drivers\BscBulk.sys [?]
S3 XDva224;XDva224;\??\c:\windows\system32\XDva224.sys --> c:\windows\system32\XDva224.sys [?]
S4 D428BA68;D428BA68;c:\windows\system32\8C4ED30.EXE -k --> c:\windows\system32\8C4ED30.EXE -k [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97487f08-cb7f-11dc-a2e6-00018010dc06}]
\Shell\AutoRun\command - L:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
2006-12-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-21 18:08]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-COMODO Internet Security - c:\program files\Comodo\COMODO Internet Security\cfp.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Darrell Lau\Application Data\Mozilla\Firefox\Profiles\4gt6ztce.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - jdmrides.ca
FF - component: c:\program files\Mozilla Firefox\extensions\upm1@uplayme.com\platform\WINNT\components\firefox_play_capture.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Darrell Lau\Application Data\Mozilla\Firefox\Profiles\4gt6ztce.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13122.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 17:15:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\DARREL~1\LOCALS~1\Temp\ZOQ18.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1715567821-1383384898-1957994488-1010\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1715567821-1383384898-1957994488-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BCC21211-533D-F660-06FF-12C4F84F2776}*]
"dbemkcogpjelleolamkojpffggfmeebggdlhcjde"=hex:6b,61,63,61,61,6e,68,64,68,6f,
70,6d,65,6b,70,6f,64,65,67,6a,68,65,00,7c
[HKEY_USERS\S-1-5-21-1715567821-1383384898-1957994488-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E057DBD3-B71C-C34E-39DB-CF68A4BB6D0E}*]
"bboepijaijjefmobihckpoeaamdnjknbfeje"=hex:66,61,65,6b,6c,64,65,62,6d,6b,63,61,
00,0a
[HKEY_USERS\S-1-5-21-1715567821-1383384898-1957994488-1010\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9d,eb,22,54,64,d0,21,89,9f,29,c7,13,b6,67,c8,22,08,2e,2c,d1,b8,ce,96,
fc,ae,62,d2,bf,ff,7b,b0,3d,ea,2c,b1,b5,db,68,9a,b6,27,de,12,40,ed,a4,c4,db,\
"??"=hex:cc,96,09,aa,89,94,ad,23,32,9f,b9,bc,70,0d,36,2b
[HKEY_USERS\S-1-5-21-1715567821-1383384898-1957994488-1010\Software\SecuROM\License information*]
"datasecu"=hex:54,d2,4a,82,6d,a1,69,32,a2,1a,5b,55,ca,39,5f,dd,5a,bb,09,ed,ee,
8e,b3,63,08,7b,4a,93,fe,4a,fe,b1,fe,31,76,26,39,10,5b,ea,3a,be,d6,8a,7d,e2,\
"rkeysecu"=hex:7e,8c,f2,c5,2b,89,2c,be,83,f3,d9,36,e3,c2,e0,05
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-04-10 17:18:43
ComboFix-quarantined-files.txt 2009-04-11 00:18:16
ComboFix2.txt 2009-04-07 07:20:07
ComboFix3.txt 2009-04-06 23:30:45
ComboFix4.txt 2009-04-06 22:55:39
ComboFix5.txt 2009-04-11 00:11:59
Pre-Run: 11,228,266,496 bytes free
Post-Run: 11,210,276,864 bytes free
Current=4 Default=4 Failed=1 LastKnownGood=5 Sets=,1,2,3,4,5
347 --- E O F --- 2008-05-19 20:32:22
Thanks
Custom CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
FixCSet::
Folder::
c:\documents and settings\Darrell Lau\Application Data\uTorrent
c:\documents and settings\Darrell Lau\Application Data\FrostWire
c:\Program Files\FrostWire
c:\program files\uTorrent
Driver::
XDva224
D428BA68
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4B0FAF5A-67C4-4625-AE07-B0DBADA16EBF}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherEye"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
[-HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NOD32 Control Center.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
"c:\\Program Files\\FrostWire\\FrostWire.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19103:TCP"=-
"19103:UDP"=-
ADS::
Save this as CFScript.txt and place it on your desktop.
http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Combofix log
Kaspersky Log
How are things running now ?
demonic_angel
2009-04-11, 09:16
Combo fix log:
ComboFix 09-04-04.01 - Darrell Lau 2009-04-10 18:16:07.17 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.402 [GMT -7:00]
Running from: c:\documents and settings\Darrell Lau\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Darrell Lau\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Darrell Lau\Application Data\FrostWire
c:\documents and settings\Darrell Lau\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
c:\documents and settings\Darrell Lau\Application Data\FrostWire\checkandupdate.txt
c:\documents and settings\Darrell Lau\Application Data\FrostWire\createtimes.cache
c:\documents and settings\Darrell Lau\Application Data\FrostWire\data.ser
c:\documents and settings\Darrell Lau\Application Data\FrostWire\downloads.dat
c:\documents and settings\Darrell Lau\Application Data\FrostWire\fileurns.bak
c:\documents and settings\Darrell Lau\Application Data\FrostWire\fileurns.cache
c:\documents and settings\Darrell Lau\Application Data\FrostWire\filters.props
c:\documents and settings\Darrell Lau\Application Data\FrostWire\frostwire.props
c:\documents and settings\Darrell Lau\Application Data\FrostWire\gnutella.net
c:\documents and settings\Darrell Lau\Application Data\FrostWire\installation.props
c:\documents and settings\Darrell Lau\Application Data\FrostWire\intent.props
c:\documents and settings\Darrell Lau\Application Data\FrostWire\library.dat
c:\documents and settings\Darrell Lau\Application Data\FrostWire\mojito.props
c:\documents and settings\Darrell Lau\Application Data\FrostWire\pub1.key
c:\documents and settings\Darrell Lau\Application Data\FrostWire\public.key
c:\documents and settings\Darrell Lau\Application Data\FrostWire\questions.props
c:\documents and settings\Darrell Lau\Application Data\FrostWire\responses.cache
c:\documents and settings\Darrell Lau\Application Data\FrostWire\secureMessage.key
c:\documents and settings\Darrell Lau\Application Data\FrostWire\simpp.xml
c:\documents and settings\Darrell Lau\Application Data\FrostWire\spam.dat
c:\documents and settings\Darrell Lau\Application Data\FrostWire\tables.props
c:\documents and settings\Darrell Lau\Application Data\FrostWire\themes\frostwire_theme.skin
c:\documents and settings\Darrell Lau\Application Data\FrostWire\themes\frostwire_theme\kill.png
c:\documents and settings\Darrell Lau\Application Data\FrostWire\themes\frostwire_theme\kill_on.png
c:\documents and settings\Darrell Lau\Application Data\FrostWire\themes\frostwire_theme\theme.txt
c:\documents and settings\Darrell Lau\Application Data\FrostWire\themes\frostwirePro_theme.fwtp
c:\documents and settings\Darrell Lau\Application Data\FrostWire\themes\frostwirePro_theme\theme.txt
c:\documents and settings\Darrell Lau\Application Data\FrostWire\themes\frostwirePro_theme\version.txt
c:\documents and settings\Darrell Lau\Application Data\FrostWire\ttree.cache
c:\documents and settings\Darrell Lau\Application Data\FrostWire\ttrees.cache
c:\documents and settings\Darrell Lau\Application Data\FrostWire\ttroot.cache
c:\documents and settings\Darrell Lau\Application Data\FrostWire\version.key
c:\documents and settings\Darrell Lau\Application Data\FrostWire\version.xml
c:\documents and settings\Darrell Lau\Application Data\FrostWire\xml\data\audio.sxml2
c:\documents and settings\Darrell Lau\Application Data\FrostWire\xml\data\delete_me
c:\documents and settings\Darrell Lau\Application Data\FrostWire\xml\data\video.sxml2
c:\documents and settings\Darrell Lau\Application Data\FrostWire\xml\misc\application.gif
c:\documents and settings\Darrell Lau\Application Data\FrostWire\xml\misc\audio.gif
c:\documents and settings\Darrell Lau\Application Data\FrostWire\xml\misc\document.gif
c:\documents and settings\Darrell Lau\Application Data\FrostWire\xml\misc\image.gif
c:\documents and settings\Darrell Lau\Application Data\FrostWire\xml\misc\video.gif
c:\documents and settings\Darrell Lau\Application Data\FrostWire\xml\schemas\application.xsd
c:\documents and settings\Darrell Lau\Application Data\FrostWire\xml\schemas\audio.xsd
c:\documents and settings\Darrell Lau\Application Data\FrostWire\xml\schemas\document.xsd
c:\documents and settings\Darrell Lau\Application Data\FrostWire\xml\schemas\image.xsd
c:\documents and settings\Darrell Lau\Application Data\FrostWire\xml\schemas\video.xsd
c:\documents and settings\Darrell Lau\Application Data\uTorrent
c:\documents and settings\Darrell Lau\Application Data\uTorrent\(Angela Aki).torrent
c:\documents and settings\Darrell Lau\Application Data\uTorrent\[2009] ANSWER.torrent
c:\documents and settings\Darrell Lau\Application Data\uTorrent\dht.dat
c:\documents and settings\Darrell Lau\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Darrell Lau\Application Data\uTorrent\Far_Cry_2-Razor1911.torrent
c:\documents and settings\Darrell Lau\Application Data\uTorrent\Finger Eleven - Paralyzer.mp3.torrent
c:\documents and settings\Darrell Lau\Application Data\uTorrent\Gears_Of_War_Proper-Razor1911.torrent
c:\documents and settings\Darrell Lau\Application Data\uTorrent\KELLY CLARKSON - 3 ALBUMS [CHANNEL NEO].torrent
c:\documents and settings\Darrell Lau\Application Data\uTorrent\Kelly.Clarkson.-.All.I.Ever.Wanted.(2009).Pop.LanzamientosMp3.es.torrent
c:\documents and settings\Darrell Lau\Application Data\uTorrent\Perfect Worls Open Beta Client.torrent
c:\documents and settings\Darrell Lau\Application Data\uTorrent\resume.dat
c:\documents and settings\Darrell Lau\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Darrell Lau\Application Data\uTorrent\rss.dat
c:\documents and settings\Darrell Lau\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Darrell Lau\Application Data\uTorrent\settings.dat
c:\documents and settings\Darrell Lau\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Darrell Lau\Application Data\uTorrent\utorrent.lng
c:\program files\FrostWire
c:\program files\FrostWire\aopalliance.jar
c:\program files\FrostWire\clink.jar
c:\program files\FrostWire\commons-codec-1.3.jar
c:\program files\FrostWire\commons-logging.jar
c:\program files\FrostWire\daap.jar
c:\program files\FrostWire\EULA.txt
c:\program files\FrostWire\forms.jar
c:\program files\FrostWire\foxtrot.jar
c:\program files\FrostWire\FrostWire.exe
c:\program files\FrostWire\FrostWire.ico
c:\program files\FrostWire\FrostWire.jar
c:\program files\FrostWire\gettext-commons.jar
c:\program files\FrostWire\GPL2.txt
c:\program files\FrostWire\guice-1.0.jar
c:\program files\FrostWire\hashes
c:\program files\FrostWire\httpclient-4.0-alpha3.jar
c:\program files\FrostWire\httpcore-4.0-beta2.jar
c:\program files\FrostWire\httpcore-nio-4.0-beta2.jar
c:\program files\FrostWire\httpcore-niossl-4.0-alpha7.jar
c:\program files\FrostWire\icu4j.jar
c:\program files\FrostWire\inspection.props
c:\program files\FrostWire\jaudiotagger.jar
c:\program files\FrostWire\jcraft.jar
c:\program files\FrostWire\jdic.dll
c:\program files\FrostWire\jdic.jar
c:\program files\FrostWire\jdic_stub.jar
c:\program files\FrostWire\jflac.jar
c:\program files\FrostWire\jl.jar
c:\program files\FrostWire\jmdns.jar
c:\program files\FrostWire\jogg.jar
c:\program files\FrostWire\jorbis.jar
c:\program files\FrostWire\jython.jar
c:\program files\FrostWire\launch.properties
c:\program files\FrostWire\log.txt
c:\program files\FrostWire\log4j.jar
c:\program files\FrostWire\log4j.properties
c:\program files\FrostWire\looks.jar
c:\program files\FrostWire\lw-all.jar
c:\program files\FrostWire\messages.jar
c:\program files\FrostWire\mp3spi.jar
c:\program files\FrostWire\onion-common.jar
c:\program files\FrostWire\onion-fec.jar
c:\program files\FrostWire\pmf.ico
c:\program files\FrostWire\ProgressTabs.jar
c:\program files\FrostWire\seenMessages.dat
c:\program files\FrostWire\Shortcut to FrostWire.lnk
c:\program files\FrostWire\SystemUtilities.dll
c:\program files\FrostWire\SystemUtilitiesA.dll
c:\program files\FrostWire\themes.jar
c:\program files\FrostWire\tray.dll
c:\program files\FrostWire\tritonus.jar
c:\program files\FrostWire\Uninstall.exe
c:\program files\FrostWire\vorbisspi.jar
c:\program files\uTorrent
c:\program files\uTorrent\uTorrent.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_D428BA68
-------\Legacy_XDVA224
-------\Service_D428BA68
-------\Service_XDva224
((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 )))))))))))))))))))))))))))))))
.
2009-04-10 11:58 . 2009-04-10 11:58 <DIR> d-------- C:\rsit
2009-04-09 20:30 . 2009-02-06 18:08 55,152 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2009-04-09 20:16 . 2009-04-09 20:20 <DIR> d-------- c:\windows\SxsCaPendDel
2009-04-06 20:05 . 2009-04-06 20:05 <DIR> d-------- c:\program files\Viewpoint
2009-04-06 20:05 . 2009-04-06 20:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\AOL OCP
2009-04-06 20:05 . 2009-04-06 20:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2009-04-06 20:04 . 2009-04-06 20:04 <DIR> d-------- c:\program files\Common Files\AOL
2009-04-06 20:04 . 2009-04-06 20:05 <DIR> d-------- c:\program files\AIM6
2009-04-06 20:04 . 2009-04-09 07:59 1,115 --ah----- C:\IPH.PH
2009-04-06 16:13 . 2009-04-06 16:13 <DIR> d-------- c:\program files\Trend Micro
2009-04-05 18:07 . 2009-04-05 19:41 <DIR> d-------- C:\32788R22FWJFW.2.tmp
2009-04-05 17:58 . 2009-04-05 19:19 <DIR> d-------- C:\32788R22FWJFW.1.tmp
2009-04-05 17:55 . 2009-04-05 19:18 <DIR> d-------- C:\32788R22FWJFW.0.tmp
2009-04-05 09:28 . 2007-08-01 23:47 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-04-04 23:05 . 2009-04-04 23:19 <DIR> d-------- c:\windows\system32\Te_mp_B_S!!
2009-03-20 15:25 . 2009-03-20 15:25 41,808 --a------ c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 08:52 --------- d-----w c:\documents and settings\Darrell Lau\Application Data\HouseCall 6.6
2009-04-10 07:48 --------- d---a-w c:\documents and settings\Darrell Lau\Application Data\Xfire
2009-04-10 04:42 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-10 03:30 --------- d-----w c:\program files\Windows Live
2009-04-08 05:10 --------- d-----w c:\program files\Messenger Plus! Live
2009-04-07 07:00 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-07 03:19 --------- d---a-w c:\documents and settings\Darrell Lau\Application Data\acccore
2009-04-07 03:05 --------- d---a-w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-06 22:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 22:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-06 14:47 --------- d-----w c:\program files\Comodo
2009-04-06 04:08 --------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2009-04-06 03:48 --------- d-----w c:\program files\HI JACK!
2009-04-05 22:42 --------- d-----w c:\program files\Nakido
2009-04-05 16:45 --------- d---a-w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-05 06:03 --------- d-----w c:\program files\Garena
2009-04-04 06:00 --------- d-----w c:\documents and settings\All Users\Application Data\uPlayMe
2009-04-03 07:49 --------- d-----w c:\program files\CCleaner
2009-04-01 04:12 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-03-23 22:06 --------- d-----w c:\program files\MessengerDiscovery
2009-03-02 05:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-17 04:45 --------- d-----w c:\program files\Avanquest update
2009-02-17 04:45 --------- d-----w c:\documents and settings\Darrell Lau\Application Data\InstallShield
2008-09-15 06:04 94,208 ----a-w c:\documents and settings\Darrell Lau\Application Data\ezplay.sys
2008-09-07 02:50 22,328 ----a-w c:\documents and settings\Darrell Lau\Application Data\PnkBstrK.sys
2008-07-25 01:54 47,360 ----a-w c:\documents and settings\Darrell Lau\Application Data\pcouffin.sys
2007-07-25 05:23 45,008 ----a-w c:\documents and settings\Darrell Lau\Application Data\GDIPFONTCACHEV1.DAT
2006-11-05 21:52 92,064 ----a-w c:\documents and settings\Darrell Lau\mqdmmdm.sys
2006-11-05 21:52 9,232 ----a-w c:\documents and settings\Darrell Lau\mqdmmdfl.sys
2006-11-05 21:52 79,328 ----a-w c:\documents and settings\Darrell Lau\mqdmserd.sys
2006-11-05 21:52 66,656 ----a-w c:\documents and settings\Darrell Lau\mqdmbus.sys
2006-11-05 21:52 6,208 ----a-w c:\documents and settings\Darrell Lau\mqdmcmnt.sys
2006-11-05 21:52 5,936 ----a-w c:\documents and settings\Darrell Lau\mqdmwhnt.sys
2006-11-05 21:52 4,048 ----a-w c:\documents and settings\Darrell Lau\mqdmcr.sys
2006-11-05 21:52 25,600 ----a-w c:\documents and settings\Darrell Lau\usbsermptxp.sys
2006-11-05 21:52 22,768 ----a-w c:\documents and settings\Darrell Lau\usbsermpt.sys
2006-05-03 10:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 --sha-r c:\windows\system32\msfDX.dll
2007-12-17 13:43 27,648 --sha-w c:\windows\system32\Smab0.dll
.
((((((((((((((((((((((((((((( SnapShot_2009-04-10_17.16.17.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 15:00:00 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
+ 2005-10-21 03:02:28 163,328 ----a-w c:\windows\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [BU]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 813912]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [BU]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"COMODO Internet Security"="c:\program files\Comodo\COMODO Internet Security\cfp.exe" [BU]
c:\documents and settings\Darrell Lau\Start Menu\Programs\Startup\
Xfire.lnk - d:\program files\Xfire\Xfire.exe [2009-03-20 3025232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"MSACM.MSNAUDIO"= msnaudio.acm
"VIDC.SP54"= SP5X_32.DLL
"vidc.CDVC"= cdvccodc.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PenPower PenKeyboard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PenPower PenKeyboard.lnk
backup=c:\windows\pss\PenPower PenKeyboard.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PenPower Start-Up.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PenPower Start-Up.lnk
backup=c:\windows\pss\PenPower Start-Up.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Darrell Lau^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Darrell Lau\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Darrell Lau^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\documents and settings\Darrell Lau\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Darrell Lau^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\Darrell Lau\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AWMON]
--a------ 2004-09-16 16:15 538112 c:\program files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
--a------ 2003-06-03 12:00 99840 c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
--a------ 2006-11-21 18:08 813912 c:\program files\Microsoft IntelliType Pro\itype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--------- 2008-07-02 17:16 393216 c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-03-05 16:07 2260480 c:\program files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-08-29 17:11 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2006-05-24 11:31 1372160 c:\program files\TGTSoft\StyleXP\StyleXP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-02-14 18:08 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uPlayMe]
c:\documents and settings\All Users\Application Data\uPlayMe\uPlayMeNotifier.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"cmdAgent"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\WINDOWS\\system32\\p3xsvr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.4.game"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-04-09 55152]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-12-31 693512]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2009-04-06 24652]
S3 DC1300;DC 1300 WDM Video Capture;c:\windows\system32\Drivers\BSC504AV.SYS --> c:\windows\system32\Drivers\BSC504AV.SYS [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\DARREL~1\LOCALS~1\Temp\ZOQ18.tmp --> c:\docume~1\DARREL~1\LOCALS~1\Temp\ZOQ18.tmp [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-10-16 10976]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-12-31 910600]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2008-10-15 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2008-10-15 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2008-10-15 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2008-10-15 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2008-10-15 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2008-10-15 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2008-10-15 115752]
S3 USBCamera;DC 1300 Still Image Capture;c:\windows\system32\Drivers\BscBulk.sys --> c:\windows\system32\Drivers\BscBulk.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - NMSCFG
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97487f08-cb7f-11dc-a2e6-00018010dc06}]
\Shell\AutoRun\command - L:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
2006-12-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-21 18:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {0CC52A09-A146-4AC4-85E5-B9A575CA8196}
DPF: {9D8CCE0F-2E2C-41EB-B37F-9852DB989CAC}
DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180}
FF - ProfilePath - c:\documents and settings\Darrell Lau\Application Data\Mozilla\Firefox\Profiles\4gt6ztce.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - jdmrides.ca
FF - component: c:\program files\Mozilla Firefox\extensions\upm1@uplayme.com\platform\WINNT\components\firefox_play_capture.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Darrell Lau\Application Data\Mozilla\Firefox\Profiles\4gt6ztce.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13122.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-10 18:21:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\DARREL~1\LOCALS~1\Temp\ZOQ18.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1715567821-1383384898-1957994488-1010\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1715567821-1383384898-1957994488-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BCC21211-533D-F660-06FF-12C4F84F2776}*]
"dbemkcogpjelleolamkojpffggfmeebggdlhcjde"=hex:6b,61,63,61,61,6e,68,64,68,6f,
70,6d,65,6b,70,6f,64,65,67,6a,68,65,00,7c
[HKEY_USERS\S-1-5-21-1715567821-1383384898-1957994488-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E057DBD3-B71C-C34E-39DB-CF68A4BB6D0E}*]
"bboepijaijjefmobihckpoeaamdnjknbfeje"=hex:66,61,65,6b,6c,64,65,62,6d,6b,63,61,
00,0a
[HKEY_USERS\S-1-5-21-1715567821-1383384898-1957994488-1010\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9d,eb,22,54,64,d0,21,89,9f,29,c7,13,b6,67,c8,22,08,2e,2c,d1,b8,ce,96,
fc,ae,62,d2,bf,ff,7b,b0,3d,ea,2c,b1,b5,db,68,9a,b6,27,de,12,40,ed,a4,c4,db,\
"??"=hex:cc,96,09,aa,89,94,ad,23,32,9f,b9,bc,70,0d,36,2b
[HKEY_USERS\S-1-5-21-1715567821-1383384898-1957994488-1010\Software\SecuROM\License information*]
"datasecu"=hex:54,d2,4a,82,6d,a1,69,32,a2,1a,5b,55,ca,39,5f,dd,5a,bb,09,ed,ee,
8e,b3,63,08,7b,4a,93,fe,4a,fe,b1,fe,31,76,26,39,10,5b,ea,3a,be,d6,8a,7d,e2,\
"rkeysecu"=hex:7e,8c,f2,c5,2b,89,2c,be,83,f3,d9,36,e3,c2,e0,05
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\TGTSoft\StyleXP\StyleXPService.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\NMSSvc.Exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\windows\system32\wscntfy.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\MessengerDiscovery\MessengerDiscovery Live.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2009-04-10 18:28:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-11 01:28:07
ComboFix2.txt 2009-04-11 00:18:46
ComboFix3.txt 2009-04-07 07:20:07
ComboFix4.txt 2009-04-06 23:30:45
ComboFix5.txt 2009-04-11 01:15:03
Pre-Run: 11,189,489,664 bytes free
Post-Run: 11,171,643,392 bytes free
425 --- E O F --- 2008-05-19 20:32:22
demonic_angel
2009-04-11, 09:17
kaspersky log
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, April 10, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Saturday, April 11, 2009 02:57:35
Records in database: 2032842
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics:
Files scanned: 86386
Threat name: 5
Infected objects: 9
Suspicious objects: 0
Duration of the scan: 02:05:13
File name / Threat name / Threats count
C:\Program Files\RealVNC\VNC4\WinVNC4.exe/C:\Program Files\RealVNC\VNC4\WinVNC4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1
C:\Documents and Settings\Darrell Lau\.housecall6.6\Quarantine\bvbnovts.dll.bac_a00528 Infected: Trojan.Win32.Monder.ac 1
C:\Documents and Settings\Darrell Lau\.housecall6.6\Quarantine\mdnnihwd.dll.bac_a00528 Infected: Trojan.Win32.Monder.ax 1
C:\Documents and Settings\Darrell Lau\.housecall6.6\Quarantine\nnnlm.dll.bac_a00528 Infected: Trojan.Win32.Monder.gen 1
C:\Documents and Settings\Darrell Lau\Desktop\vnc-4_1_3-x86_win32.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 2
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1
C:\WINDOWS\w Infected: Trojan.WinREG.Zapchast.e 1
The selected area was scanned.
I'm having trouble opening links from my email now..
There is no sign of active infection, please can you describe your problems in a bit more detail.
OTMoveIt
Please download OTMoveIt3 by OldTimer (http://oldtimer.geekstogo.com/OTMoveIt3.exe) and save it to your desktop
Double-click OTMoveIt3.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )
:Processes
:Files
C:\WINDOWS\w
:Commands
[Purity]
[EmptyTemp]
Return to OTMoveIt3, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
Run ESET Online Scan
Please disable your realtime protection software before proceeding. Refer to this page (http://www.bleepingcomputer.com/forums/topic114351.html) if you are unsure how.
Please go to ESET OnlineScan (NOD32) (http://www.eset.com/onlinescan/)
You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
Now click Start. If you see a "Security Warning" that asks if you want to install and run a file called "OnlineScanner.cab", click Yes.
Click Start. The online scanner will now prepare itself for running on your pc.
To do a full-scan, tick: Remove found threats and Scan potentially unwanted applications.
Press Scan. The Onlinescan will now start and scan your computer. Please be patient as this a while.
When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window.
Click Start, then Run.... The the box that appears type with the quotes:
"C:\Program Files\EsetOnlineScanner\log.txt"
The scan results will now open in Notepad
Click into the text area, right-click and chose select all. Right-click again and chose Copy.
Post back with the log.txt in your next reply.
Note: For Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator (http://netsecurity.about.com/od/quicktips/qt/qt_run_as.htm)" from the context menu.)
demonic_angel
2009-04-12, 00:22
whenever I turn on my computer, msn starts up automatically. I log in, and I usually get signed out 10 seconds later. when I get back on, I would try to message someone, but I would either be logged off again, or the messages would not go through. The only way to get my messages through is to wait for someone to start a conversation with me first. But once they close their window, my messages don't go through. In addition to that, I can't open links in emails now.
OTMoveIt3 log:
========== PROCESSES ==========
========== FILES ==========
C:\WINDOWS\w moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Darrell Lau\Local Settings\Temporary Internet Files\Content.IE5\JJWPJY69\AIM_UAC_v2[1].adp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Darrell Lau\Local Settings\Temporary Internet Files\Content.IE5\I4W9AEBO\tcodewads[1].html scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Darrell Lau\Local Settings\Temporary Internet Files\Content.IE5\BT2U8VJE\size=120x90;noperf=1;alias=93245511;kvmn=93245511;target=_blank;aduho=420;group=435964890;misc=435964890[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Darrell Lau\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
Network Service Temp folder emptied.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.10.0 log created on 04112009_121643
Files moved on Reboot...
C:\Documents and Settings\Darrell Lau\Local Settings\Temporary Internet Files\Content.IE5\JJWPJY69\AIM_UAC_v2[1].adp moved successfully.
C:\Documents and Settings\Darrell Lau\Local Settings\Temporary Internet Files\Content.IE5\I4W9AEBO\tcodewads[1].html moved successfully.
C:\Documents and Settings\Darrell Lau\Local Settings\Temporary Internet Files\Content.IE5\BT2U8VJE\size=120x90;noperf=1;alias=93245511;kvmn=93245511;target=_blank;aduho=420;group=435964890;misc=435964890[1].htm moved successfully.
ESET log
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4001 (20090411)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=b4d561f6ae962946aa7969a5b30ea9e6
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-04-11 07:09:05
# local_time=2009-04-11 12:09:05 (-0800, Pacific Daylight Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=306506
# found=12
# scan_time=3011
C:\QooBox\Quarantine\C\WINDOWS\system32\bbefe.ini.vir Win32/Adware.Virtumonde.NEO~datafile application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\bbefe.tmp.vir Win32/Adware.Virtumonde.NEO~datafile application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\bbefe.tmp2.vir Win32/Adware.Virtumonde.NEO~datafile application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\bneypvcs.ini.vir Win32/Adware.Virtumonde.NEO~datafile application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\cehkj.ini.vir Win32/Adware.Virtumonde.NEO~datafile application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\cehkj.ini2.vir Win32/Adware.Virtumonde.NEO~datafile application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\fyiouqod.ini.vir Win32/Adware.Virtumonde.NEO~datafile application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\jjvjtusj.ini.vir Win32/Adware.Virtumonde.NEO~datafile application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\mlnnn.ini2.vir Win32/Adware.Virtumonde.NEO~datafile application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\onqru.ini.vir Win32/Adware.Virtumonde.NEO~datafile application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\wyyxx.ini.vir Win32/Adware.Virtumonde.NEO~datafile application (unable to clean - deleted) 00000000000000000000000000000000
C:\QooBox\Quarantine\C\WINDOWS\system32\ydneeokt.ini.vir Win32/Adware.Virtumonde.NEO~datafile application (unable to clean - deleted) 00000000000000000000000000000000
thanks
Please Download GMER to your desktop
Download GMER (http://www.gmer.net/gmer.zip) and extract it to your desktop.
***Please close any open programs ***
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst
If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
Please post the results from the GMER scan in your reply.
demonic_angel
2009-04-12, 04:54
here's the gmer log
GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-11 18:53:41
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT spfy.sys ZwCreateKey [0xF738F0E0]
SSDT spfy.sys ZwEnumerateKey [0xF73ADCA2]
SSDT spfy.sys ZwEnumerateValueKey [0xF73AE030]
SSDT spfy.sys ZwOpenKey [0xF738F0C0]
SSDT spfy.sys ZwQueryKey [0xF73AE108]
SSDT spfy.sys ZwQueryValueKey [0xF73ADF88]
SSDT spfy.sys ZwSetValueKey [0xF73AE19A]
INT 0x62 ? 873DBBF8
INT 0x73 ? 87311F00
INT 0x82 ? 873DBBF8
INT 0x83 ? 87311F00
INT 0x83 ? 87311F00
INT 0xA4 ? 87311F00
INT 0xB1 ? 8736DBF8
INT 0xB1 ? 8736DBF8
INT 0xB4 ? 87311F00
---- Kernel code sections - GMER 1.0.15 ----
? spfy.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6C268AC 5 Bytes JMP 873114E0
.text a56612x3.SYS F6A85384 1 Byte [20]
.text a56612x3.SYS F6A85384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text a56612x3.SYS F6A853AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text a56612x3.SYS F6A853C4 3 Bytes [00, 00, 00]
.text a56612x3.SYS F6A853C9 1 Byte [00]
.text ...
.text akughs5q.SYS F6A1D384 1 Byte [20]
.text akughs5q.SYS F6A1D384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text akughs5q.SYS F6A1D3AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text akughs5q.SYS F6A1D3C4 3 Bytes [00, 00, 00]
.text akughs5q.SYS F6A1D3C9 1 Byte [00]
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] kernel32.dll!LoadResource 7C80A045 7 Bytes JMP 28001E20 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] kernel32.dll!FindResourceExW 7C80AD18 7 Bytes JMP 28001C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] kernel32.dll!FindResourceW 7C80BC5E 7 Bytes JMP 28001BE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] kernel32.dll!SizeofResource 7C80BCF9 7 Bytes JMP 28001EE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] kernel32.dll!FindResourceA 7C80BF19 7 Bytes JMP 28001CF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] kernel32.dll!LockResource 7C80CD27 5 Bytes JMP 28001F50 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] kernel32.dll!CreateEventA 7C83089D 5 Bytes JMP 28001840 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] kernel32.dll!FindResourceExA 7C835F90 7 Bytes JMP 28001D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] ADVAPI32.dll!CryptDeriveKey 77DE9FDD 7 Bytes JMP 28001000 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] ADVAPI32.dll!CryptDecrypt 77DEA109 7 Bytes JMP 28001060 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] USER32.dll!GetWindowLongW 7E4188A6 7 Bytes JMP 280069E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 280045B0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] USER32.dll!SetWindowPlacement 7E41DE46 5 Bytes JMP 28005D80 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 28006000 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] USER32.dll!LoadImageW 7E427B97 5 Bytes JMP 28006650 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 28003C70 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] USER32.dll!SetWindowRgn 7E42E528 7 Bytes JMP 28005EC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] USER32.dll!LoadIconW 7E42E8BC 5 Bytes JMP 28006840 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 280061F0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 28004E90 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 2800B5E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] WS2_32.dll!send 71AB4C27 5 Bytes JMP 2800B1C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 2800AFA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] WS2_32.dll!recv 71AB676F 5 Bytes JMP 2800AE00 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 2800B3A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] SHELL32.dll!Shell_NotifyIconW 7CA2A52F 5 Bytes JMP 280033D0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] ole32.dll!CoInitializeEx 774FEF7B 5 Bytes JMP 28002260 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 28002600 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] ole32.dll!CoRegisterClassObject 77517E90 5 Bytes JMP 28002360 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] WININET.dll!HttpOpenRequestA 771C2AF9 5 Bytes JMP 28009CC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] WININET.dll!InternetCloseHandle 771C4D8C 5 Bytes JMP 2800A000 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] WININET.dll!HttpSendRequestA 771C60A1 5 Bytes JMP 28009F30 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2288] WININET.dll!InternetReadFile 771C82EA 5 Bytes JMP 28009E50 C:\Program Files\Messenger Plus! Live\MsgPlusLive1.dll (Messenger Plus! Live Add-On/Patchou)
.text D:\Program Files\Xfire\Xfire.exe[2356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02F71B68 D:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text D:\Program Files\Xfire\Xfire.exe[2356] kernel32.dll!CreateThread 7C8106C7 5 Bytes JMP 02F7150C D:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text D:\Program Files\Xfire\Xfire.exe[2356] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 02F70F84 D:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text D:\Program Files\Xfire\Xfire.exe[2356] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 02F70EE9 D:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text D:\Program Files\Xfire\Xfire.exe[2356] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 02F70E55 D:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text D:\Program Files\Xfire\Xfire.exe[2356] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 02F71657 D:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text D:\Program Files\Xfire\Xfire.exe[2356] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 02F717A5 D:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text D:\Program Files\Xfire\Xfire.exe[2356] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 02F715B3 D:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text D:\Program Files\Xfire\Xfire.exe[2356] USER32.dll!InvalidateRect 7E428FD5 5 Bytes JMP 02F710CC D:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text D:\Program Files\Xfire\Xfire.exe[2356] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 02F70DC1 D:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text D:\Program Files\Xfire\Xfire.exe[2356] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 02F712A0 D:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text D:\Program Files\Xfire\Xfire.exe[2356] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 02F71338 D:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text D:\Program Files\Xfire\Xfire.exe[2356] USER32.dll!RedrawWindow 7E429944 5 Bytes JMP 02F713D3 D:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text D:\Program Files\Xfire\Xfire.exe[2356] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 02F716FB D:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text D:\Program Files\Xfire\Xfire.exe[2356] USER32.dll!IsWindowVisible 7E429E3D 7 Bytes JMP 02F718F6 D:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text D:\Program Files\Xfire\Xfire.exe[2356] USER32.dll!SetFocus 7E42B112 5 Bytes JMP 02F71034 D:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text D:\Program Files\Xfire\Xfire.exe[2356] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 02F71208 D:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text D:\Program Files\Xfire\Xfire.exe[2356] USER32.dll!InvalidateRgn 7E42CDFE 5 Bytes JMP 02F7116A D:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text D:\Program Files\Xfire\Xfire.exe[2356] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 02F7183D D:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text D:\Program Files\Xfire\Xfire.exe[2356] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 02F71474 D:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
.text D:\Program Files\Xfire\Xfire.exe[2356] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 02F71ABE D:\Program Files\Xfire\xfire_toucan_36285.dll (Xfire Toucan DLL/Xfire Inc.)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8736D2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F73C0C4C] spfy.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F73C0CA0] spfy.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7390040] spfy.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F739013C] spfy.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73900BE] spfy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73907FC] spfy.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73906D2] spfy.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 873115E0
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73A0048] spfy.sys
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!RtlInitUnicodeString] 000000A5
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!swprintf] 000000E5
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!KeSetEvent] 000000F1
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 00000071
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 000000D8
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00000031
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!MmFreeMappingAddress] 00000015
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 00000004
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 000000C7
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!MmUnmapIoSpace] 00000023
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 000000C3
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IofCompleteRequest] 00000018
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 00000096
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IofCallDriver] 00000005
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 0000009A
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 00000007
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoConnectInterrupt] 00000012
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoDetachDevice] 00000080
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!KeWaitForSingleObject] 000000E2
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!KeInitializeEvent] 000000EB
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!KeCancelTimer] 00000027
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 000000B2
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!RtlInitAnsiString] 00000075
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 00000009
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoQueueWorkItem] 00000083
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!MmMapIoSpace] 0000002C
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0000001A
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoReportDetectedDevice] 0000001B
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0000006E
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0000005A
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000000A0
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!PoRequestPowerIrp] 00000052
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 0000003B
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 000000D6
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!sprintf] 000000B3
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00000029
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!ObfDereferenceObject] 000000E3
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 0000002F
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 00000084
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!ZwClose] 00000053
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 000000D1
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00000000
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 000000ED
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 00000020
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoCreateDevice] 000000FC
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 000000B1
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 0000005B
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 0000006A
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!ZwOpenKey] 000000CB
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 000000BE
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoStartTimer] 00000039
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!KeInitializeTimer] 0000004A
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoInitializeTimer] 0000004C
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!KeInitializeDpc] 00000058
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!KeInitializeSpinLock] 000000CF
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoInitializeIrp] 000000D0
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!ZwCreateKey] 000000EF
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 000000AA
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 000000FB
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!ZwSetValueKey] 00000043
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!KeInsertQueueDpc] 0000004D
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 00000033
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoStartPacket] 00000085
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 00000045
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 000000F9
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoFreeMdl] 00000002
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!MmUnlockPages] 0000007F
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 00000050
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 0000003C
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 0000009F
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 000000A8
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!KeSynchronizeExecution] 00000051
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoStartNextPacket] 000000A3
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!KeBugCheckEx] 00000040
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 0000008F
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!KeSetTimer] 00000092
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!_allmul] 0000009D
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000038
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!_except_handler3] 000000F5
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!PoSetPowerState] 000000BC
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 000000B6
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 000000DA
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00000021
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!_aulldiv] 00000010
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!strstr] 000000FF
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!_strupr] 000000F3
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!KeQuerySystemTime] 000000D2
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 000000CD
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!KeTickCount] 0000000C
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 00000013
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoDeleteDevice] 000000EC
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 0000005F
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00000097
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoAllocateIrp] 00000044
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoAllocateMdl] 00000017
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 000000C4
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!MmLockPagableDataSection] 000000A7
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 0000007E
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 0000003D
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!ExFreePoolWithTag] 00000064
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoFreeIrp] 0000005D
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!IoFreeWorkItem] 00000019
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!InitSafeBootMode] 00000073
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!RtlCompareMemory] 00000060
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!PoCallDriver] 00000081
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!memmove] 0000004F
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[ntoskrnl.exe!MmHighestUserAddress] 000000DC
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\a56612x3.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!RtlInitUnicodeString] 0000004C
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!swprintf] 00000095
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!KeSetEvent] 0000000B
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 00000042
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 000000FA
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 000000C3
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!MmFreeMappingAddress] 0000004E
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 00000008
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 0000002E
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!MmUnmapIoSpace] 000000A1
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 00000066
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IofCompleteRequest] 00000028
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 000000D9
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IofCallDriver] 00000024
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 000000B2
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 00000076
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoConnectInterrupt] 0000005B
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoDetachDevice] 000000A2
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000049
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!KeInitializeEvent] 0000006D
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!KeCancelTimer] 0000008B
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 000000D1
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!RtlInitAnsiString] 00000025
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 00000072
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoQueueWorkItem] 000000F8
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!MmMapIoSpace] 000000F6
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 00000064
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoReportDetectedDevice] 00000086
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00000068
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 00000098
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!NlsMbCodePageTag] 00000016
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!PoRequestPowerIrp] 000000D4
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 000000A4
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 0000005C
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!sprintf] 000000CC
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 0000005D
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!ObfDereferenceObject] 00000065
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 000000B6
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 00000092
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!ZwClose] 0000006C
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 00000070
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00000048
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 00000050
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 000000FD
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoCreateDevice] 000000ED
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 000000B9
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 000000DA
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 0000005E
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!ZwOpenKey] 00000015
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 00000046
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoStartTimer] 00000057
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!KeInitializeTimer] 000000A7
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoInitializeTimer] 0000008D
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!KeInitializeDpc] 0000009D
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!KeInitializeSpinLock] 00000084
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoInitializeIrp] 00000090
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!ZwCreateKey] 000000D8
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 000000AB
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 00000000
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!ZwSetValueKey] 0000008C
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!KeInsertQueueDpc] 000000BC
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 000000D3
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoStartPacket] 0000000A
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 000000F7
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 000000E4
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoFreeMdl] 00000058
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!MmUnlockPages] 00000005
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 000000B8
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 000000B3
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 00000045
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 00000006
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!KeSynchronizeExecution] 000000D0
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoStartNextPacket] 0000002C
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!KeBugCheckEx] 0000001E
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 0000008F
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!KeSetTimer] 000000CA
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!_allmul] 0000003F
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!MmProbeAndLockPages] 0000000F
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!_except_handler3] 00000002
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!PoSetPowerState] 000000C1
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 000000AF
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 000000BD
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00000003
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!_aulldiv] 00000001
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!strstr] 00000013
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!_strupr] 0000008A
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!KeQuerySystemTime] 0000006B
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 0000003A
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!KeTickCount] 00000091
demonic_angel
2009-04-12, 05:45
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 00000011
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoDeleteDevice] 00000041
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 0000004F
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00000067
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoAllocateIrp] 000000DC
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoAllocateMdl] 000000EA
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 00000097
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!MmLockPagableDataSection] 000000F2
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 000000CF
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 000000CE
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!ExFreePoolWithTag] 000000F0
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoFreeIrp] 000000B4
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!IoFreeWorkItem] 000000E6
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!InitSafeBootMode] 00000073
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!RtlCompareMemory] 00000096
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!PoCallDriver] 000000AC
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!memmove] 00000074
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[ntoskrnl.exe!MmHighestUserAddress] 00000022
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[HAL.dll!KfAcquireSpinLock] 00000034
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[HAL.dll!READ_PORT_UCHAR] 0000008E
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[HAL.dll!KeGetCurrentIrql] 00000043
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[HAL.dll!KfRaiseIrql] 00000044
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[HAL.dll!KfLowerIrql] 000000C4
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[HAL.dll!HalGetInterruptVector] 000000DE
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[HAL.dll!HalTranslateBusAddress] 000000E9
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[HAL.dll!KeStallExecutionProcessor] 000000CB
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[HAL.dll!KfReleaseSpinLock] 00000054
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0000007B
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[HAL.dll!READ_PORT_USHORT] 00000094
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000032
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[HAL.dll!WRITE_PORT_UCHAR] 000000A6
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[WMILIB.SYS!WmiSystemControl] 00000023
IAT \SystemRoot\System32\Drivers\akughs5q.SYS[WMILIB.SYS!WmiCompleteRequest] 0000003D
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegQueryValueExA] [012FE070] c:\program files\aim6\services\imApp\ver6_8_14_6\imAppService.dll (imAppService EE Application Service/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[2296] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[3292] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 873691F8
Device \FileSystem\Fastfat \FatCdrom 86BDD500
Device \Driver\NetBT \Device\NetBT_Tcpip_{DEA81EC5-5BEE-4450-A115-E7B6017EAAC9} 86C241F8
Device \Driver\usbuhci \Device\USBPDO-0 8733C500
Device \Driver\PCI_PNP3418 \Device\00000051 spfy.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8736B1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8736B1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8736B1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8736B1F8
Device \Driver\usbuhci \Device\USBPDO-1 8733C500
Device \Driver\PCI_PNP3418 \Device\00000052 spfy.sys
Device \Driver\usbuhci \Device\USBPDO-2 8733C500
Device \Driver\usbuhci \Device\USBPDO-3 8733C500
Device \Driver\usbehci \Device\USBPDO-4 8731A500
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
Device \Driver\Ftdisk \Device\HarddiskVolume1 873DC1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 873DC1F8
Device \Driver\Cdrom \Device\CdRom0 871DE1F8
Device \Driver\Cdrom \Device\CdRom1 871DE1F8
Device \Driver\Cdrom \Device\CdRom2 871DE1F8
Device \Driver\usbstor \Device\00000080 86BCC1F8
Device \Driver\Cdrom \Device\CdRom3 871DE1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86C241F8
Device \Driver\NetBT \Device\NetbiosSmb 86C241F8
Device \Driver\usbuhci \Device\USBFDO-0 8733C500
Device \Driver\sptd \Device\1918763418 spfy.sys
Device \Driver\usbuhci \Device\USBFDO-1 8733C500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86C201F8
Device \Driver\usbuhci \Device\USBFDO-2 8733C500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86C201F8
Device \Driver\usbuhci \Device\USBFDO-3 8733C500
Device \Driver\sptd \Device\1918919668 spfy.sys
Device \Driver\usbehci \Device\USBFDO-4 8731A500
Device \Driver\Ftdisk \Device\FtControl 873DC1F8
Device \Driver\usbstor \Device\0000007f 86BCC1F8
Device \Driver\a56612x3 \Device\Scsi\a56612x31Port3Path0Target0Lun0 871DC500
Device \Driver\akughs5q \Device\Scsi\akughs5q1Port2Path0Target0Lun0 871B1500
Device \Driver\akughs5q \Device\Scsi\akughs5q1 871B1500
Device \Driver\a56612x3 \Device\Scsi\a56612x31 871DC500
Device \FileSystem\Fastfat \Fat 86BDD500
Device \FileSystem\Cdfs \Cdfs 86C111F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6F 0xB1 0x07 0xCB ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x55 0x49 0x08 0x9D ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xE0 0x96 0xE5 0x1F ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x00 0x75 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0x5B 0x20 0x07 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x71 0xDB 0x95 0xEE ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x26 0x09 0x19 0xF9 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x40 0x2D 0x71 0x42 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -57348342
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1880815251
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6F 0xB1 0x07 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x55 0x49 0x08 0x9D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xE0 0x96 0xE5 0x1F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x00 0x75 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0x5B 0x20 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x71 0xDB 0x95 0xEE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x53 0x1B 0x20 0xAD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x40 0x2D 0x71 0x42 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x6F 0xB1 0x07 0xCB ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x55 0x49 0x08 0x9D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xE0 0x96 0xE5 0x1F ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x38 0x00 0x75 0x02 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBE 0x5B 0x20 0x07 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x71 0xDB 0x95 0xEE ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x53 0x1B 0x20 0xAD ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x40 0x2D 0x71 0x42 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BCC21211-533D-F660-06FF-12C4F84F2776}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BCC21211-533D-F660-06FF-12C4F84F2776}@dbemkcogpjelleolamkojpffggfmeebggdlhcjde 0x6B 0x61 0x63 0x61 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E057DBD3-B71C-C34E-39DB-CF68A4BB6D0E}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E057DBD3-B71C-C34E-39DB-CF68A4BB6D0E}@bboepijaijjefmobihckpoeaamdnjknbfeje 0x66 0x61 0x65 0x6B ...
---- EOF - GMER 1.0.15 ----
demonic_angel
2009-04-20, 18:13
my computer is still acting strangely...is it fixable?
I'm sorry, I didn't get notified of your reply
Please delete the copy of Combofix that you have and download a fresh copy
Run the new version of Combofix and post the log
demonic_angel
2009-04-21, 01:18
Here's the combo fix log
ComboFix 09-04-21.06 - Darrell Lau 2009-04-20 15:09.18 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.630 [GMT -7:00]
Running from: c:\documents and settings\Darrell Lau\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\11722003.dll
c:\windows\system32\13814120.dll
c:\windows\system32\14451.dll
c:\windows\system32\15033864.dll
c:\windows\system32\16235166.dll
c:\windows\system32\1928070.dll
c:\windows\system32\37151328.dll
c:\windows\system32\3770100.dll
c:\windows\system32\5873288.dll
c:\windows\system32\9649344.dll
.
((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.
2009-04-14 02:19 . 2009-04-14 02:19 41808 ----a-w c:\windows\system32\xfcodec.dll
2009-04-11 19:16 . 2009-04-11 19:16 -------- d-----w C:\_OTMoveIt
2009-04-10 18:58 . 2009-04-10 18:58 -------- d-----w C:\rsit
2009-04-10 04:46 . 2009-04-10 04:46 -------- d-----w c:\documents and settings\Darrell Lau\Local Settings\Application Data\RcIncidents
2009-04-10 03:16 . 2009-04-10 03:20 -------- d-----w c:\windows\SxsCaPendDel
2009-04-07 03:09 . 2009-04-07 03:09 -------- d-----w c:\documents and settings\Darrell Lau\Local Settings\Application Data\AOL OCP
2009-04-07 03:05 . 2009-04-07 03:05 -------- d-----w c:\documents and settings\All Users\Application Data\acccore
2009-04-07 03:05 . 2009-04-07 03:10 -------- d-----w c:\documents and settings\All Users\Application Data\AOL OCP
2009-04-07 03:04 . 2009-04-09 14:59 1115 ---ha-w C:\IPH.PH
2009-04-06 01:07 . 2009-04-06 02:41 -------- d-----w C:\32788R22FWJFW.2.tmp
2009-04-06 00:58 . 2009-04-06 02:19 -------- d-----w C:\32788R22FWJFW.1.tmp
2009-04-06 00:55 . 2009-04-06 02:18 -------- d-----w C:\32788R22FWJFW.0.tmp
2009-04-05 16:28 . 2007-08-02 06:47 102664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-04-05 06:05 . 2009-04-05 06:19 -------- d-----w c:\windows\system32\Te_mp_B_S!!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 22:07 . 2008-12-26 03:02 137932 ----a-w C:\MDL 2.0 Debug.txt
2009-04-20 15:01 . 2006-12-17 07:54 -------- d---a-w c:\documents and settings\Darrell Lau\Application Data\Xfire
2009-04-12 16:49 . 2007-06-10 17:39 -------- d-----w c:\program files\Windows Live
2009-04-12 16:48 . 2009-04-12 16:48 -------- d-----w c:\program files\Microsoft Sync Framework
2009-04-12 16:47 . 2009-04-12 16:47 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-04-12 07:58 . 2005-05-02 04:11 -------- d---a-w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-11 21:57 . 2009-04-11 18:11 -------- d-----w c:\program files\EsetOnlineScanner
2009-04-11 21:16 . 2006-12-17 07:55 61072 ----a-w c:\documents and settings\Darrell Lau\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-11 07:59 . 2008-07-11 02:00 -------- d-----w c:\documents and settings\All Users\Application Data\Avg7
2009-04-11 07:59 . 2008-05-15 18:39 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-10 08:52 . 2007-04-22 07:23 -------- d-----w c:\documents and settings\Darrell Lau\Application Data\HouseCall 6.6
2009-04-10 04:42 . 2008-10-12 01:11 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-08 15:19 . 2007-09-27 04:56 2952 ----a-w C:\rapport.txt
2009-04-08 05:10 . 2006-06-30 02:59 -------- d-----w c:\program files\Messenger Plus! Live
2009-04-07 07:00 . 2008-07-11 00:36 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-07 03:19 . 2006-12-17 07:50 -------- d---a-w c:\documents and settings\Darrell Lau\Application Data\acccore
2009-04-07 03:05 . 2009-04-07 03:04 -------- d-----w c:\program files\AIM6
2009-04-07 03:05 . 2009-04-07 03:05 -------- d-----w c:\program files\Viewpoint
2009-04-07 03:05 . 2006-07-11 23:27 -------- d---a-w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-07 03:04 . 2009-04-07 03:04 -------- d-----w c:\program files\Common Files\AOL
2009-04-06 23:13 . 2009-04-06 23:13 -------- d-----w c:\program files\Trend Micro
2009-04-06 22:59 . 2008-10-24 14:47 45 ----a-w C:\TEST.XML
2009-04-06 22:32 . 2008-10-12 01:11 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 22:32 . 2008-10-12 01:11 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-06 14:47 . 2007-09-17 02:07 -------- d-----w c:\program files\Comodo
2009-04-06 04:08 . 2007-09-17 02:11 -------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2009-04-06 03:48 . 2006-09-15 03:22 -------- d-----w c:\program files\HI JACK!
2009-04-05 22:42 . 2009-01-29 04:21 -------- d-----w c:\program files\Nakido
2009-04-05 06:03 . 2008-07-26 07:13 -------- d-----w c:\program files\Garena
2009-04-04 06:00 . 2009-03-04 04:23 -------- d-----w c:\documents and settings\All Users\Application Data\uPlayMe
2009-04-03 07:49 . 2008-03-29 07:50 -------- d-----w c:\program files\CCleaner
2009-04-01 04:12 . 2008-07-09 01:55 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-03-23 22:06 . 2008-12-26 03:02 -------- d-----w c:\program files\MessengerDiscovery
2009-03-02 05:10 . 2005-01-09 19:53 -------- d--h--w c:\program files\InstallShield Installation Information
2009-02-07 02:03 . 2009-02-07 02:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-07 01:52 . 2009-02-07 01:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2008-09-15 06:04 . 2008-07-21 05:51 94208 ----a-w c:\documents and settings\Darrell Lau\Application Data\ezplay.sys
2008-09-07 02:50 . 2008-09-07 02:50 22328 ----a-w c:\documents and settings\Darrell Lau\Application Data\PnkBstrK.sys
2008-07-25 01:54 . 2005-05-17 04:48 47360 ----a-w c:\documents and settings\Darrell Lau\Application Data\pcouffin.sys
2007-07-25 05:23 . 2006-12-17 07:50 45008 ----a-w c:\documents and settings\Darrell Lau\Application Data\GDIPFONTCACHEV1.DAT
2006-12-29 17:43 . 2006-12-29 17:43 15136 ----a-w c:\documents and settings\Terence.DARRELL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-11-28 01:05 . 2006-11-28 01:05 50544 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-11-16 15:38 . 2006-12-17 07:55 134 ----a-w c:\documents and settings\Darrell Lau\Local Settings\Application Data\fusioncache.dat
2006-11-05 21:52 . 2006-12-17 07:49 79328 ----a-w c:\documents and settings\Darrell Lau\mqdmserd.sys
2006-11-05 21:52 . 2006-12-17 07:49 5936 ----a-w c:\documents and settings\Darrell Lau\mqdmwhnt.sys
2006-11-05 21:52 . 2006-12-17 07:49 25600 ----a-w c:\documents and settings\Darrell Lau\usbsermptxp.sys
2006-11-05 21:52 . 2006-12-17 07:49 22768 ----a-w c:\documents and settings\Darrell Lau\usbsermpt.sys
2006-11-05 21:52 . 2006-12-17 07:49 92064 ----a-w c:\documents and settings\Darrell Lau\mqdmmdm.sys
2006-11-05 21:52 . 2006-12-17 07:49 9232 ----a-w c:\documents and settings\Darrell Lau\mqdmmdfl.sys
2006-11-05 21:52 . 2006-12-17 07:49 66656 ----a-w c:\documents and settings\Darrell Lau\mqdmbus.sys
2006-11-05 21:52 . 2006-12-17 07:49 6208 ----a-w c:\documents and settings\Darrell Lau\mqdmcmnt.sys
2006-11-05 21:52 . 2006-12-17 07:49 4048 ----a-w c:\documents and settings\Darrell Lau\mqdmcr.sys
2006-05-03 10:06 . 2008-01-28 01:10 163328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2008-01-28 01:10 31232 --sha-r c:\windows\system32\msfDX.dll
2007-12-17 13:43 . 2008-01-28 01:10 27648 --sha-w c:\windows\system32\Smab0.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-30 61440]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-11-22 813912]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
c:\documents and settings\Darrell Lau\Start Menu\Programs\Startup\
Xfire.lnk - d:\program files\Xfire\Xfire.exe [2009-4-13 3111248]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PenPower PenKeyboard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PenPower PenKeyboard.lnk
backup=c:\windows\pss\PenPower PenKeyboard.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PenPower Start-Up.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PenPower Start-Up.lnk
backup=c:\windows\pss\PenPower Start-Up.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Darrell Lau^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Darrell Lau\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Darrell Lau^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\documents and settings\Darrell Lau\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Darrell Lau^Start Menu^Programs^Startup^Last.fm Helper.lnk]
path=c:\documents and settings\Darrell Lau\Start Menu\Programs\Startup\Last.fm Helper.lnk
backup=c:\windows\pss\Last.fm Helper.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ekrn"=2 (0x2)
"EhttpSrv"=3 (0x3)
"cmdAgent"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\WINDOWS\\system32\\p3xsvr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.4.game"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R3 DC1300;DC 1300 WDM Video Capture; [x]
R3 GarenaPEngine;GarenaPEngine; [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-12-16 10976]
R3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-12-31 910600]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
R3 USBCamera;DC 1300 Still Image Capture; [x]
S2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-12-31 693512]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-15 226656]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - NMSCFG
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97487f08-cb7f-11dc-a2e6-00018010dc06}]
\Shell\AutoRun\command - L:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
2009-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]
2006-12-25 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
- c:\program files\Microsoft IntelliType Pro\itype.exe [2006-11-22 01:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {0CC52A09-A146-4AC4-85E5-B9A575CA8196}
DPF: {9D8CCE0F-2E2C-41EB-B37F-9852DB989CAC}
DPF: {AB4ADC0F-2B4B-4B08-8B5C-CA4D6188A180}
FF - ProfilePath - c:\documents and settings\Darrell Lau\Application Data\Mozilla\Firefox\Profiles\4gt6ztce.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - jdmrides.ca
FF - component: c:\program files\Mozilla Firefox\extensions\upm1@uplayme.com\platform\WINNT\components\firefox_play_capture.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Darrell Lau\Application Data\Mozilla\Firefox\Profiles\4gt6ztce.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13122.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 15:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\DARREL~1\LOCALS~1\Temp\ZOQ18.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1715567821-1383384898-1957994488-1010\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1715567821-1383384898-1957994488-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BCC21211-533D-F660-06FF-12C4F84F2776}*]
"dbemkcogpjelleolamkojpffggfmeebggdlhcjde"=hex:6b,61,63,61,61,6e,68,64,68,6f,
70,6d,65,6b,70,6f,64,65,67,6a,68,65,00,7c
[HKEY_USERS\S-1-5-21-1715567821-1383384898-1957994488-1010\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E057DBD3-B71C-C34E-39DB-CF68A4BB6D0E}*]
"bboepijaijjefmobihckpoeaamdnjknbfeje"=hex:66,61,65,6b,6c,64,65,62,6d,6b,63,61,
00,0a
[HKEY_USERS\S-1-5-21-1715567821-1383384898-1957994488-1010\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9d,eb,22,54,64,d0,21,89,9f,29,c7,13,b6,67,c8,22,08,2e,2c,d1,b8,ce,96,
fc,ae,62,d2,bf,ff,7b,b0,3d,ea,2c,b1,b5,db,68,9a,b6,27,de,12,40,ed,a4,c4,db,\
"??"=hex:cc,96,09,aa,89,94,ad,23,32,9f,b9,bc,70,0d,36,2b
[HKEY_USERS\S-1-5-21-1715567821-1383384898-1957994488-1010\Software\SecuROM\License information*]
"datasecu"=hex:54,d2,4a,82,6d,a1,69,32,a2,1a,5b,55,ca,39,5f,dd,5a,bb,09,ed,ee,
8e,b3,63,08,7b,4a,93,fe,4a,fe,b1,fe,31,76,26,39,10,5b,ea,3a,be,d6,8a,7d,e2,\
"rkeysecu"=hex:7e,8c,f2,c5,2b,89,2c,be,83,f3,d9,36,e3,c2,e0,05
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-04-21 15:15
ComboFix-quarantined-files.txt 2009-04-21 22:15
ComboFix2.txt 2009-04-11 01:28
ComboFix3.txt 2009-04-11 00:18
ComboFix4.txt 2009-04-07 07:20
ComboFix5.txt 2009-04-20 22:07
Pre-Run: 10,710,999,040 bytes free
Post-Run: 10,744,397,824 bytes free
265 --- E O F --- 2008-05-19 20:32
thanks
There is no sign of active infection, have you tried reinstalling MSN ?
demonic_angel
2009-04-21, 01:27
yes I have tried reinstalling msn many times...it's all a mystery to me
demonic_angel
2009-04-21, 03:51
Okay...it turns out it was a bug in the msn system. All I had to do was make another email account and it works fine. Thanks for your help! I'm sure combofix got rid of some stuff while you were helping me figure this out!
I'm glad to hear it's sorted :)
Congratulations your logs look clean :)
Let's see if I can help you keep it that way
First lets tidy up
Please delete RSIT.exe and C:\RSIT (entire folder)
You can also delete any logs we have produced, and empty your Recycle bin.
Uninstall Combofix
This will clear your System Volume Information restore points and remove all the infected files that were quarantined
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Uninstall OTMoveIt
Open OTMoveIt Click Cleanup,
When a box pops up click YES.
----------------------------------------------------------- -----------------------------------------------------------
The following is some info to help you stay safe and clean.
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'