View Full Version : Fake anti-virus pop ups and i-exploer spamed
i got a couple of pops ups for a clearly fake anti-virus the other day, AV care or something, and before i could do anything to it, it made its self a icon in my tray, and preceded to tell me of all the horrible infections i had.
well i got rid of the program, but when ever i start the computer, explorer, the windows one, not the internet one, fails to open.
when i open the task manager, there is about 50 copies of internet explorer going. i am able to shut them down easily, but if i try to get windows explorer going again, they come back. this even happens in safe mode.
All of this makes it pretty hard to get hijack this, or anything else to run, so is there anything i can do? or am i done for? :sad:
Hi,
Please, see if you're able to make following programs run (in safe mode (http://www.computerhope.com/issues/chsafe.htm) if needed):
Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt
Save both reports to your desktop. Post them back to your topic.
Download GMER (http://www.gmer.net) here by clicking download exe -button and then saving it your desktop:
Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.
Okay, i got them both to run, had to rename Gmer, which i'm sure is what was wrong with Hijackthis.
DDS log one.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-07-30.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/30/2007 11:30:39 AM
System Uptime: 8/18/2009 12:49:43 PM (0 hours ago)
Motherboard: ECS | | G31T-M
Processor: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz | CPU 1 | 2327/333mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 25.282 GiB free.
D: is CDROM ()
F: is CDROM ()
G: is Removable
==== Disabled Device Manager Items =============
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_26391019&REV_01\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_26391019&REV_01\3&11583659&0&FB
Service:
==== System Restore Points ===================
RP428: 8/12/2009 2:51:55 AM - System Checkpoint
RP429: 8/12/2009 2:51:55 AM - Avg8 Update
RP430: 8/12/2009 2:51:56 AM - System Checkpoint
RP431: 8/12/2009 2:51:56 AM - System Checkpoint
RP432: 8/12/2009 2:51:56 AM - Installed Short S8 Calcutta for FSX or FS2004
RP433: 8/12/2009 2:51:56 AM - Installed Lockheed Orion 9 for FSX or FS2004
RP434: 8/12/2009 2:51:56 AM - Installed Boeing 247 and 247D for FSX or FS2004
RP435: 8/12/2009 2:51:57 AM - System Checkpoint
RP436: 8/12/2009 2:51:57 AM - Installed Command and ConquerTM Generals Zero Hour
RP437: 8/12/2009 2:51:57 AM - Configured Command & Conquer Generals
RP438: 8/12/2009 2:51:57 AM - Configured Command and ConquerTM Generals Zero Hour
RP439: 8/12/2009 2:51:57 AM - Configured Command & Conquer Generals
RP440: 8/12/2009 2:51:57 AM - Installed Command & Conquer Generals
RP441: 8/12/2009 2:51:57 AM - Installed Command and ConquerTM Generals Zero Hour
RP442: 8/12/2009 2:51:58 AM - Avg8 Update
RP443: 8/12/2009 2:51:58 AM - Avg8 Update
RP444: 8/12/2009 2:51:58 AM - Installed Thermal Analysis Tool
RP445: 8/12/2009 2:51:59 AM - System Checkpoint
RP446: 8/12/2009 2:52:00 AM - System Checkpoint
RP447: 8/12/2009 2:52:01 AM - System Checkpoint
RP448: 8/12/2009 2:52:01 AM - System Checkpoint
RP449: 8/12/2009 2:52:01 AM - System Checkpoint
RP450: 8/12/2009 2:52:01 AM - System Checkpoint
RP451: 8/12/2009 2:52:02 AM - Installed DirectX
RP452: 8/12/2009 2:52:02 AM - System Checkpoint
RP453: 8/12/2009 2:52:02 AM - System Checkpoint
RP454: 8/12/2009 2:52:02 AM - System Checkpoint
RP455: 8/12/2009 2:52:03 AM - System Checkpoint
RP456: 8/12/2009 2:52:04 AM - System Checkpoint
RP457: 8/12/2009 2:52:04 AM - System Checkpoint
RP458: 8/12/2009 2:52:04 AM - Installed Sim Brothel
RP459: 8/12/2009 2:52:04 AM - System Checkpoint
RP460: 8/12/2009 2:52:04 AM - System Checkpoint
RP461: 8/12/2009 2:52:05 AM - System Checkpoint
RP462: 8/12/2009 2:52:06 AM - Installed The Sims 3
RP463: 8/12/2009 2:52:06 AM - System Checkpoint
RP464: 8/12/2009 2:52:06 AM - Removed BF2:Sandbox
RP465: 8/12/2009 2:52:07 AM - Removed Call of Duty(R) 4 - Modern Warfare(TM)
RP466: 8/12/2009 2:52:07 AM - System Checkpoint
RP467: 8/12/2009 2:52:07 AM - Software Distribution Service 3.0
RP468: 8/12/2009 2:52:08 AM - Installed PAK Explorer
RP469: 8/12/2009 2:52:09 AM - System Checkpoint
RP470: 8/12/2009 2:52:09 AM - System Checkpoint
RP471: 8/12/2009 2:52:09 AM - Installed DirectX
RP472: 8/12/2009 2:52:09 AM - Installed PF+FB+AEP
RP473: 8/12/2009 2:52:09 AM - Installed IL-2 Sturmovik: Forgotten Battles
RP474: 8/12/2009 2:52:09 AM - System Checkpoint
RP475: 8/12/2009 2:52:10 AM - Installed Tom Clancy's H.A.W.X
RP476: 8/12/2009 2:52:10 AM - Installed Tom Clancy's H.A.W.X
RP477: 8/12/2009 2:52:11 AM - Removed PF+FB+AEP
RP478: 8/12/2009 2:52:11 AM - Installed Real War Rogue States
RP479: 8/12/2009 2:52:11 AM - Removed Real War Rogue States
RP480: 8/12/2009 2:52:11 AM - System Checkpoint
RP481: 8/12/2009 2:52:11 AM - Installed Singles2
RP482: 8/12/2009 2:52:12 AM - Installed IL-2 Sturmovik 1946
RP483: 8/12/2009 2:52:12 AM - Removed IL-2 Sturmovik 1946
RP484: 8/12/2009 2:52:13 AM - Installed IL-2 Sturmovik 1946
RP485: 8/12/2009 2:52:14 AM - System Checkpoint
RP486: 8/12/2009 2:52:14 AM - System Checkpoint
RP487: 8/12/2009 2:52:14 AM - System Checkpoint
RP488: 8/12/2009 2:52:14 AM - Avg8 Update
RP489: 8/12/2009 2:52:14 AM - Avg8 Update
RP490: 8/12/2009 2:52:15 AM - Installed DirectX
RP491: 8/12/2009 2:52:15 AM - System Checkpoint
RP492: 8/12/2009 2:52:15 AM - System Checkpoint
RP493: 8/12/2009 2:52:16 AM - System Checkpoint
RP494: 8/12/2009 2:52:16 AM - System Checkpoint
RP495: 8/12/2009 2:52:16 AM - System Checkpoint
RP496: 8/12/2009 2:52:16 AM - System Checkpoint
RP497: 8/12/2009 2:52:16 AM - System Checkpoint
RP498: 8/12/2009 2:52:17 AM - System Checkpoint
RP499: 8/12/2009 2:52:17 AM - Removed IL-2 Sturmovik 1946
RP500: 8/12/2009 2:52:20 AM - Installed Tom Clancy's Rainbow Six Vegas 2
RP501: 8/12/2009 2:52:20 AM - Installed DirectX
RP502: 8/12/2009 2:52:21 AM - Removed Tom Clancy's Rainbow Six Vegas 2
RP503: 8/12/2009 2:52:22 AM - Installed Tom Clancy's Rainbow Six Vegas 2
RP504: 8/12/2009 2:52:22 AM - Installed DirectX
RP505: 8/12/2009 2:52:22 AM - Removed Tom Clancy's Rainbow Six Vegas 2
RP506: 8/12/2009 2:52:22 AM - Installed Tom Clancy's Rainbow Six Vegas 2
RP507: 8/12/2009 2:52:22 AM - Installed DirectX
RP508: 8/12/2009 2:52:22 AM - System Checkpoint
RP509: 8/12/2009 2:52:23 AM - System Checkpoint
RP510: 8/12/2009 2:52:23 AM - Installed Battlefield 1942
RP511: 8/12/2009 2:52:23 AM - Installed Battlefield 1942: The Road To Rome
RP512: 8/12/2009 2:52:23 AM - Installed Battlefield 1942: Secret Weapons of WWII
RP513: 8/12/2009 2:52:23 AM - System Checkpoint
RP514: 8/12/2009 2:52:23 AM - Installed IL-2 Sturmovik 1946
RP515: 8/12/2009 2:52:24 AM - System Checkpoint
RP516: 8/12/2009 2:52:24 AM - System Checkpoint
RP517: 8/12/2009 2:52:25 AM - Installed Microsoft Office PowerPoint Viewer 2003
RP518: 8/12/2009 2:52:25 AM - System Checkpoint
RP519: 8/12/2009 2:52:25 AM - Installed Microsoft Office Word 2007
RP520: 8/12/2009 2:52:26 AM - Configured Microsoft Office Word 2007
RP521: 8/12/2009 2:52:26 AM - Installed Singles 2 Patch 1.4
RP522: 8/12/2009 2:52:27 AM - Configured Singles2
RP523: 8/12/2009 2:52:27 AM - Installed Singles2
RP524: 8/12/2009 2:52:27 AM - Removed Singles2
RP525: 8/12/2009 2:52:27 AM - Installed Singles2
RP526: 8/12/2009 2:52:27 AM - Configured Singles2
RP527: 8/12/2009 2:52:28 AM - Software Distribution Service 3.0
RP528: 8/12/2009 2:52:28 AM - Avg8 Update
RP529: 8/12/2009 2:52:28 AM - Avg8 Update
RP530: 8/12/2009 2:52:29 AM - System Checkpoint
RP531: 8/12/2009 2:52:30 AM - System Checkpoint
RP532: 8/12/2009 2:52:30 AM - Installed Battlefield 2142
RP533: 8/12/2009 2:52:31 AM - Installed DirectX
RP534: 8/12/2009 2:52:32 AM - System Checkpoint
RP535: 8/12/2009 2:52:32 AM - System Checkpoint
RP536: 8/12/2009 2:52:33 AM - System Checkpoint
RP537: 8/12/2009 2:52:34 AM - System Checkpoint
RP538: 8/12/2009 2:52:34 AM - System Checkpoint
RP539: 8/12/2009 2:52:35 AM - System Checkpoint
RP540: 8/12/2009 2:52:35 AM - System Checkpoint
RP541: 8/12/2009 2:52:35 AM - System Checkpoint
RP542: 8/12/2009 2:52:36 AM - Software Distribution Service 3.0
RP543: 8/12/2009 2:52:36 AM - Installed DirectX
RP544: 8/12/2009 2:52:37 AM - System Checkpoint
RP545: 8/12/2009 2:52:37 AM - System Checkpoint
RP546: 8/12/2009 2:52:37 AM - System Checkpoint
RP547: 8/12/2009 2:52:38 AM - System Checkpoint
RP548: 8/12/2009 2:52:38 AM - System Checkpoint
RP549: 8/12/2009 2:52:39 AM - Installed The Roleplaying assistant V7.13d
RP550: 8/12/2009 2:52:40 AM - System Checkpoint
RP551: 8/12/2009 2:52:40 AM - System Checkpoint
RP552: 8/12/2009 2:52:41 AM - System Checkpoint
RP553: 8/12/2009 2:52:41 AM - System Checkpoint
RP554: 8/12/2009 2:52:41 AM - System Checkpoint
==== Installed Programs ======================
"Faces of War" (Remove Only)
×åðíàÿ Àêóëà
Acoustica Effects Pack
Acoustica Mixcraft 4.1
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop 7.0
Adobe Reader 9
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advertisement Service
Alias DirectConnect 2.0
AVG 8.5
AVIVO Codecs
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
Battlefield 2(TM)
Battlefield 2: Special Forces
Battlefield 2142
Belarc Advisor 7.2
Bioshock
BlériotXI with pilot for FS9, FSX compatible
Boeing 247 and 247D for FSX or FS2004
Cheat Engine 5.5
Command & Conquer Generals
Command & Conquer™ Red Alert™ 3
Command and ConquerTM Generals Zero Hour
Connect
Counter-Strike: Source
Crayon Physics Deluxe Demo
Critical Update for Windows Media Player 11 (KB959772)
Dawn
Dawn of War: Soulstorm
Day of Defeat: Source
Defcon Demo
Destructive Forces 1.15 FULL
EAX(tm) Unified (SHELL)
Fable - The Lost Chapters
FableTLCMod - Albion Explorer
FableTLCMod - Fable Explorer
Fallout 3
FINAL FANTASY VIII
Flight Simulator X
Flight Simulator X Service Pack 1
FLV Player 2.0, build 24
FOCMapEditor
Fokker FVIIa for FSX
FsX Project BO-105 ADAC
Game Maker 6.1A
GameJack 5
Garry's Mod
GCFScape 1.7.0
GLOBEtrotter FLEXid Drivers
Google Earth
Google Updater
GPGNet
Guitar Pro 5.2
Half-Life
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life: Blue Shift
Hamachi 1.0.3.0
High Definition Audio Driver Package - KB888111
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
IL-2 Sturmovik 1946
Intel(R) Graphics Media Accelerator Driver
Java(TM) 6 Update 3
Java(TM) 6 Update 7
kuler
Left 4 Dead Authoring Tools Beta
Left 4 Dead Dedicated Server
LightScribe 1.4.124.1
Lockheed Orion 9 for FSX or FS2004
Lost Planet: Extreme Condition
Mass Effect
Maya 7.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Flight Simulator X: Acceleration
Microsoft Game Studios Common Redistributables Pack 1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office PowerPoint Viewer 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 2005 Express Edition - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# 2.0 Redistributable Package
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
Microsoft XNA Framework Redistributable 3.0
Mount&Blade
Mozilla Firefox (3.0.13)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
Notepad++
NVIDIA Drivers
NVIDIA PhysX
Oblivion
Oblivion - Construction Set
Oblivion - Horse Armor Pack
Oblivion - Knights of the Nine
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
Oblivion mod manager 1.1.11
Obscure 2
Office Multimedia Mouse Driver
Oni
OpenAL
Opposing Force
PAK Explorer
Pan American Fokker FVIIb_3m for FSX or FS2004
Pcsx2 0.9.2 Watermoose
PDF Settings CS4
Peggle Extreme
PF+FB+AEP
Photoshop Camera Raw
Pixel Bender Toolkit
Portal
PowerISO
Program Design Assistant Version 5.5
PunkBuster Services
Railroad Tycoon 3
RapidLeecher
RCS B-25J RAF MkII for FSX
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Redblade 1.3.0.16 RC 1
Saints Row 2
Saitek SST Programming Software
SeaTools for Windows
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Sentinel System Driver
Short S8 Calcutta for FSX or FS2004
Sim Brothel
SimPE 0.68 (alpha)
Singles 2 Patch 1.4
Singles2
Sound Blaster Live!
Souptoys
Source Dedicated Server
Source SDK
Source SDK Base - Orange Box
SpeechRedist
SpeedFan (remove only)
SPORE™
SPORE™ Creepy & Cute Parts Pack
Spybot - Search & Destroy
STALKER: Shadow of Chernobyl
Star Wars Battlefront
Star Wars Empire at War
Star Wars Empire at War Forces of Corruption
Star Wars Jedi Knight Jedi Academy
Star Wars JK II Jedi Outcast
Steam
Steiners Advanced Units Mod 3.0 Reloaded
Suite Shared Configuration CS4
Super nude patch II 2.8
Supreme Commander - Forged Alliance
System Requirements Lab
Team Fortress 2
Terrain Generator 3.0.5
The Creator System2
The Roleplaying assistant V7.13d
THE SETTLERS - Rise of an Empire
The Ship
The Ship Single Player
The Ship Tutorial
The Sims™ 3
Theorica Divx ;-) Codecs (remove only)
Thermal Analysis Tool
Tom Clancy's H.A.W.X
Tom Clancy's Rainbow Six Vegas 2
Tomb Raider:
Tomb Raider: Anniversary 1.0
Tomb Raider: Underworld 1.0
Trials 2: Second Edition Demo
TubeHunter Ultra
ultimatemod_0.9.9final
Unofficial Shivering Isles Patch v1.3.0
Unreal Tournament 2004
Unreal Tournament 3
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC 9.0 Runtime
Version 3.0
VLC media player 0.9.9
Vuze
WebFldrs XP
Windows Communication Foundation
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Service Pack 3
Wings of POWER II: P51 Mustang
Wings of POWER II: WWII FIGHTERS
Wings of POWER: Heavy Bombers and Jets
winpcap-nmap 4.02
WinRAR archiver
World of Warcraft
Xfire (remove only)
XML Paper Specification Shared Components Pack 1.0
Xvid 1.1.3 final uninstall
Yahoo! Messenger
ZombieMod v0.2
ZoneAlarm
==== Event Viewer Messages From Past Week ========
8/18/2009 12:53:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/18/2009 12:52:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/18/2009 12:51:50 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 BANTExt Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip vsdatant
8/18/2009 12:51:50 PM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
8/18/2009 12:51:50 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
8/18/2009 12:51:50 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/18/2009 12:51:50 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/18/2009 12:51:50 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
8/18/2009 12:50:52 PM, error: sfsync02 [12] -
8/12/2009 12:55:42 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
8/12/2009 1:56:48 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
==== End Of File ===========================
DDS log two.
DDS (Ver_09-07-30.01) - NTFSx86 MINIMAL
Run by Ozerium at 12:54:10.51 on Tue 08/18/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1509 [GMT -7:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
G:\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 0.0.0.0:80
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [WireLessMouse] c:\program files\office multimedia mouse driver\MouseDrv.exe
mRun: [WINDVDPatch] CTHELPER.EXE
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Jet Detection] "c:\program files\creative\sblive\program\ADGJDet.exe"
mRun: [Profiler] c:\program files\saitek\software\ProfilerU.exe
mRun: [SaiMfd] c:\program files\saitek\software\SaiMfd.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [net] "c:\windows\system32\net.net"
StartupFolder: c:\docume~1\ozerium\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\xfire.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191914653000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ozerium\applic~1\mozilla\firefox\profiles\nunlofjk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-15 335752]
S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-12-10 27784]
S1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-10-16 353672]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-25 298776]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064]
S2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2009-3-17 182528]
=============== Created Last 30 ================
2009-08-12 02:52 147,456 a------- c:\windows\msa.exe
2009-08-12 02:51 164,840 a------- c:\windows\system32\net.net
2009-08-05 16:21 59 a------- c:\windows\WET.INI
2009-08-05 16:21 <DIR> --d----- C:\WET
2009-08-05 14:16 <DIR> --d----- C:\rowan
2009-08-05 13:55 <DIR> --d----- c:\program files\RPA713d
2009-08-05 13:55 <DIR> --d----- c:\program files\common files\VFP
2009-08-05 03:16 <DIR> --d----- c:\program files\creator2
2009-08-05 03:13 <DIR> --d----- c:\program files\Redblade 3.5e
2009-08-03 08:48 <DIR> --d----- c:\docume~1\ozerium\applic~1\streamripper
2009-08-03 08:48 <DIR> --d----- c:\program files\Streamripper-1.63-beta-2
2009-07-29 21:22 <DIR> --d----- c:\program files\1C
2009-07-23 18:57 41,872 a------- c:\windows\system32\xfcodec.dll
2009-07-22 12:42 <DIR> --d----- c:\program files\ARMA II
==================== Find3M ====================
2009-08-12 13:36 5,536 a------- c:\windows\system32\d3d9caps.dat
2009-08-05 03:16 249,856 -------- c:\windows\Setup1.exe
2009-08-05 03:16 73,216 a------- c:\windows\ST6UNST.EXE
2009-07-17 13:14 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-06 01:54 27,136 a------- c:\windows\~GLH0000.TMP
2009-07-05 17:12 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-05 17:12 22,328 a------- c:\docume~1\ozerium\applic~1\PnkBstrK.sys
2009-07-05 17:10 107,832 a------- c:\windows\system32\PnkBstrB.exe
2009-07-05 17:10 2,337,865 a------- c:\windows\system32\pbsvc.exe
2009-07-05 17:10 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-06-26 09:50 666,624 a------- c:\windows\system32\wininet.dll
2009-06-26 09:50 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-25 16:37 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-06-25 16:37 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-06-25 11:14 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-25 01:42 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-03-10 22:16 61 ---sh--- c:\windows\cnerolf.bin
============= FINISH: 12:55:06.20 ===============
Half the gmer log
GMER 1.0.15.15077 [testrizor.exe] - http://www.gmer.net
Rootkit scan 2009-08-18 13:12:17
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
INT 0x62 ? 8A89FBF8
INT 0x63 ? 8A786BF8
INT 0x73 ? 8A89FBF8
INT 0x73 ? 8A89FBF8
INT 0x73 ? 8A786BF8
INT 0x73 ? 8A89FBF8
INT 0xB4 ? 8A786BF8
Code 8A86EF08 ZwEnumerateKey
Code 8A791390 ZwFlushInstructionCache
Code 8A86EF3E IofCallDriver
Code 8A8512D6 IofCompleteRequest
Code 8A863725 ZwSaveKey
Code 8A85F97D ZwSaveKeyEx
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!IofCallDriver 804E13A7 5 Bytes JMP 8A86EF43
.text ntoskrnl.exe!IofCompleteRequest 804E17BD 5 Bytes JMP 8A8512DB
.text ntoskrnl.exe!ZwSaveKey 804E42AE 5 Bytes JMP 8A86372A
.text ntoskrnl.exe!ZwSaveKeyEx 804E42C2 5 Bytes JMP 8A85F982
PAGE ntoskrnl.exe!ZwEnumerateKey 80578E14 5 Bytes JMP 8A86EF0C
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80587BFB 5 Bytes JMP 8A791394
? splo.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B86C88AC 5 Bytes JMP 8A7861D8
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\Iexplore.exe[188] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[188] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[188] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[188] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[188] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[224] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[224] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[224] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[224] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[224] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1004] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1004] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1004] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1004] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1004] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1132] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1132] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1132] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1132] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1132] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1140] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1140] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1140] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1140] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1140] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1148] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1148] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1148] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1148] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1148] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1164] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1164] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1164] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1164] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1164] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1180] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1204] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1204] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1204] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1204] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1204] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1212] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1212] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1212] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1212] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1212] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1228] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1228] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1228] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1228] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1228] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1236] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1236] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1236] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1236] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1236] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1248] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1248] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1248] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1248] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1248] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1268] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1268] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1268] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1268] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1268] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1276] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1276] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1276] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1276] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1276] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1312] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1312] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1312] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1312] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1312] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1328] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1328] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1328] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1328] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1328] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1336] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1336] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1336] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1336] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1336] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1352] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1352] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1352] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1352] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1352] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1360] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1360] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1360] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1360] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1360] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1436] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1436] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1436] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1436] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1436] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1468] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1468] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1468] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1468] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1468] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1508] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1508] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1508] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1508] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1508] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1524] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1524] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1524] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1524] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1524] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1540] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1540] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1540] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1540] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1540] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1556] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1556] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1556] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1556] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1556] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1588] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1588] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1588] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1588] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1588] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1596] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1596] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1596] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1596] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1596] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1620] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1620] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1620] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1620] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1620] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1668] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1668] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1668] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1668] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1668] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1692] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1692] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1692] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1692] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1692] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1700] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1700] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1700] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1700] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1700] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1716] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1716] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1716] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1716] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1716] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1804] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1804] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1804] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1804] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1804] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1812] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1812] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1812] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1812] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1812] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1828] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[1828] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1828] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1828] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[1828] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[2388] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[2388] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[2388] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[2388] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[2388] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[2416] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[2416] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[2416] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[2416] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[2416] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[2524] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[2524] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[2524] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[2524] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[2524] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[2744] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[2744] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[2744] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[2744] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[2744] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[2800] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[2800] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[2800] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[2800] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[2800] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[2872] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[2872] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[2872] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[2872] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[2872] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[2936] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[2936] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[2936] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[2936] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[2936] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3304] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[3304] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3304] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3304] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3304] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3404] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[3404] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3404] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3404] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3404] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3580] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[3580] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3580] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3580] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3580] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3612] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[3612] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3612] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3612] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3612] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3752] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[3752] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[3752] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3752] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[3752] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[4372] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[4372] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[4372] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[4372] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[4372] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[4384] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[4384] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[4384] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[4384] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[4384] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[4616] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00CC000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[4616] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00D7000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[4616] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[4616] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[4616] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[4944] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[4944] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[4944] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[4944] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[4944] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[4988] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[4988] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[4988] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[4988] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[4988] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[5016] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[5016] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[5016] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[5016] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[5016] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[5072] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[5072] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[5072] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[5072] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[5072] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[5080] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[5080] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[5080] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[5080] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[5080] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[5756] WININET.dll!HttpAddRequestHeadersA
771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[5756] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[5756] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[5756] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[5756] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6072] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[6072] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6072] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6072] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6072] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6080] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[6080] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6080] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6080] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6080] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6088] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[6088] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6088] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6088] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6088] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6128] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[6128] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6128] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6128] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6128] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6184] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[6184] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6184] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6184] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6184] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6288] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[6288] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6288] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6288] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6288] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6352] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[6352] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6352] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6352] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6352] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6368] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[6368] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6368] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6368] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6368] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6444] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[6444] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6444] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6444] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6444] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6492] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[6492] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6492] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6492] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6492] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6568] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[6568] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6568] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6568] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6568] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6696] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[6696] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6696] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6696] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6696] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6728] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[6728] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6728] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6728] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6728] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6760] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[6760] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[6760] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6760] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[6760] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[7000] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[7000] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[7000] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[7000] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[7000] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[7220] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[7220] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[7220] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[7220] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[7220] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[7240] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[7240] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[7240] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[7240] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[7240] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[7380] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[7380] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[7380] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[7380] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[7380] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[7388] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[7388] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[7388] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[7388] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[7388] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[7636] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D3000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[7636] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[7636] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[7636] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[7636] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[8044] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[8044] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[8044] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[8044] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[8044] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[8048] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[8048] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[8048] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[8048] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[8048] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[8108] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[8108] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[8108] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[8108] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[8108] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[8164] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[8164] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[8164] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[8164] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[8164] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[11264] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[11264] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[11264] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[11264] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[11264] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[11432] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[11432] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[11432] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[11432] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[11432] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[15572] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[15572] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[15572] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[15572] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[15572] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[15904] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[15904] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[15904] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[15904] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[15904] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[15948] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[15948] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[15948] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[15948] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[15948] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[16144] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[16144] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[16144] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[16144] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[16144] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[16156] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[16156] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[16156] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[16156] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[16156] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
.text C:\Program Files\Internet Explorer\Iexplore.exe[16208] WININET.dll!HttpAddRequestHeadersA 771C40D2 5 Bytes JMP 00D2000C
.text C:\Program Files\Internet Explorer\Iexplore.exe[16208] WININET.dll!HttpAddRequestHeadersW 771CEF34 5 Bytes JMP 00DD000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[16208] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100129A0
.text C:\Program Files\Internet Explorer\Iexplore.exe[16208] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 100127E0
.text C:\Program Files\Internet Explorer\Iexplore.exe[16208] WS2_32.dll!send 71AB4C27 5 Bytes JMP 100127C0
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A9102D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7508C4C] splo.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7508CA0] splo.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74D8040] splo.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74D813C] splo.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74D80BE] splo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74D87FC] splo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74D86D2] splo.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A7862D8
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A89E1F8
Device \FileSystem\Fastfat \FatCdrom 89F2D500
Device \Driver\usbuhci \Device\USBPDO-0 8A7851F8
Device \Driver\usbuhci \Device\USBPDO-1 8A7851F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A90E1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A90E1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A90E1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A90E1F8
Device \Driver\usbuhci \Device\USBPDO-2 8A7851F8
Device \Driver\usbuhci \Device\USBPDO-3 8A7851F8
Device \Driver\usbehci \Device\USBPDO-4 8A7581F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8A01F8
Device \Driver\PCI_PNP8164 \Device\0000005c splo.sys
Device \Driver\PCI_PNP8164 \Device\0000005c splo.sys
Device \Driver\sptd \Device\226269414 splo.sys
Device \Driver\USBSTOR \Device\00000098 8A6311F8
Device \Driver\USBSTOR \Device\00000099 8A6311F8
Device \Driver\usbuhci \Device\USBFDO-0 8A7851F8
Device \Driver\usbuhci \Device\USBFDO-1 8A7851F8
Device \Driver\usbuhci \Device\USBFDO-2 8A7851F8
Device \Driver\usbuhci \Device\USBFDO-3 8A7851F8
Device \Driver\usbehci \Device\USBFDO-4 8A7581F8
Device \Driver\Ftdisk \Device\FtControl 8A8A01F8
Device \Driver\agz0z7ob \Device\Scsi\agz0z7ob1Port4Path0Target0Lun0 8A7491F8
Device \Driver\agz0z7ob \Device\Scsi\agz0z7ob1 8A7491F8
Device \FileSystem\Fastfat \Fat 89F2D500
Device \FileSystem\Cdfs \Cdfs 8A66D500
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [188] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [224] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACubqovhdyqa.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [536] 0x00760000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [536] 0x00910000
Library \\?\globalroot\systemroot\system32\UACubqovhdyqa.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [636] 0x00760000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [636] 0x00910000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1004] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1132] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1140] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1148] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1164] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1180] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1204] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1212] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1228] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1236] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1248] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1268] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1276] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1312] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1328] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1336] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1352] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1360] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1436] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1468] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1508] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1524] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1540] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1556] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1588] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1596] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1620] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1668] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1692] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1700] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1716] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1804] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1812] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [1828] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [2388] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [2416] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [2524] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [2744] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [2800] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [2872] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [2936] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [3304] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [3404] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [3580] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [3612] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [3752] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [4372] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [4384] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [4616] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [4944] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [4988] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [5016] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [5072] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [5080] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [5756] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [6072] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [6080] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [6088] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [6128] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [6184] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [6288] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [6352] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [6368] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [6444] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [6492] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [6568] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [6696] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [6728] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [6760] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [7000] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [7220] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [7240] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [7380] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [7388] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [7636] 0x00AF0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [8044] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [8048] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [8108] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [8164] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [11264] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [11432] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [15572] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [15904] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [15948] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [16144] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [16156] 0x00AE0000
Library \\?\globalroot\systemroot\system32\UACtehipfqrsc.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [16208] 0x00AE0000
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\UACgskllrldbo.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
Hi again,
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
Vuze
I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).
Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
After that:
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:
The Recovery Console was successfully installed.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds.txt log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
I can't get avg off, i can't do anything out of safe mode, and avg only scans in safe mode.
as for vuze, i only used it to download a friends videos, i wasn't aware it was still around. its gone now.
Hi,
Do you mean that ComboFix warns about AVG running on background? If you can't disable it then let ComboFix run despite of the warning.
ComboFix 09-08-10.06 - Ozerium 08/20/2009 20:39.1.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1753 [GMT -7:00]
Running from: c:\documents and settings\Ozerium\Desktop\Kmar.exe
Command switches used :: c:\documents and settings\Ozerium\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\msa.exe
c:\windows\system32\BReWErS.dll
c:\windows\system32\net.net
.
((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.
2009-08-05 23:21 . 2009-08-05 23:23 -------- d-----w- C:\WET
2009-08-05 21:16 . 2009-08-05 21:16 -------- d-----w- C:\rowan
2009-08-05 20:55 . 2009-08-05 20:56 -------- d-----w- c:\program files\RPA713d
2009-08-05 20:55 . 2009-08-05 20:55 -------- d-----w- c:\program files\Common Files\VFP
2009-08-05 10:16 . 2009-08-05 10:29 -------- d-----w- c:\program files\creator2
2009-08-05 10:13 . 2009-08-05 10:13 -------- d-----w- c:\program files\Redblade 3.5e
2009-08-03 15:48 . 2009-08-03 15:48 -------- d-----w- c:\documents and settings\Ozerium\Application Data\streamripper
2009-08-03 15:48 . 2009-08-03 15:48 -------- d-----w- c:\docume~1\Ozerium\APPLIC~1\streamripper
2009-08-03 15:48 . 2009-08-03 15:48 -------- d-----w- c:\program files\Streamripper-1.63-beta-2
2009-07-30 05:11 . 2007-10-23 16:27 110592 ----a-w- c:\documents and settings\Ozerium\Application Data\U3\temp\cleanup.exe
2009-07-30 05:09 . 2008-05-02 17:41 3493888 ---ha-w- c:\documents and settings\Ozerium\Application Data\U3\temp\Launchpad Removal.exe
2009-07-30 05:09 . 2009-07-30 05:11 -------- d-----w- c:\documents and settings\Ozerium\Application Data\U3
2009-07-30 05:09 . 2009-07-30 05:11 -------- d-----w- c:\docume~1\Ozerium\APPLIC~1\U3
2009-07-30 04:22 . 2009-07-30 04:22 -------- d-----w- c:\program files\1C
2009-07-24 01:57 . 2009-07-24 01:57 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-07-22 21:30 . 2009-07-22 21:58 -------- d-----w- c:\documents and settings\Ozerium\Local Settings\Application Data\ArmA 2
2009-07-22 21:30 . 2009-07-22 21:58 -------- d-----w- c:\docume~1\Ozerium\LOCALS~1\APPLIC~1\ArmA 2
2009-07-22 19:42 . 2009-07-28 10:34 -------- d-----w- c:\program files\ARMA II
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 07:52 . 2008-06-15 08:49 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-08-19 07:47 . 2009-02-02 07:12 -------- d-----w- c:\program files\Vuze
2009-08-19 07:32 . 2009-08-19 07:32 57478 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_08_19_00_28_36_small.dmp.zip
2009-08-12 21:40 . 2009-01-22 01:14 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-08-12 21:29 . 2009-08-12 21:39 2950656 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2009-08-12 20:48 . 2009-08-12 21:13 2950144 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2009-08-12 20:48 . 2009-08-12 21:13 2937344 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2009-08-12 20:36 . 2007-10-02 06:04 5536 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-12 19:52 . 2009-01-26 07:07 27756943 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-08-12 18:19 . 2009-02-02 07:14 -------- d-----w- c:\documents and settings\Ozerium\Application Data\Azureus
2009-08-12 18:19 . 2009-02-02 07:14 -------- d-----w- c:\docume~1\Ozerium\APPLIC~1\Azureus
2009-08-12 10:52 . 2008-06-15 09:00 -------- d-----w- c:\program files\Oxin's Style!
2009-08-12 06:39 . 2009-04-01 01:19 -------- d-----w- c:\documents and settings\Ozerium\Application Data\Hamachi
2009-08-12 06:39 . 2009-04-01 01:19 -------- d-----w- c:\docume~1\Ozerium\APPLIC~1\Hamachi
2009-08-11 23:37 . 2007-12-11 07:03 -------- d-----w- c:\documents and settings\Ozerium\Application Data\Xfire
2009-08-11 23:37 . 2007-12-11 07:03 -------- d-----w- c:\docume~1\Ozerium\APPLIC~1\Xfire
2009-08-10 19:30 . 2007-10-01 09:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 00:59 . 2007-10-02 06:00 -------- d-----w- c:\program files\Steam
2009-08-05 23:53 . 2007-12-11 07:03 -------- d-----w- c:\program files\Xfire
2009-08-05 20:54 . 2008-08-28 21:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-05 10:16 . 2007-12-12 04:42 249856 ------w- c:\windows\Setup1.exe
2009-08-05 10:16 . 2007-12-12 04:42 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-07-26 21:09 . 2009-07-26 21:09 74645 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_26_14_02_47_small.dmp.zip
2009-07-26 21:02 . 2009-07-26 21:04 2875904 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2009-07-26 21:02 . 2009-07-26 21:04 2514432 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2009-07-25 18:58 . 2009-07-25 18:58 2873344 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2009-07-21 20:12 . 2009-06-02 22:29 -------- d-----w- c:\program files\Cheat Engine
2009-07-20 19:04 . 2008-09-17 08:11 -------- d-----w- c:\program files\Electronic Arts
2009-07-17 20:14 . 2008-06-15 08:50 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-16 04:00 . 2009-07-16 03:56 -------- d-----w- c:\program files\Singles2
2009-07-15 03:44 . 2007-10-01 09:53 26368 ----a-w- c:\documents and settings\Ozerium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-15 03:44 . 2007-10-01 09:53 26368 ----a-w- c:\docume~1\Ozerium\LOCALS~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2009-07-14 03:45 . 2007-10-09 07:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
2009-07-14 00:31 . 2009-07-14 00:32 2824704 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2009-07-14 00:31 . 2009-07-14 00:32 2916864 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2009-07-11 06:15 . 2009-07-11 06:15 70870 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_10_22_57_26_small.dmp.zip
2009-07-11 05:57 . 2009-07-11 06:00 3051008 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-07-11 05:57 . 2009-07-11 06:00 2801664 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2009-07-10 23:02 . 2009-07-10 22:59 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo!
2009-07-10 22:59 . 2009-07-10 22:59 -------- d-----w- c:\program files\Yahoo!
2009-07-10 00:14 . 2008-08-18 05:29 -------- d-----w- c:\program files\Ubisoft
2009-07-08 05:32 . 2007-11-03 07:03 1313 ----a-w- c:\windows\eReg.dat
2009-07-08 05:24 . 2007-10-07 02:30 -------- d-----w- c:\program files\EA GAMES
2009-07-08 00:20 . 2009-06-25 18:15 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar
2009-07-06 23:51 . 2009-07-06 23:51 -------- d-----w- c:\documents and settings\Ozerium\Application Data\vlc
2009-07-06 23:51 . 2009-07-06 23:51 -------- d-----w- c:\docume~1\Ozerium\APPLIC~1\vlc
2009-07-06 08:54 . 2009-07-06 08:54 27136 ----a-w- c:\windows\~GLH0000.TMP
2009-07-06 00:12 . 2009-07-05 09:03 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-06 00:12 . 2009-07-05 09:03 22328 ----a-w- c:\documents and settings\Ozerium\Application Data\PnkBstrK.sys
2009-07-06 00:12 . 2009-07-05 09:03 22328 ----a-w- c:\documents and settings\Ozerium\Application Data\PnkBstrK.sys
2009-07-06 00:12 . 2009-07-05 09:03 22328 ----a-w- c:\docume~1\Ozerium\APPLIC~1\PnkBstrK.sys
2009-07-06 00:10 . 2009-07-05 09:02 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-06 00:10 . 2009-07-05 09:02 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-06 00:10 . 2009-03-13 23:00 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-05 09:03 . 2009-07-05 09:03 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Ubisoft
2009-07-02 21:36 . 2007-12-05 09:31 -------- d-----w- c:\documents and settings\Ozerium\Application Data\SecondLife
2009-07-02 21:36 . 2007-12-05 09:31 -------- d-----w- c:\docume~1\Ozerium\APPLIC~1\SecondLife
2009-07-01 03:44 . 2009-07-01 03:43 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-01 03:43 . 2009-07-01 03:43 -------- d-----w- c:\documents and settings\Ozerium\Application Data\SystemRequirementsLab
2009-07-01 03:43 . 2009-07-01 03:43 -------- d-----w- c:\docume~1\Ozerium\APPLIC~1\SystemRequirementsLab
2009-07-01 03:43 . 2009-07-01 03:43 207872 ----a-w- c:\documents and settings\Ozerium\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-07-01 03:43 . 2009-07-01 03:43 207872 ----a-w- c:\documents and settings\Ozerium\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-07-01 03:43 . 2009-07-01 03:43 207872 ----a-w- c:\documents and settings\Ozerium\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-07-01 03:43 . 2009-07-01 03:43 207872 ----a-w- c:\documents and settings\Ozerium\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-06-26 16:50 . 2004-08-04 12:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 23:37 . 2009-06-25 23:37 -------- d-----w- c:\program files\OpenAL
2009-06-25 23:37 . 2008-08-26 01:16 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-25 23:37 . 2007-12-08 09:28 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-25 18:14 . 2008-06-15 08:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 18:14 . 2007-12-11 05:39 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-25 08:42 . 2007-10-27 09:31 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 09:56 . 2009-06-12 09:56 4710 ----a-r- c:\documents and settings\Ozerium\Application Data\Microsoft\Installer\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}\_7fdf717c.exe
2009-06-12 09:56 . 2009-06-12 09:56 4710 ----a-r- c:\documents and settings\Ozerium\Application Data\Microsoft\Installer\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}\_3f947574.exe
2009-06-12 09:56 . 2009-06-12 09:56 4710 ----a-r- c:\documents and settings\Ozerium\Application Data\Microsoft\Installer\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}\_188e3184.exe
2009-06-12 09:56 . 2009-06-12 09:56 1078 ----a-r- c:\documents and settings\Ozerium\Application Data\Microsoft\Installer\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}\_2e8633c1.exe
2009-06-09 22:15 . 2009-06-09 22:15 10134 ----a-r- c:\documents and settings\Ozerium\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-08 05:09 . 2009-06-08 05:10 3564544 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-06-08 05:09 . 2009-06-08 05:10 2578432 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-06-07 18:59 . 2009-06-07 19:25 2566144 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-06-06 02:30 . 2009-06-06 02:30 161862 ----a-r- c:\documents and settings\Ozerium\Application Data\Microsoft\Installer\{7958FD50-F724-4A8A-B7B7-F90F6DAF56C2}\_6FEFF9B68218417F98F549.exe
2009-06-06 02:30 . 2009-06-06 02:30 10134 ----a-r- c:\documents and settings\Ozerium\Application Data\Microsoft\Installer\{7958FD50-F724-4A8A-B7B7-F90F6DAF56C2}\_C488E491867C94922FFC7D.exe
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-03-11 05:16 . 2009-03-11 05:16 61 --sh--w- c:\windows\cnerolf.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-25 18:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Ozerium^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Ozerium\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"maya70docserver"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"vsmon"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"LightScribeService"=2 (0x2)
"avg8wd"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\ozerium\\garrysmod\\hl2.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\battlefront.exe"=
"c:\\Program Files\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\ozerium\\the ship\\ship.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\railroad tycoon 3\\RT3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war soulstorm\\soulstorm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\saints row 2\\SR2_pc.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\lost planet extreme condition\\LostPlanetDX9.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\lost planet extreme condition\\LostPlanetDX10.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\crayon physics deluxe demo\\launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trials 2 second edition demo\\launcher.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\bin\\SDKLauncher.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/15/2008 1:50 AM 335752]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/1/2008 12:13 AM 34064]
S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [3/17/2009 5:27 PM 182528]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\AUTORUN.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53746136-8202-11de-aee5-001bb9982408}]
\Shell\AutoRun\command - G:\rcaeasyrip_setup.exe
\Shell\install\command - G:\rcaeasyrip_setup.exe
\Shell\usermanualEnglish\command - G:\rcaeasyrip_setup.exe /pdf_English
\Shell\usermanualFrench\command - G:\rcaeasyrip_setup.exe /pdf_French
\Shell\usermanualSpanish\command - G:\rcaeasyrip_setup.exe /pdf_Spanish
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
Notify-AtiExtEvent - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 0.0.0.0:80
FF - ProfilePath - c:\docume~1\Ozerium\APPLIC~1\Mozilla\Firefox\Profiles\nunlofjk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-20 20:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
Completion time: 2009-08-21 20:41
ComboFix-quarantined-files.txt 2009-08-21 03:41
Pre-Run: 27,190,669,312 bytes free
Post-Run: 28,718,936,064 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
249 --- E O F --- 2009-07-29 12:02
Hi,
Please re-run ComboFix and let it update itself. Post back the log it creates. Post also a fresh dds.txt log.
ComboFix 09-08-21.01 - Ozerium 08/21/2009 20:20.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1629 [GMT -7:00]
Running from: c:\documents and settings\Ozerium\Desktop\Kmar.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\UACgskllrldbo.sys
c:\windows\system32\nY.exe
c:\windows\system32\UACakvtimxdoe.dat
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjdabwuypfq.dll
c:\windows\system32\UACsixnriqpfq.dll
c:\windows\system32\UACtehipfqrsc.dll
c:\windows\system32\UACtjkxwbwisr.db
c:\windows\system32\UACubqovhdyqa.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 )))))))))))))))))))))))))))))))
.
2009-08-05 23:21 . 2009-08-05 23:23 -------- d-----w- C:\WET
2009-08-05 21:16 . 2009-08-05 21:16 -------- d-----w- C:\rowan
2009-08-05 20:55 . 2009-08-05 20:56 -------- d-----w- c:\program files\RPA713d
2009-08-05 20:55 . 2009-08-05 20:55 -------- d-----w- c:\program files\Common Files\VFP
2009-08-05 10:16 . 2009-08-05 10:29 -------- d-----w- c:\program files\creator2
2009-08-05 10:13 . 2009-08-05 10:13 -------- d-----w- c:\program files\Redblade 3.5e
2009-08-03 15:48 . 2009-08-03 15:48 -------- d-----w- c:\documents and settings\Ozerium\Application Data\streamripper
2009-08-03 15:48 . 2009-08-03 15:48 -------- d-----w- c:\program files\Streamripper-1.63-beta-2
2009-07-30 05:11 . 2007-10-23 16:27 110592 ----a-w- c:\documents and settings\Ozerium\Application Data\U3\temp\cleanup.exe
2009-07-30 05:09 . 2008-05-02 17:41 3493888 ---ha-w- c:\documents and settings\Ozerium\Application Data\U3\temp\Launchpad Removal.exe
2009-07-30 05:09 . 2009-07-30 05:11 -------- d-----w- c:\documents and settings\Ozerium\Application Data\U3
2009-07-30 04:22 . 2009-07-30 04:22 -------- d-----w- c:\program files\1C
2009-07-24 01:57 . 2009-07-24 01:57 41872 ----a-w- c:\windows\system32\xfcodec.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 03:14 . 2007-10-02 06:04 5536 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-19 07:52 . 2008-06-15 08:49 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-08-19 07:47 . 2009-02-02 07:12 -------- d-----w- c:\program files\Vuze
2009-08-19 07:32 . 2009-08-19 07:32 57478 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_08_19_00_28_36_small.dmp.zip
2009-08-12 21:40 . 2009-01-22 01:14 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-08-12 21:29 . 2009-08-12 21:39 2950656 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2009-08-12 20:48 . 2009-08-12 21:13 2950144 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2009-08-12 20:48 . 2009-08-12 21:13 2937344 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2009-08-12 19:52 . 2009-01-26 07:07 27756943 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-08-12 18:19 . 2009-02-02 07:14 -------- d-----w- c:\documents and settings\Ozerium\Application Data\Azureus
2009-08-12 10:52 . 2008-06-15 09:00 -------- d-----w- c:\program files\Oxin's Style!
2009-08-12 06:39 . 2009-04-01 01:19 -------- d-----w- c:\documents and settings\Ozerium\Application Data\Hamachi
2009-08-11 23:37 . 2007-12-11 07:03 -------- d-----w- c:\documents and settings\Ozerium\Application Data\Xfire
2009-08-10 19:30 . 2007-10-01 09:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 00:59 . 2007-10-02 06:00 -------- d-----w- c:\program files\Steam
2009-08-05 23:53 . 2007-12-11 07:03 -------- d-----w- c:\program files\Xfire
2009-08-05 20:54 . 2008-08-28 21:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-05 10:16 . 2007-12-12 04:42 249856 ------w- c:\windows\Setup1.exe
2009-08-05 10:16 . 2007-12-12 04:42 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-07-28 10:34 . 2009-07-22 19:42 -------- d-----w- c:\program files\ARMA II
2009-07-26 21:09 . 2009-07-26 21:09 74645 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_26_14_02_47_small.dmp.zip
2009-07-26 21:02 . 2009-07-26 21:04 2875904 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2009-07-26 21:02 . 2009-07-26 21:04 2514432 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2009-07-25 18:58 . 2009-07-25 18:58 2873344 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2009-07-21 20:12 . 2009-06-02 22:29 -------- d-----w- c:\program files\Cheat Engine
2009-07-20 19:04 . 2008-09-17 08:11 -------- d-----w- c:\program files\Electronic Arts
2009-07-17 20:14 . 2008-06-15 08:50 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-16 04:00 . 2009-07-16 03:56 -------- d-----w- c:\program files\Singles2
2009-07-15 03:44 . 2007-10-01 09:53 26368 ----a-w- c:\documents and settings\Ozerium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-14 03:45 . 2007-10-09 07:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
2009-07-14 00:31 . 2009-07-14 00:32 2824704 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2009-07-14 00:31 . 2009-07-14 00:32 2916864 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2009-07-11 06:15 . 2009-07-11 06:15 70870 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_10_22_57_26_small.dmp.zip
2009-07-11 05:57 . 2009-07-11 06:00 3051008 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-07-11 05:57 . 2009-07-11 06:00 2801664 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2009-07-10 23:02 . 2009-07-10 22:59 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo!
2009-07-10 22:59 . 2009-07-10 22:59 -------- d-----w- c:\program files\Yahoo!
2009-07-10 00:14 . 2008-08-18 05:29 -------- d-----w- c:\program files\Ubisoft
2009-07-08 05:32 . 2007-11-03 07:03 1313 ----a-w- c:\windows\eReg.dat
2009-07-08 05:24 . 2007-10-07 02:30 -------- d-----w- c:\program files\EA GAMES
2009-07-08 00:20 . 2009-06-25 18:15 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar
2009-07-06 23:51 . 2009-07-06 23:51 -------- d-----w- c:\documents and settings\Ozerium\Application Data\vlc
2009-07-06 08:54 . 2009-07-06 08:54 27136 ----a-w- c:\windows\~GLH0000.TMP
2009-07-06 00:12 . 2009-07-05 09:03 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-06 00:12 . 2009-07-05 09:03 22328 ----a-w- c:\documents and settings\Ozerium\Application Data\PnkBstrK.sys
2009-07-06 00:12 . 2009-07-05 09:03 22328 ----a-w- c:\documents and settings\Ozerium\Application Data\PnkBstrK.sys
2009-07-06 00:10 . 2009-07-05 09:02 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-06 00:10 . 2009-07-05 09:02 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-06 00:10 . 2009-03-13 23:00 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-05 09:03 . 2009-07-05 09:03 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Ubisoft
2009-07-02 21:36 . 2007-12-05 09:31 -------- d-----w- c:\documents and settings\Ozerium\Application Data\SecondLife
2009-07-01 03:44 . 2009-07-01 03:43 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-01 03:43 . 2009-07-01 03:43 -------- d-----w- c:\documents and settings\Ozerium\Application Data\SystemRequirementsLab
2009-07-01 03:43 . 2009-07-01 03:43 207872 ----a-w- c:\documents and settings\Ozerium\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-07-01 03:43 . 2009-07-01 03:43 207872 ----a-w- c:\documents and settings\Ozerium\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-07-01 03:43 . 2009-07-01 03:43 207872 ----a-w- c:\documents and settings\Ozerium\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-07-01 03:43 . 2009-07-01 03:43 207872 ----a-w- c:\documents and settings\Ozerium\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-06-26 16:50 . 2004-08-04 12:00 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 23:37 . 2009-06-25 23:37 -------- d-----w- c:\program files\OpenAL
2009-06-25 23:37 . 2008-08-26 01:16 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-25 23:37 . 2007-12-08 09:28 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-25 18:15 . 2009-06-25 18:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-25 18:14 . 2008-06-15 08:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 18:14 . 2007-12-11 05:39 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-25 08:42 . 2007-10-27 09:31 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 09:56 . 2009-06-12 09:56 4710 ----a-r- c:\documents and settings\Ozerium\Application Data\Microsoft\Installer\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}\_7fdf717c.exe
2009-06-12 09:56 . 2009-06-12 09:56 4710 ----a-r- c:\documents and settings\Ozerium\Application Data\Microsoft\Installer\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}\_3f947574.exe
2009-06-12 09:56 . 2009-06-12 09:56 4710 ----a-r- c:\documents and settings\Ozerium\Application Data\Microsoft\Installer\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}\_188e3184.exe
2009-06-12 09:56 . 2009-06-12 09:56 1078 ----a-r- c:\documents and settings\Ozerium\Application Data\Microsoft\Installer\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}\_2e8633c1.exe
2009-06-09 22:15 . 2009-06-09 22:15 10134 ----a-r- c:\documents and settings\Ozerium\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-08 05:09 . 2009-06-08 05:10 3564544 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-06-08 05:09 . 2009-06-08 05:10 2578432 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-06-07 18:59 . 2009-06-07 19:25 2566144 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-06-06 02:30 . 2009-06-06 02:30 161862 ----a-r- c:\documents and settings\Ozerium\Application Data\Microsoft\Installer\{7958FD50-F724-4A8A-B7B7-F90F6DAF56C2}\_6FEFF9B68218417F98F549.exe
2009-06-06 02:30 . 2009-06-06 02:30 10134 ----a-r- c:\documents and settings\Ozerium\Application Data\Microsoft\Installer\{7958FD50-F724-4A8A-B7B7-F90F6DAF56C2}\_C488E491867C94922FFC7D.exe
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-03-11 05:16 . 2009-03-11 05:16 61 --sh--w- c:\windows\cnerolf.bin
.
((((((((((((((((((((((((((((( SnapShot@2009-08-21_03.39.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-09-30 18:31 . 2009-08-22 03:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-09-30 18:31 . 2009-08-21 03:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-09-30 18:31 . 2009-08-22 03:12 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-09-30 18:31 . 2009-08-21 03:28 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-25 18:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Ozerium^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Ozerium\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"maya70docserver"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"vsmon"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"LightScribeService"=2 (0x2)
"avg8wd"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\ozerium\\garrysmod\\hl2.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\battlefront.exe"=
"c:\\Program Files\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\ozerium\\the ship\\ship.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\railroad tycoon 3\\RT3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war soulstorm\\soulstorm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\saints row 2\\SR2_pc.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\lost planet extreme condition\\LostPlanetDX9.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\lost planet extreme condition\\LostPlanetDX10.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\crayon physics deluxe demo\\launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trials 2 second edition demo\\launcher.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\bin\\SDKLauncher.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/15/2008 1:50 AM 335752]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/1/2008 12:13 AM 34064]
S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [3/17/2009 5:27 PM 182528]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 0.0.0.0:80
FF - ProfilePath - c:\docume~1\Ozerium\APPLIC~1\Mozilla\Firefox\Profiles\nunlofjk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-21 20:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1004336348-2025429265-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:06,41,3e,12,d8,4c,9e,fd,5b,ee,82,bc,8c,72,92,23,0f,0b,a5,55,69,30,fa,
75,a3,5f,7e,3b,dc,03,8a,26,6c,4c,ad,7c,e1,89,8b,64,dd,a6,11,50,93,1f,c7,ef,\
"??"=hex:5d,d0,e5,8e,45,b8,8b,be,95,6e,ba,7d,af,57,90,86
[HKEY_USERS\S-1-5-21-1004336348-2025429265-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:43,76,81,82,6c,bb,61,ba,8d,a5,d1,ff,16,3a,29,e1,87,f0,8c,47,be,
91,80,c8,d5,a4,d5,0d,e7,c4,17,4e,21,b0,fd,33,4b,4a,92,b5,62,10,91,05,65,77,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ�•€|ù•A~�*]
"91A14B995DF7C0B42ABAA16065968F3A"="c:\\Program Files\\Alias\\Maya7.0\\presets\\Ashli\\"
.
Completion time: 2009-08-22 20:34
ComboFix-quarantined-files.txt 2009-08-22 03:34
ComboFix2.txt 2009-08-21 03:41
Pre-Run: 28,613,677,056 bytes free
Post-Run: 28,558,331,904 bytes free
245 --- E O F --- 2009-07-29 12:02
DDS (Ver_09-07-30.01) - NTFSx86
Run by Ozerium at 20:36:21.90 on Fri 08/21/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1440 [GMT -7:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Ozerium\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 0.0.0.0:80
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191914653000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ozerium\applic~1\mozilla\firefox\profiles\nunlofjk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-15 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-12-10 27784]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-10-16 353672]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064]
S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2009-3-17 182528]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
S4 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
=============== Created Last 30 ================
2009-08-21 20:16 <DIR> --ds---- C:\Kmar
2009-08-20 20:40 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-20 20:32 <DIR> a-dshr-- C:\cmdcons
2009-08-20 20:31 228,864 a------- c:\windows\PEV.exe
2009-08-20 20:31 161,792 a------- c:\windows\SWREG.exe
2009-08-20 20:31 98,816 a------- c:\windows\sed.exe
2009-08-05 16:21 59 a------- c:\windows\WET.INI
2009-08-05 16:21 <DIR> --d----- C:\WET
2009-08-05 14:16 <DIR> --d----- C:\rowan
2009-08-05 13:55 <DIR> --d----- c:\program files\RPA713d
2009-08-05 13:55 <DIR> --d----- c:\program files\common files\VFP
2009-08-05 03:16 <DIR> --d----- c:\program files\creator2
2009-08-05 03:13 <DIR> --d----- c:\program files\Redblade 3.5e
2009-08-03 08:48 <DIR> --d----- c:\docume~1\ozerium\applic~1\streamripper
2009-08-03 08:48 <DIR> --d----- c:\program files\Streamripper-1.63-beta-2
2009-07-29 21:22 <DIR> --d----- c:\program files\1C
2009-07-23 18:57 41,872 a------- c:\windows\system32\xfcodec.dll
==================== Find3M ====================
2009-08-21 20:14 5,536 a------- c:\windows\system32\d3d9caps.dat
2009-08-05 03:16 249,856 -------- c:\windows\Setup1.exe
2009-08-05 03:16 73,216 a------- c:\windows\ST6UNST.EXE
2009-07-17 13:14 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-06 01:54 27,136 a------- c:\windows\~GLH0000.TMP
2009-07-05 17:12 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-05 17:12 22,328 a------- c:\docume~1\ozerium\applic~1\PnkBstrK.sys
2009-07-05 17:10 107,832 a------- c:\windows\system32\PnkBstrB.exe
2009-07-05 17:10 2,337,865 a------- c:\windows\system32\pbsvc.exe
2009-07-05 17:10 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-06-26 09:50 666,624 -------- c:\windows\system32\wininet.dll
2009-06-26 09:50 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-25 16:37 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-06-25 16:37 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-06-25 11:14 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-25 01:42 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-03-10 22:16 61 ---sh--- c:\windows\cnerolf.bin
============= FINISH: 20:36:34.68 ===============
Hi again,
Is this piece of proxy server settings set by yourself: 0.0.0.0:80 ?
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer
Open notepad and copy/paste the text in the quotebox below into it:
DDS::
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
File::
c:\windows\cnerolf.bin
Folder::
c:\program files\Vuze
c:\documents and settings\Ozerium\Application Data\Azureus
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into Kmar.exe
Then post the resultant log.
Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.
Uninstall old Adobe Reader versions and get the latest one (9.1 + updates 9.1.2 and 9.1.3 for it) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
Check here (http://www.adobe.com/software/flash/about/) to see if your Flash is up-to-date. If not, uninstall vulnerable versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...
Updating Java:
Download the latest version of Java Runtime Environment (JRE) 6 Update 16 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.
Double-click ATF Cleaner.exe to open it
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program.
Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, August 22, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, August 22, 2009 09:43:42
Records in database: 2676050
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
F:\
Scan statistics:
Objects scanned: 392758
Threats found: 7
Infected objects found: 11
Suspicious objects found: 0
Scan duration: 05:18:21
File name / Threat / Threats count
C:\Documents and Settings\Ozerium\My Documents\Azureus Downloads\HK Game Collection.rar Infected: Trojan.Win32.Agent.bzpp 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACgskllrldbo.sys.vir Infected: Rootkit.Win32.Agent.oxr 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\net.net.vir Infected: Trojan-Clicker.Win32.VBiframe.zu 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACjdabwuypfq.dll.vir Infected: Trojan.Win32.Tdss.anrc 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACsixnriqpfq.dll.vir Infected: Trojan.Win32.TDSS.amwo 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACtehipfqrsc.dll.vir Infected: Packed.Win32.TDSS.y 1
C:\System Volume Information\_restore{B61947DD-24C1-4602-95F8-88FB8DE0D2D4}\RP509\A0152596.exe Infected: not-a-virus:RiskTool.Win32.VB.h 1
C:\System Volume Information\_restore{B61947DD-24C1-4602-95F8-88FB8DE0D2D4}\RP554\A0160859.sys Infected: Rootkit.Win32.Agent.oxr 1
C:\System Volume Information\_restore{B61947DD-24C1-4602-95F8-88FB8DE0D2D4}\RP554\A0160860.dll Infected: Trojan.Win32.TDSS.amwo 1
C:\System Volume Information\_restore{B61947DD-24C1-4602-95F8-88FB8DE0D2D4}\RP554\A0160861.dll Infected: Trojan.Win32.Tdss.anrc 1
C:\System Volume Information\_restore{B61947DD-24C1-4602-95F8-88FB8DE0D2D4}\RP554\A0160863.dll Infected: Packed.Win32.TDSS.y 1
Selected area has been scanned.
DDS (Ver_09-07-30.01) - NTFSx86
Run by Ozerium at 12:22:43.00 on Sat 08/22/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1523 [GMT -7:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ozerium\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 0.0.0.0:80
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191914653000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ozerium\applic~1\mozilla\firefox\profiles\nunlofjk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-15 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-12-10 27784]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-10-16 353672]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064]
S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2009-3-17 182528]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
S4 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
=============== Created Last 30 ================
2009-08-22 01:33 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-22 01:33 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-22 00:56 <DIR> --ds---- C:\Kmar
2009-08-22 00:49 552 a------- c:\windows\system32\d3d8caps.dat
2009-08-20 20:40 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-20 20:32 <DIR> a-dshr-- C:\cmdcons
2009-08-20 20:31 228,864 a------- c:\windows\PEV.exe
2009-08-20 20:31 161,792 a------- c:\windows\SWREG.exe
2009-08-20 20:31 98,816 a------- c:\windows\sed.exe
2009-08-13 12:53 41,872 a------- c:\windows\system32\xfcodec.dll
2009-08-05 16:21 59 a------- c:\windows\WET.INI
2009-08-05 16:21 <DIR> --d----- C:\WET
2009-08-05 14:16 <DIR> --d----- C:\rowan
2009-08-05 13:55 <DIR> --d----- c:\program files\RPA713d
2009-08-05 13:55 <DIR> --d----- c:\program files\common files\VFP
2009-08-05 03:16 <DIR> --d----- c:\program files\creator2
2009-08-05 03:13 <DIR> --d----- c:\program files\Redblade 3.5e
2009-08-03 08:48 <DIR> --d----- c:\docume~1\ozerium\applic~1\streamripper
2009-08-03 08:48 <DIR> --d----- c:\program files\Streamripper-1.63-beta-2
2009-07-29 21:22 <DIR> --d----- c:\program files\1C
==================== Find3M ====================
2009-08-22 01:13 5,536 a------- c:\windows\system32\d3d9caps.dat
2009-08-05 03:16 249,856 -------- c:\windows\Setup1.exe
2009-08-05 03:16 73,216 a------- c:\windows\ST6UNST.EXE
2009-07-17 13:14 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-06 01:54 27,136 a------- c:\windows\~GLH0000.TMP
2009-07-05 17:12 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-05 17:12 22,328 a------- c:\docume~1\ozerium\applic~1\PnkBstrK.sys
2009-07-05 17:10 107,832 a------- c:\windows\system32\PnkBstrB.exe
2009-07-05 17:10 2,337,865 a------- c:\windows\system32\pbsvc.exe
2009-07-05 17:10 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-06-26 09:50 666,624 -------- c:\windows\system32\wininet.dll
2009-06-26 09:50 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-25 16:37 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-06-25 16:37 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-06-25 11:14 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-25 01:42 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
============= FINISH: 12:23:04.51 ===============
ComboFix 09-08-21.01 - Ozerium 08/22/2009 0:57.3.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1711 [GMT -7:00]
Running from: c:\documents and settings\Ozerium\Desktop\Kmar.exe
Command switches used :: c:\documents and settings\Ozerium\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FILE ::
"c:\windows\cnerolf.bin"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Ozerium\Application Data\Azureus
c:\documents and settings\Ozerium\Application Data\Azureus\.certs
c:\documents and settings\Ozerium\Application Data\Azureus\.keystore
c:\documents and settings\Ozerium\Application Data\Azureus\.lock
c:\documents and settings\Ozerium\Application Data\Azureus\active\070E57D7FFE9E98CBE00EA77E1657CEAE5AC190F.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\070E57D7FFE9E98CBE00EA77E1657CEAE5AC190F.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\084648723BE61874D1FFD6B62845E7D7FF8F5DE3.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\084648723BE61874D1FFD6B62845E7D7FF8F5DE3.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\08B73BA8699335253AB76A0EB9BCAA1E187CB9F2.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\08B73BA8699335253AB76A0EB9BCAA1E187CB9F2.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\0CB7368A5B8869AB2FE5E2818B780CD52DBBDB7E.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\0CB7368A5B8869AB2FE5E2818B780CD52DBBDB7E.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\0D263FA80201879D06EA87B79498524A4870B888.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\0D263FA80201879D06EA87B79498524A4870B888.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\1E1BAC5CCCBA7600E1A70132FB00F8589FA0DF98.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\1E1BAC5CCCBA7600E1A70132FB00F8589FA0DF98.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\1F5698AB535F1493664D7BADA9C11431F0488729.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\1F5698AB535F1493664D7BADA9C11431F0488729.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\1F85BB3E5380209F06B2955D823FE579EF7DC4B2.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\1F85BB3E5380209F06B2955D823FE579EF7DC4B2.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\245B9DBACB679F4C51FF60CCF9041810A8C0A470.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\245B9DBACB679F4C51FF60CCF9041810A8C0A470.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\2DC58C859F44B10DDFA18650A7CB51BAFB5D6395.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\2DC58C859F44B10DDFA18650A7CB51BAFB5D6395.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\2F2CE4BBC543930FABCEC42FC070BC0E333748AC.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\2F2CE4BBC543930FABCEC42FC070BC0E333748AC.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\30E2B7E0852BAC578820496A025A2B9524AF62D2.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\30E2B7E0852BAC578820496A025A2B9524AF62D2.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\31460AC94D57D04A4BF34760D5D6EE4A756B2E3A.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\31460AC94D57D04A4BF34760D5D6EE4A756B2E3A.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\35F4809587C2E5678FEDD5D2E0C1540063D4D763.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\35F4809587C2E5678FEDD5D2E0C1540063D4D763.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\3DDE7F088F0F1E7299BAA48888E959B9C378375B.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\3DDE7F088F0F1E7299BAA48888E959B9C378375B.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\40D4F5B658AD0ED222B6AE35DA50B5A1C7678611.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\40D4F5B658AD0ED222B6AE35DA50B5A1C7678611.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\42498C87138630EDAB7C19B0CC6A92BBFA24D5F2.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\42498C87138630EDAB7C19B0CC6A92BBFA24D5F2.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\447E78B463991001A7B5B722767E0F05B942347E.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\447E78B463991001A7B5B722767E0F05B942347E.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\4C1E3FFA7AFEB1B078DD82848E77E29E97DB60F7.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\4C1E3FFA7AFEB1B078DD82848E77E29E97DB60F7.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\50F03DAD349EA24E08088EAF163B2C54B03799AB.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\50F03DAD349EA24E08088EAF163B2C54B03799AB.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\55B2E01C0D6CFFC09C89FCB34D364AD107139193.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\55B2E01C0D6CFFC09C89FCB34D364AD107139193.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\565AA142C865C4851FCE17164AE6A2C5885343C0.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\565AA142C865C4851FCE17164AE6A2C5885343C0.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\60E2AA5DEB8E5D7516F1D5D93B662E33EBBD02D3.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\60E2AA5DEB8E5D7516F1D5D93B662E33EBBD02D3.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\7366D117BE06E8FCB0AE1FA0A5CA850D5504D9A5.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\7366D117BE06E8FCB0AE1FA0A5CA850D5504D9A5.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\74E9A4B603FC367029659881DCC00344B6F993E7.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\74E9A4B603FC367029659881DCC00344B6F993E7.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\7681E17B9EFCB9FF952414750E069299DB77FADA.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\7681E17B9EFCB9FF952414750E069299DB77FADA.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\7C5B673E0B74E865EB1D7A74962DA4364B75CDE6.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\7C5B673E0B74E865EB1D7A74962DA4364B75CDE6.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\7F370F70DC9527F2BB947567AFC11B7020616143.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\7F370F70DC9527F2BB947567AFC11B7020616143.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\7FFFBD312AAEF88DA3FFACA445533F9CBABEEF9F.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\7FFFBD312AAEF88DA3FFACA445533F9CBABEEF9F.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\802E4A2601D5F2DB593B0D8FC2F3775E914E9478.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\802E4A2601D5F2DB593B0D8FC2F3775E914E9478.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\80A1DD307F734759F2B0F26CB85C811AE1F12A66.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\80A1DD307F734759F2B0F26CB85C811AE1F12A66.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\8970FD656F9D19D9023B7979D27466F922BE1565.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\8970FD656F9D19D9023B7979D27466F922BE1565.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\89D88DEEEF217614E624A63E84B65DA3396911E5.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\89D88DEEEF217614E624A63E84B65DA3396911E5.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\92D4E3938E7DD48FF99C6398AA7EF7F0B96050F3.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\92D4E3938E7DD48FF99C6398AA7EF7F0B96050F3.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\99615AFFAB3DA39FBCBAFC8C51817AFBA5CF371F.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\99615AFFAB3DA39FBCBAFC8C51817AFBA5CF371F.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\9D5A914C7E7E62D4201EF925DDEC17857AEC6BAF.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\9D5A914C7E7E62D4201EF925DDEC17857AEC6BAF.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\9D74C409F183357701E899437D507D486FF27395.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\9D74C409F183357701E899437D507D486FF27395.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\9FBC39D4DAFBB64ED252AB652F676E186BC88AD7.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\9FBC39D4DAFBB64ED252AB652F676E186BC88AD7.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\A296FCA411D86F4AFC2C3F9A9D423463771A8EB4.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\A296FCA411D86F4AFC2C3F9A9D423463771A8EB4.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\A34E1B2703F1467BC853E5426752AA17BF849B1D.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\A34E1B2703F1467BC853E5426752AA17BF849B1D.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\AB894E66037C578CC4776DFBBEC5422E43F026AC.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\AB894E66037C578CC4776DFBBEC5422E43F026AC.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\B4829944DB1D149CA1245A919950BD42403F39E9.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\B4829944DB1D149CA1245A919950BD42403F39E9.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\B5039F6DE49CBFDC0FC5BDFF23D4EA6E8F06F9FE.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\B5039F6DE49CBFDC0FC5BDFF23D4EA6E8F06F9FE.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\BCCC98DA6EE8869D90F3B358E39A021531C3D697.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\BCCC98DA6EE8869D90F3B358E39A021531C3D697.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\C009AD00BC2B4ED4FACB61986802C289BBD8DBC3.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\C009AD00BC2B4ED4FACB61986802C289BBD8DBC3.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\C40E77CE71FD8FEF9E5BCFE551032D1F5C54C3D2.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\C40E77CE71FD8FEF9E5BCFE551032D1F5C54C3D2.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\C5D00722CF38ED668085CDDE3DC98952189B9E3F.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\C5D00722CF38ED668085CDDE3DC98952189B9E3F.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\C6CF4613ECAEC5157F90CCA692D6AE6F40FF8CDD.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\C6CF4613ECAEC5157F90CCA692D6AE6F40FF8CDD.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\CAB5393237EFEB31F4B09D2034E6AE9E3342AC5E.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\CAB5393237EFEB31F4B09D2034E6AE9E3342AC5E.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\CD78F1BEA1499B4CA01ABD725B2F368C7EBA6FD6.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\CD78F1BEA1499B4CA01ABD725B2F368C7EBA6FD6.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\D52945B4FEA266D66C874FB7818604F20DDCED7B.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\D52945B4FEA266D66C874FB7818604F20DDCED7B.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\D66A40142455F46A4E3CF5775D7385438D27A63C.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\D66A40142455F46A4E3CF5775D7385438D27A63C.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\E3559699286FAC008FF406883F78E14BB5920CCD.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\E3559699286FAC008FF406883F78E14BB5920CCD.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\ED9015041EAFB6A79E614655818E4537E16D3F6F.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\ED9015041EAFB6A79E614655818E4537E16D3F6F.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\EE88B36C1CFF98694AACFE092115CD1BE3CA05A2.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\EE88B36C1CFF98694AACFE092115CD1BE3CA05A2.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\EF6B8A9EF219F7821899323A8C4EB080170A2C07.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\EF6B8A9EF219F7821899323A8C4EB080170A2C07.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\F719B64F666F709A8A48980C2E0EFE9736B0805B.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\F719B64F666F709A8A48980C2E0EFE9736B0805B.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\active\F7D5705E6E52DC25ABEFF0D47FEE6E41DAE4830B.dat
c:\documents and settings\Ozerium\Application Data\Azureus\active\F7D5705E6E52DC25ABEFF0D47FEE6E41DAE4830B.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\azureus.config
c:\documents and settings\Ozerium\Application Data\Azureus\azureus.config.bak
c:\documents and settings\Ozerium\Application Data\Azureus\azureus.statistics
c:\documents and settings\Ozerium\Application Data\Azureus\azureus.statistics.bak
c:\documents and settings\Ozerium\Application Data\Azureus\banips.config
c:\documents and settings\Ozerium\Application Data\Azureus\banips.config.bak
c:\documents and settings\Ozerium\Application Data\Azureus\cache\1191085919.ico
c:\documents and settings\Ozerium\Application Data\Azureus\cache\Thumbs.db
c:\documents and settings\Ozerium\Application Data\Azureus\cnetworks.config
c:\documents and settings\Ozerium\Application Data\Azureus\devices.config
c:\documents and settings\Ozerium\Application Data\Azureus\devices.config.bak
c:\documents and settings\Ozerium\Application Data\Azureus\dht\addresses.dat
c:\documents and settings\Ozerium\Application Data\Azureus\dht\contacts.dat
c:\documents and settings\Ozerium\Application Data\Azureus\dht\diverse.dat
c:\documents and settings\Ozerium\Application Data\Azureus\dht\general.dat
c:\documents and settings\Ozerium\Application Data\Azureus\dht\version.dat
c:\documents and settings\Ozerium\Application Data\Azureus\downloads.config
c:\documents and settings\Ozerium\Application Data\Azureus\downloads.config.bak
c:\documents and settings\Ozerium\Application Data\Azureus\friends.config
c:\documents and settings\Ozerium\Application Data\Azureus\friends.config.bak
c:\documents and settings\Ozerium\Application Data\Azureus\ipfilter.cache
c:\documents and settings\Ozerium\Application Data\Azureus\logs\alerts_1.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\AutoSpeedSearchHistory_2.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\clientid_1.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\CNetworks_1.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\debug_1.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\debug_2.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\Devices_1.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\Friends_1.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\Friends_2.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\MetaSearch_1.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\MetaSearch_2.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\MetaSearch_Engine_3.txt
c:\documents and settings\Ozerium\Application Data\Azureus\logs\MetaSearch_Engine_4.txt
c:\documents and settings\Ozerium\Application Data\Azureus\logs\MetaSearch_Engine_5.txt
c:\documents and settings\Ozerium\Application Data\Azureus\logs\MetaSearch_Engine_9.txt
c:\documents and settings\Ozerium\Application Data\Azureus\logs\NetStatus_1.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\seltrace_1.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\seltrace_2.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\Subscriptions_1.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\Subscriptions_2.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\thread_1.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\thread_2.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\v3.ads_1.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\v3.CMsgr_1.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\v3.CMsgr_2.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\v3.emp_1.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\v3.emp_2.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\v3.Friends_1.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\v3.Friends_2.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\v3.MD_1.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\v3.PMsgr_1.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\v3.PMsgr_2.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\v3.Stream_1.log
c:\documents and settings\Ozerium\Application Data\Azureus\logs\WP_xsearch_1.log
c:\documents and settings\Ozerium\Application Data\Azureus\media\azpd\A4HFPV775HUYZPQA5J36CZL45LS2YGIP.azpd
c:\documents and settings\Ozerium\Application Data\Azureus\metasearch.config
c:\documents and settings\Ozerium\Application Data\Azureus\metasearch.config.bak
c:\documents and settings\Ozerium\Application Data\Azureus\net\pm_7132.dat
c:\documents and settings\Ozerium\Application Data\Azureus\net\pm_default.dat
c:\documents and settings\Ozerium\Application Data\Azureus\plugins\azupnpav\cd.dat
c:\documents and settings\Ozerium\Application Data\Azureus\sidebarauto.config
c:\documents and settings\Ozerium\Application Data\Azureus\sidebarauto.config.bak
c:\documents and settings\Ozerium\Application Data\Azureus\subs\0123657A937B15EE5DD6.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\015AF889DA7325389AA5.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\01F578F2B4063465E0BA.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\02251A3847ED88653629.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\034F54113CFA72C4A752.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\047969C2F30A401262F9.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\04C338277C616F094E36.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\04C5EE008E353478F7DD.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\06BCD16D81F66BFF3288.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\07ABDD32A54D704B48FE.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\080CBFDD763057C0601E.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\0924AAF311A58889AAC1.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\0B3B392F9D66130CCFBB.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\0BD1FEEB1BF2CD0C32C1.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\0F193C9F601B15C4EFFE.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\11C17078DCF36587B966.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\11CA92D2F7E3F6C3EA54.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\152DDC20BCA924D06600.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\1700EB24274C9A45BBD3.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\187680EBA219DCC62E85.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\19D197C718E86D5B1B15.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\1A15A809B4D0A8467DDA.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\1A72B8C5F41088025749.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\1BAF7BCFBFF6391B49E2.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\1F39C683567770C4431A.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\1FBC59DE1C0A9CA810DF.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\21B6F154E1FA75E4DF0A.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\23874448F3148CDD35E7.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\23F3760A461D59A5B8A2.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\24B8E9AC78200A71D3DA.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\2757E34B3081117F721B.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\2774D20AC8B9E8A7F220.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\283403C4C6D31C8E3920.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\28E3B0E8EC5595802342.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\2A39025924D88520EC8C.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\2B74D4F8201E2D54AB85.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\2F958A7A3C7B19922A3E.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\32E8D1849848B7F51127.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\3328842C99EF8DA63AB4.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\335590FBC333542E5F03.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\38462949FB97ABE8B893.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\38F8DC7A9F66B094C277.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\41B5BA8E964DADE2D58B.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\42683CD2BD7A768703AE.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\447229A3A371779E8871.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\48E8217C8F6D56B788DD.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\494DB665D52CE930E652.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\4BCDBEA7B1B1C0C65DC6.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\4DB89BB311531CDA9163.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\4F5D92DCB17E8F9148BB.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\54004C0B7ADCCE4069C9.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\575EFF521BB579D70011.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\581765478D3517627C73.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\5CBA0BA6AAA42E09B126.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\5E1A6C0B214F13EF288E.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\5F78AD8919FF8EA67371.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\64538178FF58BCC5F791.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\6AA8BDF451549D6FAF81.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\6FD88BE8E415E614F3E3.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\7076DB20A5F225DDB82C.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\7121CFED9C398458EF19.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\737553100CB057ACF094.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\75073EF5A9EA448FA71D.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\75113A61137120AEA18F.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\7846B1993F2FE68414E5.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\78D5C49629E0683929E4.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\792CDFC572E79D34F860.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\798DD807A93EF72C8C89.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\7B8FBFD9880479B8715E.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\7F3FF06351F0D180F55B.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\80591F61EAE1F40B888B.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\80C74BC42F3B634E24D1.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\83CC52290231354014F5.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\87ADF8E41A1DB5628FEF.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\87E23B1872099785E348.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\895A308B0AAAD5DA3C8E.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\8A46B7F5952EA6EC4BE6.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\8A58D503C8E522B174D2.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\8AD6706F75A1518B4D0A.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\8DE6E5753F5ADF094F49.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\9167E16C9B7944056AC7.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\91E76948EC00BC23A392.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\91EE31DA11E5F733B260.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\929B082F0059EF7B31A8.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\92F32BC27ECCCF2964AD.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\95B34C1A1F40931D0972.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\9A4D688931D0F405DF36.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\9E237788D4D76B223412.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\A884E873E95025BEF901.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\AFBCA570F52765F3E94F.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\B2A2DEEF124360256955.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\BAD9AC808DA5DC699651.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\BD18B87213B8B15BE794.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\C9EBC80E3E1D103634DB.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\CDEFF94C15D12EAECFF7.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\CE93D94E69003AC1E36E.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\CEA06BACAA04C3DAA925.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\CECEFD4AD0AE5D7B9B76.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\D13056309889E84ACB26.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\D587D298DFBC2A3CA676.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\DC197E16BE4B89DE1AEF.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\E0AACAD7C60A3B770DDE.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\E2AACE837F46549B8861.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\E3FAFADD4E7B350EBFCD.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\E67D8443DF3B6D5C02B4.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\F03D0D98BA52205C120E.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\F14DB936646DBBA8A53E.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\F2F733158445FA5EE38D.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\F61DD2E5A0FFAA417F95.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\F6EB481F42D7A6D98C5A.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\F79561DE25ADCAEF8BE3.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\F83FF09FD1799E21FAA7.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subs\F857C2C281DAA87ECCAC.vuze
c:\documents and settings\Ozerium\Application Data\Azureus\subscriptions.config
c:\documents and settings\Ozerium\Application Data\Azureus\subscriptions.config.bak
c:\documents and settings\Ozerium\Application Data\Azureus\tables.config
c:\documents and settings\Ozerium\Application Data\Azureus\tables.config.bak
c:\documents and settings\Ozerium\Application Data\Azureus\tmp\AZU58139.tmp
c:\documents and settings\Ozerium\Application Data\Azureus\tmp\AZU58140.tmp
c:\documents and settings\Ozerium\Application Data\Azureus\tmp\AZU58141.tmp
c:\documents and settings\Ozerium\Application Data\Azureus\tmp\AZU58142.tmp
c:\documents and settings\Ozerium\Application Data\Azureus\tmp\AZU58143.tmp
c:\documents and settings\Ozerium\Application Data\Azureus\tmp\AZU58144.tmp
c:\documents and settings\Ozerium\Application Data\Azureus\tmp\AZU58145.tmp
c:\documents and settings\Ozerium\Application Data\Azureus\tmp\AZU58146.tmp
c:\documents and settings\Ozerium\Application Data\Azureus\tmp\AZU58161.tmp
c:\documents and settings\Ozerium\Application Data\Azureus\tmp\AZU58162.tmp
c:\documents and settings\Ozerium\Application Data\Azureus\tmp\AZU58163.tmp
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\[A-Thryst] Kuroshitsuji - 01 (1280x720 H264) [B72FC24F].mkv.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\[A-Thryst] Kuroshitsuji - 02 (1280x720 H264) [9F1319DF].mkv.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\[A-Thryst] Kuroshitsuji - 03 (1280x720 H264) [EA63B049].mkv.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\[A-Thryst] Kuroshitsuji - 04 (XviD) [9EC736D8].avi(2).torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\[A-Thryst] Kuroshitsuji - 05 (XviD) [267F81D8].avi.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\[Shinsen-Subs]_Kuroshitsuji_-_04_[1280x720_H264_Vorbis][C2749449].mkv.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\[Shinsen-Subs]_Kuroshitsuji_-_04_[704x400_XviD_MP3][C152B326].avi.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\[Shinsen-Subs]_Kuroshitsuji_-_05_[1280x720_H264_Vorbis][C0F2C965].mkv(2).torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\[Shinsen-Subs]_Kuroshitsuji_-_05_[704x400_H264_Vorbis][A71F5A7C].mkv(2).torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\[Shinsen-Subs]_Kuroshitsuji_-_06_[1280x720_H264_Vorbis][B13B87C6].mkv.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\_8nF_IRF__Kuroshitsuji_21_AVI_sub_esp_Octava_no_Fansub_Inu_acute_s_Revolution_Fansub.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\_Game____WarCraft_3_Reign_of_Chaos___Full_Retail___ISO.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\_gg__Hetalia_Axis_Powers___01__Webcast___047F1273__mkv.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\_Ronery__Kuroshitsuji___16__XviD___987EF4F4__avi.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\_Ronery__Kuroshitsuji___17__XviD___D2831C86__avi.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\_Ronery__Kuroshitsuji___18__XviD___590ED45D__avi.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\_Ronery__Kuroshitsuji___19__XviD__ACC2AFAE__avi.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\_Ronery__Kuroshitsuji___20__XviD__14B117BC__avi.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\_Ronery__Kuroshitsuji___22__720p__CA35BF9A__mkv.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\_Ronery__Kuroshitsuji___23__720p__F986BEDB__mkv.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\_Ronery__Kuroshitsuji___24__END__XviD__B024D115__avi(2).torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\_Shinsen_Subs__Kuroshitsuji___07__1280x720_H264_Vorbis__4C7EE72C__mkv.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\_Shinsen_Subs__Kuroshitsuji___08__704x400_XviD_MP3__03C47866__avi.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\_Shinsen_Subs__Kuroshitsuji___09__704x400_XviD_MP3__8832E044__avi.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\_Shinsen_Subs__Kuroshitsuji___10__1280x720_H264_Vorbis__8079B099__mkv.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\_Shinsen_Subs__Kuroshitsuji___11__704x400_XviD_MP3__F6CB0DD9__avi.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\_Shinsen_Subs__Kuroshitsuji___12__1280x720_H264_Vorbis__32FCACC9__mkv.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\_Shinsen_Subs__Kuroshitsuji___13__704x400_XviD_MP3__A8DCF1C6__avi.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\_Shinsen_Subs__Kuroshitsuji___14__1280x720_H264_Vorbis__DC53344C__mkv.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\_Shinsen_Subs__Kuroshitsuji___15__704x400_XviD_MP3__B14F11FA__avi.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\_Shinsen_Subs__Night_Head_Genesis [mininova].torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Abby_Winters___Yoga_Girls.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Abby_Winters_Masturbation_Scenes_______________FFF.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Acoustica_Mixcraft_4_5_b116__h33t__deepstatus_.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\AZU1126.tmp
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\AZU24211.tmp
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\AZU30415.tmp
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\AZU35268.tmp
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\AZU6334.tmp
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\AZU6339.tmp
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\AZU7021.tmp
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Digital_Combat_Simulator_Black_Shark.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Electric_Guitar_making_E_books.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Flying Corps Gold.rar.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Forgotten_Hope_2.15_FULL_pass.rar.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Futurama_Movies_1___4.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Gunsmithing.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\HK Game Collection.rar.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Improvised_weaponry_books_collection.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Kaki_King_4_albums.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\LEGO Creator - Knight's Kingdom.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Lily_Allen___It.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Lock_On-DCS_Black_Shark_Rus_to_Eng_Patch_with_English_Cockpit.4803213.TPB.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Lonely_Island_Incredibad_o_Demonoid_com_o_869680_609.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Louis_Theroux_A_Place_For_Paedophiles_WS_PDTV_XviD_NOsegmenT.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\lula-the.sexy.empire-rarnet.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\mewithoutYou_discography.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Modest mouse.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Mount_Eerie___Lost_Wisdom.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Mount_Eerie___Seven_New_Songs_of_Mount_Eerie.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Nagko.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Raffi___Bananaphone_mp3.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Red Baron II.rar.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Rosetta_Stone_2007_Ultimate_26_languages.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Rush___Discography____mp3_320_kbps_.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\She_And_Him_Volume_One_2008_SSR.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Silent_Night__Deadly_Night__1984___DvdRip___Xvid_.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Silent_Night_Deadly_night_2_1987.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Splinter_Cell___Double_Agent__Collection__PCDVD__Multi5_Spanish_.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Star Wars Flight-Sim Gems(X-Wing,TIE-Fighter,XWA).torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Starcraft Mega Pack.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Step_Aerobics_Girls__2008_Abby_Winters___XViD___DVDRip_.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Tension.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\The Silent City Full Film [5YRO7CI3WYBG5CNOVEMVNASYAFCGTVR4].torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\The_Microphones___Blood__2002_.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\The_Microphones___Tests__1999_.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\The_Microphones___Window__2000_.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\The_Vandals___10_albums____192_kbps_.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Weezer_Discography.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Zone_Archive_2009_06_28.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\torrents\Zone_archive_com_Collection.torrent
c:\documents and settings\Ozerium\Application Data\Azureus\tracker.config
c:\documents and settings\Ozerium\Application Data\Azureus\tracker.config.bak
c:\documents and settings\Ozerium\Application Data\Azureus\unsentdata.config
c:\documents and settings\Ozerium\Application Data\Azureus\unsentdata.config.bak
c:\documents and settings\Ozerium\Application Data\Azureus\update.log
c:\documents and settings\Ozerium\Application Data\Azureus\update.properties
c:\documents and settings\Ozerium\Application Data\Azureus\v3.Friends.dat
c:\documents and settings\Ozerium\Application Data\Azureus\v3.Friends.dat.bak
c:\documents and settings\Ozerium\Application Data\Azureus\VuzeActivities.config
c:\documents and settings\Ozerium\Application Data\Azureus\VuzeActivities.config.bak
c:\program files\Vuze
c:\program files\Vuze\plugins\azemp\azemp_2.1.02.jar
c:\program files\Vuze\plugins\azemp\azemp_2.1.02.zip
c:\program files\Vuze\plugins\azemp\azmplay.exe.bak
c:\program files\Vuze\plugins\azemp\cp1250-a.raw.bak
c:\program files\Vuze\plugins\azemp\cp1250-b.raw.bak
c:\program files\Vuze\plugins\azemp\font.desc.bak
c:\program files\Vuze\plugins\azemp\mplayer\config
c:\program files\Vuze\plugins\azemp\osd-mplayer-a.raw.bak
c:\program files\Vuze\plugins\azemp\osd-mplayer-b.raw.bak
c:\program files\Vuze\plugins\azemp\plugin.properties_2.1.02
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.17.jar
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.17.zip
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.21.jar
c:\program files\Vuze\plugins\azupnpav\azupnpav_0.2.21.zip
c:\program files\Vuze\plugins\azupnpav\plugin.properties_0.2.17
c:\program files\Vuze\plugins\azupnpav\plugin.properties_0.2.21
c:\windows\cnerolf.bin
.
((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 )))))))))))))))))))))))))))))))
.
2009-08-22 07:49 . 2009-08-22 07:49 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-08-13 19:53 . 2009-08-13 19:53 41872 ----a-w- c:\windows\system32\xfcodec.dll
2009-08-05 23:21 . 2009-08-05 23:23 -------- d-----w- C:\WET
2009-08-05 21:16 . 2009-08-05 21:16 -------- d-----w- C:\rowan
2009-08-05 20:55 . 2009-08-05 20:56 -------- d-----w- c:\program files\RPA713d
2009-08-05 20:55 . 2009-08-05 20:55 -------- d-----w- c:\program files\Common Files\VFP
2009-08-05 10:16 . 2009-08-05 10:29 -------- d-----w- c:\program files\creator2
2009-08-05 10:13 . 2009-08-05 10:13 -------- d-----w- c:\program files\Redblade 3.5e
2009-08-03 15:48 . 2009-08-03 15:48 -------- d-----w- c:\documents and settings\Ozerium\Application Data\streamripper
2009-08-03 15:48 . 2009-08-03 15:48 -------- d-----w- c:\program files\Streamripper-1.63-beta-2
2009-07-30 05:11 . 2007-10-23 16:27 110592 ----a-w- c:\documents and settings\Ozerium\Application Data\U3\temp\cleanup.exe
2009-07-30 05:09 . 2008-05-02 17:41 3493888 ---ha-w- c:\documents and settings\Ozerium\Application Data\U3\temp\Launchpad Removal.exe
2009-07-30 05:09 . 2009-07-30 05:11 -------- d-----w- c:\documents and settings\Ozerium\Application Data\U3
2009-07-30 04:22 . 2009-07-30 04:22 -------- d-----w- c:\program files\1C
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 07:55 . 2007-12-11 07:03 -------- d-----w- c:\program files\Xfire
2009-08-22 07:52 . 2007-10-02 06:04 5536 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-22 07:52 . 2007-12-11 07:03 -------- d-----w- c:\documents and settings\Ozerium\Application Data\Xfire
2009-08-19 07:52 . 2008-06-15 08:49 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-08-19 07:32 . 2009-08-19 07:32 57478 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2009_08_19_00_28_36_small.dmp.zip
2009-08-12 21:40 . 2009-01-22 01:14 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Google Updater
2009-08-12 21:29 . 2009-08-12 21:39 2950656 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2009-08-12 20:48 . 2009-08-12 21:13 2950144 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2009-08-12 20:48 . 2009-08-12 21:13 2937344 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2009-08-12 19:52 . 2009-01-26 07:07 27756943 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-08-12 10:52 . 2008-06-15 09:00 -------- d-----w- c:\program files\Oxin's Style!
2009-08-12 06:39 . 2009-04-01 01:19 -------- d-----w- c:\documents and settings\Ozerium\Application Data\Hamachi
2009-08-10 19:30 . 2007-10-01 09:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 00:59 . 2007-10-02 06:00 -------- d-----w- c:\program files\Steam
2009-08-05 20:54 . 2008-08-28 21:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-05 10:16 . 2007-12-12 04:42 249856 ------w- c:\windows\Setup1.exe
2009-08-05 10:16 . 2007-12-12 04:42 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-07-28 10:34 . 2009-07-22 19:42 -------- d-----w- c:\program files\ARMA II
2009-07-26 21:09 . 2009-07-26 21:09 74645 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_26_14_02_47_small.dmp.zip
2009-07-26 21:02 . 2009-07-26 21:04 2875904 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2009-07-26 21:02 . 2009-07-26 21:04 2514432 ----a-w- c:\windows\Internet Logs\xDBA.tmp
2009-07-25 18:58 . 2009-07-25 18:58 2873344 ----a-w- c:\windows\Internet Logs\xDB9.tmp
2009-07-21 20:12 . 2009-06-02 22:29 -------- d-----w- c:\program files\Cheat Engine
2009-07-20 19:04 . 2008-09-17 08:11 -------- d-----w- c:\program files\Electronic Arts
2009-07-17 20:14 . 2008-06-15 08:50 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-16 04:00 . 2009-07-16 03:56 -------- d-----w- c:\program files\Singles2
2009-07-15 03:44 . 2007-10-01 09:53 26368 ----a-w- c:\documents and settings\Ozerium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-14 03:45 . 2007-10-09 07:19 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft Help
2009-07-14 00:31 . 2009-07-14 00:32 2824704 ----a-w- c:\windows\Internet Logs\xDB8.tmp
2009-07-14 00:31 . 2009-07-14 00:32 2916864 ----a-w- c:\windows\Internet Logs\xDB7.tmp
2009-07-11 06:15 . 2009-07-11 06:15 70870 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_07_10_22_57_26_small.dmp.zip
2009-07-11 05:57 . 2009-07-11 06:00 3051008 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-07-11 05:57 . 2009-07-11 06:00 2801664 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2009-07-10 23:02 . 2009-07-10 22:59 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Yahoo!
2009-07-10 22:59 . 2009-07-10 22:59 -------- d-----w- c:\program files\Yahoo!
2009-07-10 00:14 . 2008-08-18 05:29 -------- d-----w- c:\program files\Ubisoft
2009-07-08 05:32 . 2007-11-03 07:03 1313 ----a-w- c:\windows\eReg.dat
2009-07-08 05:24 . 2007-10-07 02:30 -------- d-----w- c:\program files\EA GAMES
2009-07-08 00:20 . 2009-06-25 18:15 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\AVG Security Toolbar
2009-07-06 23:51 . 2009-07-06 23:51 -------- d-----w- c:\documents and settings\Ozerium\Application Data\vlc
2009-07-06 08:54 . 2009-07-06 08:54 27136 ----a-w- c:\windows\~GLH0000.TMP
2009-07-06 00:12 . 2009-07-05 09:03 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-06 00:12 . 2009-07-05 09:03 22328 ----a-w- c:\documents and settings\Ozerium\Application Data\PnkBstrK.sys
2009-07-06 00:12 . 2009-07-05 09:03 22328 ----a-w- c:\documents and settings\Ozerium\Application Data\PnkBstrK.sys
2009-07-06 00:10 . 2009-07-05 09:02 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-06 00:10 . 2009-07-05 09:02 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-07-06 00:10 . 2009-03-13 23:00 2337865 ----a-w- c:\windows\system32\pbsvc.exe
2009-07-05 09:03 . 2009-07-05 09:03 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Ubisoft
2009-07-02 21:36 . 2007-12-05 09:31 -------- d-----w- c:\documents and settings\Ozerium\Application Data\SecondLife
2009-07-01 03:44 . 2009-07-01 03:43 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-01 03:43 . 2009-07-01 03:43 -------- d-----w- c:\documents and settings\Ozerium\Application Data\SystemRequirementsLab
2009-07-01 03:43 . 2009-07-01 03:43 207872 ----a-w- c:\documents and settings\Ozerium\Application Data\SystemRequirementsLab\SRLProxy_srl_4.dll
2009-07-01 03:43 . 2009-07-01 03:43 207872 ----a-w- c:\documents and settings\Ozerium\Application Data\SystemRequirementsLab\SRLProxy_srl_3.dll
2009-07-01 03:43 . 2009-07-01 03:43 207872 ----a-w- c:\documents and settings\Ozerium\Application Data\SystemRequirementsLab\SRLProxy_srl_2.dll
2009-07-01 03:43 . 2009-07-01 03:43 207872 ----a-w- c:\documents and settings\Ozerium\Application Data\SystemRequirementsLab\SRLProxy_srl_1.dll
2009-06-26 16:50 . 2004-08-04 12:00 666624 ------w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 23:37 . 2009-06-25 23:37 -------- d-----w- c:\program files\OpenAL
2009-06-25 23:37 . 2008-08-26 01:16 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-06-25 23:37 . 2007-12-08 09:28 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-25 18:15 . 2009-06-25 18:15 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-25 18:14 . 2008-06-15 08:50 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 18:14 . 2007-12-11 05:39 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-25 08:42 . 2007-10-27 09:31 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 09:56 . 2009-06-12 09:56 4710 ----a-r- c:\documents and settings\Ozerium\Application Data\Microsoft\Installer\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}\_7fdf717c.exe
2009-06-12 09:56 . 2009-06-12 09:56 4710 ----a-r- c:\documents and settings\Ozerium\Application Data\Microsoft\Installer\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}\_3f947574.exe
2009-06-12 09:56 . 2009-06-12 09:56 4710 ----a-r- c:\documents and settings\Ozerium\Application Data\Microsoft\Installer\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}\_188e3184.exe
2009-06-12 09:56 . 2009-06-12 09:56 1078 ----a-r- c:\documents and settings\Ozerium\Application Data\Microsoft\Installer\{1FEA83F9-7B47-47FF-8297-08E0D07C26F4}\_2e8633c1.exe
2009-06-09 22:15 . 2009-06-09 22:15 10134 ----a-r- c:\documents and settings\Ozerium\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-08 05:09 . 2009-06-08 05:10 3564544 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-06-08 05:09 . 2009-06-08 05:10 2578432 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-06-07 18:59 . 2009-06-07 19:25 2566144 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-06-06 02:30 . 2009-06-06 02:30 161862 ----a-r- c:\documents and settings\Ozerium\Application Data\Microsoft\Installer\{7958FD50-F724-4A8A-B7B7-F90F6DAF56C2}\_6FEFF9B68218417F98F549.exe
2009-06-06 02:30 . 2009-06-06 02:30 10134 ----a-r- c:\documents and settings\Ozerium\Application Data\Microsoft\Installer\{7958FD50-F724-4A8A-B7B7-F90F6DAF56C2}\_C488E491867C94922FFC7D.exe
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-21_03.39.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-09-30 18:31 . 2009-08-22 03:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-09-30 18:31 . 2009-08-21 03:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2007-09-30 18:31 . 2009-08-22 03:12 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-09-30 18:31 . 2009-08-21 03:28 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-25 18:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Ozerium^Start Menu^Programs^Startup^Xfire.lnk]
path=c:\documents and settings\Ozerium\Start Menu\Programs\Startup\Xfire.lnk
backup=c:\windows\pss\Xfire.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"maya70docserver"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"vsmon"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"LightScribeService"=2 (0x2)
"avg8wd"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\ozerium\\garrysmod\\hl2.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Battlefront\\GameData\\battlefront.exe"=
"c:\\Program Files\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\ozerium\\the ship\\ship.exe"=
"c:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=
"c:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\railroad tycoon 3\\RT3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war soulstorm\\soulstorm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\saints row 2\\SR2_pc.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\lost planet extreme condition\\LostPlanetDX9.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\lost planet extreme condition\\LostPlanetDX10.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"c:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\crayon physics deluxe demo\\launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trials 2 second edition demo\\launcher.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\bin\\SDKLauncher.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/15/2008 1:50 AM 335752]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/1/2008 12:13 AM 34064]
S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [3/17/2009 5:27 PM 182528]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 0.0.0.0:80
FF - ProfilePath - c:\docume~1\Ozerium\APPLIC~1\Mozilla\Firefox\Profiles\nunlofjk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 01:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1004336348-2025429265-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:06,41,3e,12,d8,4c,9e,fd,5b,ee,82,bc,8c,72,92,23,0f,0b,a5,55,69,30,fa,
75,a3,5f,7e,3b,dc,03,8a,26,6c,4c,ad,7c,e1,89,8b,64,dd,a6,11,50,93,1f,c7,ef,\
"??"=hex:5d,d0,e5,8e,45,b8,8b,be,95,6e,ba,7d,af,57,90,86
[HKEY_USERS\S-1-5-21-1004336348-2025429265-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:43,76,81,82,6c,bb,61,ba,8d,a5,d1,ff,16,3a,29,e1,87,f0,8c,47,be,
91,80,c8,d5,a4,d5,0d,e7,c4,17,4e,21,b0,fd,33,4b,4a,92,b5,62,10,91,05,65,77,\
"rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ�•€|ù•A~�*]
"91A14B995DF7C0B42ABAA16065968F3A"="c:\\Program Files\\Alias\\Maya7.0\\presets\\Ashli\\"
.
Completion time: 2009-08-22 1:09
ComboFix-quarantined-files.txt 2009-08-22 08:09
ComboFix2.txt 2009-08-22 03:34
ComboFix3.txt 2009-08-21 03:41
Pre-Run: 28,565,299,200 bytes free
Post-Run: 28,532,801,536 bytes free
652 --- E O F --- 2009-07-29 12:02
Nothing weird happened with combofix, but this one here is concerning, i suspect someone else has been using my computer......
Hi,
Was that dds.txt log taken before or after ComboFix run? If it was before then please create and post a fresh one.
Delete C:\Documents and Settings\Ozerium\My Documents\Azureus Downloads\HK Game Collection.rar file.
Also, you didn't reply if this piece of proxy server settings has been set by yourself: 0.0.0.0:80
Sorry, Yes that was my doing, i read a website that said doing that would disable internet explorer.
I also deleted the whole "Azureus Downloads" folder.
And i believe that dds log was made after, but just in case, here is a new one.
DDS (Ver_09-07-30.01) - NTFSx86
Run by Ozerium at 20:14:03.32 on Sat 08/22/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1551 [GMT -7:00]
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ozerium\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = 0.0.0.0:80
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191914653000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ozerium\applic~1\mozilla\firefox\profiles\nunlofjk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-15 335752]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-12-10 27784]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-10-16 353672]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064]
S3 SaiH0461;SaiH0461;c:\windows\system32\drivers\SaiH0461.sys [2009-3-17 182528]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe --> c:\progra~1\avg\avg8\avgwdsvc.exe [?]
S4 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
=============== Created Last 30 ================
2009-08-22 01:33 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-22 01:33 73,728 a------- c:\windows\system32\javacpl.cpl
2009-08-22 00:56 <DIR> --ds---- C:\Kmar
2009-08-22 00:49 552 a------- c:\windows\system32\d3d8caps.dat
2009-08-20 20:40 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-08-20 20:32 <DIR> a-dshr-- C:\cmdcons
2009-08-20 20:31 228,864 a------- c:\windows\PEV.exe
2009-08-20 20:31 161,792 a------- c:\windows\SWREG.exe
2009-08-20 20:31 98,816 a------- c:\windows\sed.exe
2009-08-13 12:53 41,872 a------- c:\windows\system32\xfcodec.dll
2009-08-05 16:21 59 a------- c:\windows\WET.INI
2009-08-05 16:21 <DIR> --d----- C:\WET
2009-08-05 14:16 <DIR> --d----- C:\rowan
2009-08-05 13:55 <DIR> --d----- c:\program files\RPA713d
2009-08-05 13:55 <DIR> --d----- c:\program files\common files\VFP
2009-08-05 03:16 <DIR> --d----- c:\program files\creator2
2009-08-05 03:13 <DIR> --d----- c:\program files\Redblade 3.5e
2009-08-03 08:48 <DIR> --d----- c:\docume~1\ozerium\applic~1\streamripper
2009-08-03 08:48 <DIR> --d----- c:\program files\Streamripper-1.63-beta-2
2009-07-29 21:22 <DIR> --d----- c:\program files\1C
==================== Find3M ====================
2009-08-22 01:13 5,536 a------- c:\windows\system32\d3d9caps.dat
2009-08-05 03:16 249,856 -------- c:\windows\Setup1.exe
2009-08-05 03:16 73,216 a------- c:\windows\ST6UNST.EXE
2009-07-17 13:14 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-06 01:54 27,136 a------- c:\windows\~GLH0000.TMP
2009-07-05 17:12 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-05 17:12 22,328 a------- c:\docume~1\ozerium\applic~1\PnkBstrK.sys
2009-07-05 17:10 107,832 a------- c:\windows\system32\PnkBstrB.exe
2009-07-05 17:10 2,337,865 a------- c:\windows\system32\pbsvc.exe
2009-07-05 17:10 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-06-26 09:50 666,624 -------- c:\windows\system32\wininet.dll
2009-06-26 09:50 81,920 a------- c:\windows\system32\ieencode.dll
2009-06-25 16:37 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-06-25 16:37 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-06-25 11:14 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-25 01:42 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-06-16 07:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 07:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 12:09 1,291,264 a------- c:\windows\system32\quartz.dll
============= FINISH: 20:14:29.71 ===============
Ok. How's the system running now?
Its running good, haven't noticed any strange processes running.
It look clean?
Also, on a side note, what anti virus and firewall do you recommend?
Good. I'll provide some final instructions next :)
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste "c:\documents and settings\Ozerium\Desktop\Kmar.exe" /u in the runbox and click OK
Next we remove all used tools.
Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.
Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Also, on a side note, what anti virus and firewall do you recommend?
You have pretty good combination there already :)
Other good free antivirus programs are:
Antivir (http://free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html)
Avast! (http://www.avast.com/eng/download-avast-home.html)
Good commercial ones are from:
Kaspersky (http://www.kaspersky.com/homeuser) and
ESET (http://www.eset.com/products/index.php)
Other good firewall programs are Online Armor Free (http://www.tallemu.com/free-firewall-protection-software.html) and Comodo Firewall Pro (http://www.personalfirewall.comodo.com/download_firewall.html#fw3.0) (If you choose Comodo: Uncheck during installation "Install Comodo HopSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and install firewall ONLY!).
everything is going good so far.
i do have a problem trying to start internet explorer, i can't find it.
also, windows genuine advantage is now claiming I'm the victim of soft ware piracy. http://forums.spybot.info/images/smilies/sick.gif
but other then those, all looks good
i do have a problem trying to start internet explorer, i can't find it.
Hi,
Do you mean that there's no IE icon on your desktop? Go to C:\Program Files\Internet Explorer folder and right click iexplore.exe file there. Select send to->desktop (create shortcut)
also, windows genuine advantage is now claiming I'm the victim of soft ware piracy.
Please run the MGA Diagnostic Tool and post back the report it creates:
Download MGADiag (http://go.microsoft.com/fwlink/?linkid=56062) to your desktop.
Double-click on MGADiag.exe to launch the program
Click "Continue"
Ensure that the "Windows" tab is selected (it should be by default).
Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
Paste the MGA Diagnostic Report back here in your next reply.
Diagnostic Report (1.9.0011.0):
-----------------------------------------
WGA Data-->
Validation Status: Geographically blocked PID
Validation Code: 13
Cached Validation Code: N/A
Windows Product Key: *****-*****-3R89F-D2KXW-VPK3J
Windows Product Key Hash: Ro/Y7HENE9CfW7lW+QtlNbYQEE8=
Windows Product ID: 76487-640-8365391-23954
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {807519D3-A4EE-4D25-8C5D-3160DADC0883}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A
WgaER Data-->
ThreatID(s): N/A
Version: N/A
WGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80004005
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 108 Invalid VLK
Microsoft Office Word 2007 - 108 Invalid VLK
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: N/A, hr=0x80070002
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{807519D3-A4EE-4D25-8C5D-3160DADC0883}</UGUID><Version>1.9.0011.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-VPK3J</PKey><PID>76487-640-8365391-23954</PID><PIDType>1</PIDType><SID>S-1-5-21-1004336348-2025429265-725345543</SID><SYSTEM><Manufacturer>ECS</Manufacturer><Model>G31T-M</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>080014 </Version><SMBIOSVersion major="2" minor="5"/><Date>20070629000000.000000+000</Date></BIOS><HWID>DF9435770184EE7A</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>108</Result><Products><Product GUID="{90120000-001B-0000-0000-0000000FF1CE}"><LegitResult>108</LegitResult><Name>Microsoft Office Word 2007</Name><Ver>12</Ver><Val>BCD72299F752D86</Val><Hash>068lO0ay6rs9LAvgHDhjVT63wL4=</Hash><Pid>89407-707-6552566-63839</Pid><PidType>14</PidType></Product></Products><Applications><App Id="1B" Version="12" Result="108"/></Applications></Office></Software></GenuineResults>
Licensing Data-->
N/A
HWID Data-->
N/A
OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 19C87:Elitegroup Computer Systems Co Ltd|13BE0:GENUINE C&C INC
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005
OEM Activation 2.0 Data-->
N/A
This isn't a really big deal for me, i'd rather be a little bit at risk the deal with calling them again.
And there is no iexplore.exe in my C:\Program Files\Internet Explorer folder
Hi,
Seems that your Windows isn't legit one. We don't help with illegal copies here. You should obtain legit license.
It was legit at one point, but after a hard drive failure and a reinstall they disagreed. So i called them, spend three hours on the phone, ended up paying to have my copy "Re-Activated" only to have this happen. Like i said, i'd rather not deal with that all again.
So if the buck stops here, well i think you for all your help, i really do appreciate what you guys do here. If i have spare money to waste :laugh: i might end up calling them, but i doubt it.
Yes, as I said the rules are made to be followed. Your OS didn't pass the check so I can't do more here.