virtumonde strikes again

[eigerzoom]

Ok...i think you may be on to something
after combofix completed i tried to reenable the firewall and got an error
it said that NPF has encountered an error and should be reinstalled
so i uninstalled it immediately
rebooted
windows did not load fully or was very busy with something in the backround
i restarted again and ran spybot
it found virtumonde.generic again
i tried to include the full spybot report...
maybe there is something in the non-critical results
but it makes my post too long
you can download my full post here if interested
http://home.roadrunner.com/~digitalcongo/spybot6.txt

and just for mention...i always disable everything before running combofix...
end all processes possible...
i disconnect from the internet and disable the connection as soon as its done

hjt log is from after reboot and spybot

i reinstalled norton personal firewall 2003 after hjt
its a legit copy that came with my motherboard
soyo dragon 2 p4i875p

general things that came to my attention
internet explorer appeared on my desktop and set itself as the default browser
windows startup and shutdown default sounds came over the speakers (i have these disabled)





ComboFix 08-12-31.01 - electrochemic° 2009-01-01 16:40:31.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1613 [GMT -5:00]
Running from: c:\documents and settings\electrochemic°\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\electrochemic°\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\windows\{D3FB4103-4A4A-4968-AA94-68E0D6F76E4C}.dat
c:\windows\system32\{8D0A2401-5F60-430C-B7E3-558C05FB2A7A}.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\{D3FB4103-4A4A-4968-AA94-68E0D6F76E4C}.dat
c:\windows\system32\{8D0A2401-5F60-430C-B7E3-558C05FB2A7A}.dat

.
((((((((((((((((((((((((( Files Created from 2008-12-01 to 2009-01-01 )))))))))))))))))))))))))))))))
.

2009-01-01 13:56 . 2009-01-01 13:56 <DIR> d-------- c:\documents and settings\Administrator
2008-12-31 23:02 . 2008-06-02 21:05 593,920 --------- c:\windows\system32\ati2sgag.exe
2008-12-31 23:01 . 2008-12-31 23:05 <DIR> d-------- c:\program files\ATI Technologies
2008-12-30 20:32 . 2008-12-30 20:35 <DIR> d-------- c:\program files\Driver Sweeper
2008-12-29 19:26 . 2008-12-31 12:04 <DIR> d-------- c:\documents and settings\electrochemic°\Application Data\skypePM
2008-12-29 19:26 . 2008-12-29 19:26 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-29 19:25 . 2008-12-29 19:25 <DIR> dr------- c:\program files\Skype
2008-12-29 19:25 . 2008-12-29 19:25 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-29 19:25 . 2008-12-31 22:37 <DIR> d-------- c:\documents and settings\electrochemic°\Application Data\Skype
2008-12-29 19:25 . 2008-12-29 19:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-12-29 18:17 . 2008-12-30 20:36 <DIR> d-------- c:\documents and settings\electrochemic°\Application Data\uTorrent
2008-12-29 18:16 . 2008-12-29 19:33 <DIR> d-------- c:\program files\Tremulous
2008-12-28 17:45 . 2008-12-28 17:46 <DIR> d-------- c:\program files\Aspell
2008-12-28 16:17 . 2008-12-28 16:17 <DIR> d-------- C:\_OTMoveIt
2008-12-28 08:26 . 2008-12-28 08:26 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-28 08:26 . 2008-12-28 08:26 <DIR> d-------- c:\documents and settings\electrochemic°\Application Data\Malwarebytes
2008-12-28 08:26 . 2008-12-28 08:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-28 08:26 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-28 08:26 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-27 08:48 . 2008-12-27 08:48 <DIR> d-------- c:\program files\TrayMin
2008-12-27 08:47 . 1997-01-18 11:40 299,520 --a------ c:\windows\uninst.exe
2008-12-26 09:59 . 2008-12-26 09:59 <DIR> d-------- C:\ATI
2008-12-25 22:56 . 2008-12-25 22:56 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Softland
2008-12-25 20:08 . 2008-12-27 14:20 <DIR> d-------- c:\program files\Fighter Ace Anniversary Edition
2008-12-25 15:27 . 2008-12-25 15:27 0 --a------ c:\windows\ativpsrm.bin
2008-12-25 15:18 . 2008-12-25 15:18 <DIR> d-------- c:\program files\Common Files\ATI Technologies
2008-12-22 06:47 . 2008-12-28 08:05 <DIR> d-------- c:\program files\Absolute Poker
2008-12-22 06:47 . 2008-12-22 06:47 <DIR> d-------- c:\program files\_uninstallation_info
2008-12-20 13:14 . 2008-12-31 22:54 153 --a------ c:\windows\wininit.ini
2008-12-20 12:06 . 2008-12-20 12:10 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-20 12:06 . 2008-12-20 14:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-19 10:59 . 2008-12-19 10:59 <DIR> d-------- c:\windows\system32\NtmsData
2008-12-19 10:41 . 2008-12-19 10:41 <DIR> d-------- c:\windows\Sun
2008-12-19 10:26 . 2008-12-19 10:26 <DIR> d-------- c:\program files\Security Task Manager
2008-12-19 10:26 . 2008-12-23 15:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\SecTaskMan
2008-12-19 06:09 . 2008-12-19 06:09 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Softland
2008-12-19 06:06 . 2008-12-19 06:06 <DIR> d-------- c:\program files\Softland
2008-12-19 06:06 . 2008-12-02 12:11 20,632 --a------ c:\windows\system32\dopdfmn6.dll
2008-12-19 06:06 . 2008-12-02 12:11 18,072 --a------ c:\windows\system32\dopdfmi6.dll
2008-12-19 06:06 . 2008-10-13 15:23 7,533 --a------ c:\windows\system32\dopdf6.ctm
2008-12-19 02:14 . 2008-12-19 02:16 43 --a------ c:\windows\gswin32.ini
2008-12-16 06:30 . 2008-12-16 06:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Syscan
2008-12-13 07:06 . 2008-12-13 07:06 <DIR> d-------- c:\program files\ratDVD
2008-12-09 15:42 . 2008-12-09 15:42 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-09 07:08 . 2008-12-09 07:08 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-08 20:45 . 2008-12-08 20:45 <DIR> d-------- c:\documents and settings\electrochemic°\Application Data\OpenOffice.org
2008-12-08 20:43 . 2008-12-08 20:43 <DIR> d-------- c:\program files\OpenOffice.org 3
2008-12-08 20:43 . 2008-12-08 20:43 <DIR> d-------- c:\program files\JRE
2008-12-08 20:43 . 2008-12-09 15:42 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-08 20:42 . 2009-01-01 16:34 <DIR> d-------- c:\program files\Java
2008-12-06 23:03 . 2008-12-06 23:03 91,632 --a------ c:\windows\system32\dsofile.dll
2008-12-06 22:53 . 2008-12-06 22:53 <DIR> d-------- c:\documents and settings\electrochemic°\Application Data\KALiNKOsoft
2008-12-06 22:48 . 2008-12-06 22:48 <DIR> d-------- c:\program files\KALiNKOsoft
2008-12-06 20:19 . 2008-12-10 02:48 <DIR> d-------- c:\program files\Sauerbraten
2008-12-05 03:18 . 2008-12-05 03:18 <DIR> d-------- c:\program files\Yahoo!
2008-12-05 03:18 . 2008-12-05 03:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-05 03:14 . 2008-12-05 03:14 <DIR> d-------- c:\documents and settings\default
2008-12-04 21:21 . 2008-12-04 21:24 <DIR> d-------- c:\program files\Microsoft Streets & Trips 2009
2008-12-04 21:19 . 2008-12-04 21:19 <DIR> d-------- c:\program files\MSECache
2008-12-03 19:19 . 2008-12-03 19:19 <DIR> d-------- C:\97914e1baa146da91f977c89fc7be2d0
2008-12-03 19:18 . 2008-12-03 19:19 <DIR> d-------- C:\ecc3bbfb26245cd3fd5f96eb1e
2008-12-03 17:56 . 2008-12-03 17:56 <DIR> d-------- c:\documents and settings\electrochemic°\Application Data\j2 Global
2008-12-03 17:54 . 2008-12-03 17:54 <DIR> d-------- c:\documents and settings\electrochemic°\Application Data\j2 Messenger
2008-12-03 17:54 . 2008-12-03 17:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\j2 Messenger 4.4 Output
2008-12-03 17:54 . 2008-12-03 17:54 0 --a------ c:\windows\system32\jConnect_4_4_Port
2008-12-03 17:53 . 2009-01-01 14:37 <DIR> d-------- c:\program files\j2 Messenger 4.4
2008-12-03 02:08 . 2008-04-13 20:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2008-12-03 02:08 . 2008-04-13 14:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-03 02:08 . 2008-04-13 14:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-03 02:08 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2008-12-01 22:42 . 2008-12-28 17:46 <DIR> d-------- c:\program files\Pidgin
2008-12-01 16:02 . 2008-04-13 14:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-01 21:36 --------- d-----w c:\documents and settings\electrochemic°\Application Data\.purple
2009-01-01 18:59 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-01 14:51 53,248 ----a-w c:\windows\system32\zlib.dll
2008-12-25 20:19 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-11 09:43 --------- d-----w c:\program files\Bodog Poker
2008-12-06 02:06 --------- d-----w c:\documents and settings\electrochemic°\Application Data\vlc
2008-12-02 03:41 --------- d-----w c:\program files\Common Files\GTK
2008-11-29 06:07 361,600 ----a-w c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2008-11-29 06:07 361,600 ----a-w c:\windows\system32\drivers\TCPIP.SYS
2008-11-29 03:20 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-11-29 03:18 --------- d--h--w c:\program files\Creative Installation Information
2008-11-29 03:17 --------- d-----w c:\program files\Creative
2008-11-29 03:17 --------- d-----w c:\program files\Common Files\Creative
2008-11-28 06:26 --------- d-----w c:\program files\Common Files\Adobe
2008-11-28 06:20 --------- d-----w c:\program files\Syscan
2008-11-28 06:20 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((( snapshot@2008-12-27_11.06.19.87 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-23 10:17:49 62,976 ----a-w c:\windows\$hf_mig$\KB955839\SP3QFE\tzchange.exe
+ 2007-11-30 12:39:22 17,272 ----a-w c:\windows\$hf_mig$\KB955839\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w c:\windows\$hf_mig$\KB955839\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w c:\windows\$hf_mig$\KB955839\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB955839\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB955839\update\updspapi.dll
+ 2008-10-23 12:43:42 286,720 ----a-w c:\windows\$hf_mig$\KB956802\SP3QFE\gdi32.dll
+ 2008-07-08 13:02:01 17,272 ----a-w c:\windows\$hf_mig$\KB956802\spmsg.dll
+ 2008-07-08 13:02:02 231,288 ----a-w c:\windows\$hf_mig$\KB956802\spuninst.exe
+ 2008-07-08 13:02:01 26,488 ----a-w c:\windows\$hf_mig$\KB956802\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB956802\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB956802\update\updspapi.dll
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
+ 2009-01-01 04:04:59 10,134 ----a-r c:\windows\Installer\{0F938C41-8DDD-6C8A-A234-4B5EBA0E9932}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:12 10,134 ----a-r c:\windows\Installer\{0FDEFFDE-F20C-8AF3-828A-076CCAEDEDBA}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:27 10,134 ----a-r c:\windows\Installer\{100E3E1D-3771-8668-8064-4AD38848BBE1}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:15 10,134 ----a-r c:\windows\Installer\{1283C02D-CD9C-0206-355E-02683341FD64}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:22 10,134 ----a-r c:\windows\Installer\{13043D3E-558B-7D1C-13BE-783187299F59}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:40 10,134 ----a-r c:\windows\Installer\{162AAA0F-C766-6832-3812-5E21FB1DA80C}\ARPPRODUCTICON.exe
- 2008-12-26 15:11:32 10,134 ----a-r c:\windows\Installer\{1ED6E4D0-8DB0-A333-DEA6-188F957F5A43}\ARPPRODUCTICON.exe
+ 2008-12-30 19:28:00 10,134 ----a-r c:\windows\Installer\{1ED6E4D0-8DB0-A333-DEA6-188F957F5A43}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:32 10,134 ----a-r c:\windows\Installer\{1F8BC334-1EB1-F4D2-DBF8-97C1AA64DE6C}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:18 10,134 ----a-r c:\windows\Installer\{20C5A8DE-62D2-B1C1-B60B-2106F1146F30}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:02 10,134 ----a-r c:\windows\Installer\{24CE4B41-9A9B-B7DC-01AD-E815F4F60E7C}\ARPPRODUCTICON.exe
+ 2008-12-30 00:25:32 364,726 ----a-r c:\windows\Installer\{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}\SkypeIcon.exe
+ 2009-01-01 04:05:36 10,134 ----a-r c:\windows\Installer\{25462A56-9707-749D-250C-1137754BD238}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:19 10,134 ----a-r c:\windows\Installer\{2A75E60D-3335-9D96-BA98-975BCF6760CC}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:29 10,134 ----a-r c:\windows\Installer\{2B7330BD-C032-EE14-A27A-A7998244F3D1}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:49 10,134 ----a-r c:\windows\Installer\{2C5C7563-B8B4-3A2E-7C5C-8F5365ED6874}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:23 10,134 ----a-r c:\windows\Installer\{2D128229-CA51-A674-E3AA-225D15F37D98}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:08 10,134 ----a-r c:\windows\Installer\{31D3AB6C-F1AB-8C52-85B7-E30BFA88C531}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:01 10,134 ----a-r c:\windows\Installer\{395D29E5-0FAE-751C-F682-F23479A8806A}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:25 10,134 ----a-r c:\windows\Installer\{3B9E28EC-5D0E-44F4-6E82-CBDCF29CAE49}\ARPPRODUCTICON.exe
- 2008-12-26 15:11:44 10,134 ----a-r c:\windows\Installer\{407E0CBD-D6BF-F243-6DE9-F1EEA525BA1C}\ARPPRODUCTICON.exe
+ 2008-12-30 19:28:06 10,134 ----a-r c:\windows\Installer\{407E0CBD-D6BF-F243-6DE9-F1EEA525BA1C}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:54 10,134 ----a-r c:\windows\Installer\{55969DFE-C3FF-E015-256D-D70EFBAB805C}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:10 10,134 ----a-r c:\windows\Installer\{59A0E0DA-E80F-D9E2-32C6-8AA559D33C8E}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:05 10,134 ----a-r c:\windows\Installer\{5AB1B545-5FB7-35D4-D09C-77D0949B2164}\ARPPRODUCTICON.exe
- 2008-12-26 15:12:44 10,134 ----a-r c:\windows\Installer\{5EC634FA-5047-38B2-A53A-15963D9BD872}\ARPPRODUCTICON.exe
+ 2008-12-30 19:28:18 10,134 ----a-r c:\windows\Installer\{5EC634FA-5047-38B2-A53A-15963D9BD872}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:56 10,134 ----a-r c:\windows\Installer\{61125E9F-D49A-CD2D-1722-FB9D654E40F2}\ARPPRODUCTICON.exe
- 2008-12-26 15:11:58 10,134 ----a-r c:\windows\Installer\{651AFCC8-2F1A-8132-0A33-FA5F041380BA}\ARPPRODUCTICON.exe
+ 2008-12-30 19:28:09 10,134 ----a-r c:\windows\Installer\{651AFCC8-2F1A-8132-0A33-FA5F041380BA}\ARPPRODUCTICON.exe
- 2008-12-26 15:13:04 10,134 ----a-r c:\windows\Installer\{69EF33D7-3425-1409-0BE1-C4F3A6FB57A8}\ARPPRODUCTICON.exe
+ 2008-12-30 19:28:21 10,134 ----a-r c:\windows\Installer\{69EF33D7-3425-1409-0BE1-C4F3A6FB57A8}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:03 10,134 ----a-r c:\windows\Installer\{6BFBB953-B60F-6058-33BB-3AB2A0971FF9}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:14 10,134 ----a-r c:\windows\Installer\{6CCEE8D0-012D-AB81-E824-4415B1110669}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:14 10,134 ----a-r c:\windows\Installer\{6DF5D680-2490-BE97-CA76-E1069C8ECE7B}\ARPPRODUCTICON.exe
- 2008-12-26 15:12:16 10,134 ----a-r c:\windows\Installer\{7510EF8C-99B9-8533-524E-BF41BDC04188}\ARPPRODUCTICON.exe
+ 2008-12-30 19:28:14 10,134 ----a-r c:\windows\Installer\{7510EF8C-99B9-8533-524E-BF41BDC04188}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:18 10,134 ----a-r c:\windows\Installer\{760DE1B8-D1C9-2DCF-8CE3-3AB7D2D974BC}\ARPPRODUCTICON.exe
- 2008-12-26 15:13:17 10,134 ----a-r c:\windows\Installer\{773040E1-3B60-6507-C387-71F8F0A03C59}\ARPPRODUCTICON.exe
+ 2008-12-30 19:28:25 10,134 ----a-r c:\windows\Installer\{773040E1-3B60-6507-C387-71F8F0A03C59}\ARPPRODUCTICON.exe
- 2008-12-26 15:13:17 9,158 ----a-r c:\windows\Installer\{773040E1-3B60-6507-C387-71F8F0A03C59}\NewShortcut11_EAB9635D261D49BE88DDE71A7C809B2D.exe
+ 2008-12-30 19:28:25 9,158 ----a-r c:\windows\Installer\{773040E1-3B60-6507-C387-71F8F0A03C59}\NewShortcut11_EAB9635D261D49BE88DDE71A7C809B2D.exe
+ 2009-01-01 04:04:30 10,134 ----a-r c:\windows\Installer\{774DB051-42B4-DF78-9B7F-EEA352BBC5B5}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:10 10,134 ----a-r c:\windows\Installer\{819F2F52-EAEC-0DB1-D2EE-66F48ACF43C6}\ARPPRODUCTICON.exe
- 2008-12-26 15:11:51 10,134 ----a-r c:\windows\Installer\{92DEC792-A722-5991-2607-3EE3A4BD502B}\ARPPRODUCTICON.exe
+ 2008-12-30 19:28:08 10,134 ----a-r c:\windows\Installer\{92DEC792-A722-5991-2607-3EE3A4BD502B}\ARPPRODUCTICON.exe
- 2008-12-26 15:12:05 10,134 ----a-r c:\windows\Installer\{96793032-8651-805A-67EF-E1759C1A8E3D}\ARPPRODUCTICON.exe
+ 2008-12-30 19:28:12 10,134 ----a-r c:\windows\Installer\{96793032-8651-805A-67EF-E1759C1A8E3D}\ARPPRODUCTICON.exe
+ 2009-01-01 04:06:00 25,214 ----a-r c:\windows\Installer\{9862B19F-4CAD-4EED-920F-2F378D84393F}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:28 10,134 ----a-r c:\windows\Installer\{9E021ACC-F408-27C7-2407-587852C15364}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:39 10,134 ----a-r c:\windows\Installer\{9FABF436-2541-70C2-49D4-FF8945EAAECB}\ARPPRODUCTICON.exe
- 2008-12-25 20:25:43 9,158 ----a-r c:\windows\Installer\{9FABF436-2541-70C2-49D4-FF8945EAAECB}\NewShortcut11_EAB9635D261D49BE88DDE71A7C809B2D.exe
+ 2009-01-01 04:05:39 9,158 ----a-r c:\windows\Installer\{9FABF436-2541-70C2-49D4-FF8945EAAECB}\NewShortcut11_EAB9635D261D49BE88DDE71A7C809B2D.exe
+ 2009-01-01 04:04:51 10,134 ----a-r c:\windows\Installer\{A01028FE-68D1-E3F2-160E-9763905BF095}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:26 10,134 ----a-r c:\windows\Installer\{A0E38350-2547-161B-2D3E-C5EFD24DD70F}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:36 10,134 ----a-r c:\windows\Installer\{A228A56E-8663-61A6-768E-7A55890C0013}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:11 10,134 ----a-r c:\windows\Installer\{A493EC63-3021-73EF-2097-8FC2DE857021}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:16 10,134 ----a-r c:\windows\Installer\{A4C0E536-D094-CA7E-4F7F-18043992FD36}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:13 10,134 ----a-r c:\windows\Installer\{A6BD418C-37B2-4434-9F96-23C2CAAFF11C}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:32 10,134 ----a-r c:\windows\Installer\{A7ECFC98-E5D5-BBDE-C5CE-D4177E4DA573}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:04 10,134 ----a-r c:\windows\Installer\{AA09F72E-8B3D-ABDF-3FC8-650176EA3EB8}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:17 10,134 ----a-r c:\windows\Installer\{ABF68C52-0ADD-C352-5998-13D16BC3B359}\ARPPRODUCTICON.exe
- 2008-12-26 15:11:26 10,134 ----a-r c:\windows\Installer\{B094F70F-2CC2-5062-8534-D3830FC4B018}\ARPPRODUCTICON.exe
+ 2008-12-30 19:27:58 10,134 ----a-r c:\windows\Installer\{B094F70F-2CC2-5062-8534-D3830FC4B018}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:00 10,134 ----a-r c:\windows\Installer\{BE3F26EE-F81B-4A50-8376-271F5CA84C5B}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:33 10,134 ----a-r c:\windows\Installer\{C0721ABB-9A28-A7F3-6E5A-D30550C50D26}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:34 10,134 ----a-r c:\windows\Installer\{C9F100D9-5D68-1B5B-F8C8-3632876AF990}\ARPPRODUCTICON.exe
- 2008-12-26 15:11:00 10,134 ----a-r c:\windows\Installer\{CA42C38C-B369-B190-AD06-76D3AC95CFAC}\ARPPRODUCTICON.exe
+ 2008-12-30 19:27:51 10,134 ----a-r c:\windows\Installer\{CA42C38C-B369-B190-AD06-76D3AC95CFAC}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:21 10,134 ----a-r c:\windows\Installer\{D08027B6-F704-A2FA-EE4E-EB955E2BB591}\ARPPRODUCTICON.exe
+ 2009-01-01 04:03:56 10,134 ----a-r c:\windows\Installer\{D083BDDE-09F7-D12A-9C81-4EE4AFE3C933}\ARPPRODUCTICON.exe
- 2008-12-26 15:11:13 10,134 ----a-r c:\windows\Installer\{D3B1C799-CB73-42DE-BA0F-2344793A095C}\ARPPRODUCTICON.exe
+ 2008-12-30 19:27:56 10,134 ----a-r c:\windows\Installer\{D3B1C799-CB73-42DE-BA0F-2344793A095C}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:07 10,134 ----a-r c:\windows\Installer\{D4F7D59E-9F53-3ADC-1D4A-5A698445D538}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:38 10,134 ----a-r c:\windows\Installer\{D56625ED-7605-5B0C-70EE-B0C80F0B7B38}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:45 10,134 ----a-r c:\windows\Installer\{DFA2EACA-8915-29EE-E946-F8542AE21171}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:25 10,134 ----a-r c:\windows\Installer\{E32CE8E3-D4D3-60CE-A5FC-3EA3D0B9118C}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:21 10,134 ----a-r c:\windows\Installer\{E40CFA81-9EF9-B589-34FB-94D6C801967B}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:47 10,134 ----a-r c:\windows\Installer\{E5F5743C-15C6-6F6B-F515-86C36E96464F}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:23 10,134 ----a-r c:\windows\Installer\{ED425483-53D8-5F86-98DA-50834FE77F7E}\ARPPRODUCTICON.exe
+ 2009-01-01 04:05:30 10,134 ----a-r c:\windows\Installer\{F5FDCCDE-9909-02CE-ED67-0AE3905B32A1}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:42 10,134 ----a-r c:\windows\Installer\{F7861EB4-0B8A-91E8-6C1C-4F99C7002E96}\ARPPRODUCTICON.exe
+ 2009-01-01 04:04:34 10,134 ----a-r c:\windows\Installer\{FC7E9E53-9A60-3E08-C909-83B00D30ADAE}\ARPPRODUCTICON.exe
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-08-26 07:24:28 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2008-08-26 07:24:28 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 -c----w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:24:28 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-23 12:36:14 286,720 -c----w c:\windows\system32\dllcache\gdi32.dll
- 2008-08-26 07:24:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-08-25 08:37:59 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 -c----w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 -c----w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-23 05:54:51 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\system32\dllcache\ieakui.dll
- 2008-08-26 07:24:28 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 -c----w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-25 08:38:00 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-23 05:56:15 635,848 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 07:24:30 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-19 00:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 06:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 07:24:30 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-08-26 07:24:30 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 -c----w c:\windows\system32\dllcache\mstime.dll
- 2008-08-26 07:24:30 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 -c----w c:\windows\system32\dllcache\pngfilt.dll
- 2008-04-14 00:12:07 246,814 -c--a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:02:42 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2008-08-26 07:24:30 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:24:31 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:24:31 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2006-10-19 01:47:20 937,984 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2008-06-18 10:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 01:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-19 00:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 06:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-12-09 20:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2007-07-27 15:41:40 16,760 ----a-w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-07-11 12:42:28 62,976 ----a-w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2006-10-19 01:47:20 937,984 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2008-06-18 10:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-19 01:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 10:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-09-26 4608]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Pinnacle Game Profiler"="c:\program files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe" [2008-12-06 2535424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 461584]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2002-09-21 54976]
"ccRegVfy"="c:\program files\Common Files\Symantec Shared\ccRegVfy.exe" [2002-09-21 38592]
"SmartGuardian"="c:\program files\SOYO\HW Monitor\ITESmart.exe" [2002-05-24 163840]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-09 136600]

c:\documents and settings\electrochemicø\Start Menu\Programs\Startup\
Dialog Box Assistant.lnk - c:\program files\OSDEx\OSDEx.exe [2002-07-13 176128]

c:\documents and settings\electrochemicø\Start Menu\Programs\Startup\
Dialog Box Assistant.lnk - c:\program files\OSDEx\OSDEx.exe [2002-07-13 176128]

c:\documents and settings\electrochemicø\Start Menu\Programs\Startup\
Dialog Box Assistant.lnk - c:\program files\OSDEx\OSDEx.exe [2002-07-13 176128]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Pidgin.lnk - c:\program files\Pidgin\pidgin.exe [2008-12-21 45603]
TrayMin.lnk - c:\program files\TrayMin\traymin.exe [2008-12-27 45056]
WordWeb Pro.lnk - c:\program files\WordWeb\wweb32.exe [2008-09-26 19968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-26 16:37 133104 c:\documents and settings\electrochemic°\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j2 4.4]
--a------ 2008-10-07 16:53 95744 c:\program files\j2 Messenger 4.4\J2GDllCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 2003-03-11 15:24 86016 c:\program files\Intel\NCS\PROSet\PRONoMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]
-rahs---- 2008-07-07 09:42 4891472 c:\program files\Spybot - Search & Destroy\SpybotSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RegistryMechanic"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"x:\\Software Downloads\\Data.Integrity\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2007-08-29 116264]
R2 ccPxySvc;Symantec Proxy Service;"c:\program files\Norton Personal Firewall\ccPxySvc.exe" [2002-09-21 34496]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-12-25 93696]
R3 ctgame;Game Port;c:\windows\system32\DRIVERS\ctgame.sys [2002-12-30 18840]
R3 iteio;iteio;\??\c:\windows\system32\drivers\iteio.sys [2008-09-25 3680]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-06-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-06-27 555032]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-06-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-06-27 566296]
S3 itsernum;itsernum Filter ÅX°Êµ{¦¡;c:\windows\system32\DRIVERS\itsernum.sys [2008-09-25 20133]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys [2008-09-27 112384]

*Newly Created Service* - ALERTER
.
Contents of the 'Scheduled Tasks' folder

2009-01-01 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\electrochemic []

2008-09-26 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2002-08-07 08:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: fighterace.ketsujin.com
Trusted Zone: primary.ketsujin.com
Trusted Zone: update.ketsujin.com
Trusted Zone: www.ketsujin.com
Trusted Zone: www.stormofaces.com

c:\windows\Downloaded Program Files\CTSUEng.ocx - c:\windows\Downloaded Program Files\CTSUEngn.ocx
O16 -: {6C269571-C6D7-4818-BCA4-32A035E8C884}
hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
c:\windows\Downloaded Program Files\CTSUEng.inf
FF - ProfilePath - c:\documents and settings\electrochemic°\Application Data\Mozilla\Firefox\Profiles\i7eprqrr.default\
FF - prefs.js: browser.search.selectedEngine - Google Images
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\electrochemic°\Application Data\Mozilla\Firefox\Profiles\i7eprqrr.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 16:41:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-01 16:42:17
ComboFix-quarantined-files.txt 2009-01-01 21:42:15
ComboFix2.txt 2008-12-28 13:23:30
ComboFix3.txt 2008-12-27 22:14:49
ComboFix4.txt 2008-12-27 16:06:55

Pre-Run: 50,380,787,712 bytes free
Post-Run: 50,394,845,184 bytes free

500 --- E O F --- 2008-12-30 06:47:55


























Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:29:59 PM, on 1/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\SOYO\HW Monitor\ITESmart.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe
C:\Program Files\Pidgin\pidgin.exe
C:\Program Files\TrayMin\traymin.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\OSDEx\OSDEx.exe
X:\Software Downloads\Essential\tclocklight-040702-3\tclock.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
X:\TorrentialRain\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SmartGuardian] C:\Program Files\SOYO\HW Monitor\ITESmart.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pinnacle Game Profiler] "C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe" -atboottime
O4 - S-1-5-18 Startup: Dialog Box Assistant.lnk = C:\Program Files\OSDEx\OSDEx.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: E-mail.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: Shortcut to tclock.lnk = X:\Software Downloads\Essential\tclocklight-040702-3\tclock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Dialog Box Assistant.lnk = C:\Program Files\OSDEx\OSDEx.exe (User 'Default user')
O4 - .DEFAULT Startup: E-mail.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: Shortcut to tclock.lnk = X:\Software Downloads\Essential\tclocklight-040702-3\tclock.exe (User 'Default user')
O4 - Startup: Dialog Box Assistant.lnk = C:\Program Files\OSDEx\OSDEx.exe
O4 - Startup: E-mail.lnk = ?
O4 - Startup: Shortcut to tclock.lnk = X:\Software Downloads\Essential\tclocklight-040702-3\tclock.exe
O4 - Global Startup: Pidgin.lnk = C:\Program Files\Pidgin\pidgin.exe
O4 - Global Startup: TrayMin.lnk = C:\Program Files\TrayMin\traymin.exe
O4 - Global Startup: WordWeb Pro.lnk = C:\Program Files\WordWeb\wweb32.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\electrochemic°\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\electrochemic°\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1222471195500
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7027 bytes

 

[Blade81]

Hi

You seem to have run some Windows updating there since previous ComboFix log. I've been told that some of these updates make IE to default browser.

Anyway, complete log in your site revealed something I want to investigate.

Please download the Registry Search tool by clicking on the
hard drive
icon halfway down this page:
http://www.billsway.com/vbspage/
Save it to the desktop and run it. If you get an alert from your antivirus about scripting, choose to allow the script to run. Search for gewapaba.dll and click OK. Post the logfile from the tool here for me.

 

[eigerzoom]

REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "gewapaba.dll" 1/1/2009 6:51:28 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run-]
"zepoyuyofe"="Rundll32.exe \"C:\\WINDOWS\\system32\\gewapaba.dll\",s"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run-]
"zepoyuyofe"="Rundll32.exe \"C:\\WINDOWS\\system32\\gewapaba.dll\",s"

[HKEY_USERS\S-1-5-21-220523388-1547161642-725345543-1004\Software\Neuber GbR\Security Task Manager\Cache]
"\"C:\\WINDOWS\\system32\\gewapaba.dll"="32"

 

[Blade81]

Hi

Please uninstall Security Task Manager for now.

Save text below as fix.reg on Notepad (save it as all files (*.*)) on the Desktop.

REGEDIT4

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run-]
"zepoyuyofe"=-

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run-]
"zepoyuyofe"=-

[HKEY_USERS\S-1-5-21-220523388-1547161642-725345543-1004\Software\Neuber GbR\Security Task Manager\Cache]
"\"C:\\WINDOWS\\system32\\gewapaba.dll"=-

[-HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]

[-HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]

It should look like this ->

Doubleclick fix.reg, press Yes and ok.

Reboot and check with Spybot.

 

[eigerzoom]

still there

here is the full spybot results
http://home.roadrunner.com/~digitalcongo/spybot7.txt

 

[Blade81]

Hi

Please download the Registry Search tool by clicking on the
hard drive
icon halfway down this page:
http://www.billsway.com/vbspage/
Save it to the desktop and run it. If you get an alert from your antivirus about scripting, choose to allow the script to run. Search for 6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C and click OK. Post the logfile from the tool here for me.



Download GMER and save it your desktop:

• Extract it to your desktop and double-click GMER.exe
• Click rootkit-tab and then scan.
• Don't check
  Show All
  box while scanning in progress!
• When scanning is ready, click Copy.
• This copies log to clipboard
• Post log in your reply.

 

[eigerzoom]

thanks for your continued support blade
i have opted for zonealarm pro 2009 as a firewall
and am still heavily considering a fresh install of windows xp home
any / all your input is appreciated
i would not at all be disappointed to reinstall windows
it always is nice to have a fresh install
and most of my backup is done



REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C" 1/4/2009 2:48:20 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\iexplore]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} {00000000-0000-0000-C000-000000000046} 0x401"=hex:01,\

[HKEY_USERS\S-1-5-21-220523388-1547161642-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} {00000000-0000-0000-C000-000000000046} 0x401"=hex:01,\

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C}\iexplore]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached]
"{6D794CB4-C7CD-4C6F-BFDC-9B77AFBDC02C} {00000000-0000-0000-C000-000000000046} 0x401"=hex:01,\

 

[Blade81]

Hi

If you think you're ready to reinstall then maybe it's better do so. That way you'll end up with clean system for sure

 

[eigerzoom]

i'm thinking about it
if you would go over these results and if you find something significant let me know

i wont go much beyond any leads you find today if you are willing





GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-04 15:36:05
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xABF528D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xABF4F6E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xABF5C490]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xABF52E90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xABF59C80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xABF59E90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xABF5DD50]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xABF52F80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xABF4FC70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xABF5CD10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xABF5CAC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xABF59600]
SSDT spuu.sys ZwEnumerateKey [0xF74F7CA2]
SSDT spuu.sys ZwEnumerateValueKey [0xF74F8030]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadDriver [0xABF4C3B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xABF5D230]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xABF5D2B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xABF5DFD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xABF4FAD0]
SSDT spuu.sys ZwOpenKey [0xF74DA0C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xABF5B4F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xABF5B2B0]
SSDT spuu.sys ZwQueryKey [0xF74F8108]
SSDT spuu.sys ZwQueryValueKey [0xF74F7F88]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xABF5D970]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xABF5D3D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xABF524F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xABF5D7C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xABF52AA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xABF4FEA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSystemInformation [0xABF4C190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xABF5C800]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xABF5A580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xABF5A400]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwUnloadDriver [0xABF4C5D0]

INT 0x20 srescan.sys BA6F0C80
INT 0x62 ? 8A822BF8
INT 0x73 ? 8A61CBF8
INT 0x73 ? 8A61CBF8
INT 0x82 ? 8A822BF8
INT 0x83 ? 8A822BF8
INT 0x83 ? 8A822BF8
INT 0x83 ? 8A61CBF8
INT 0xA4 ? 8A61CBF8
INT 0xB4 ? 8A61CBF8

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwYieldExecution + 12E 804E4968 12 Bytes [ 90, 2E, F5, AB, 80, 9C, F5, ... ]
.text ntoskrnl.exe!ZwYieldExecution + 1FA 804E4A34 12 Bytes [ B0, C3, F4, AB, 30, D2, F5, ... ]
? spuu.sys The system cannot find the file specified. !
? srescan.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B97CC8AC 5 Bytes JMP 8A61C1D8
.text acdudw6m.SYS B9656384 1 Byte [ 20 ]
.text acdudw6m.SYS B9656386 35 Bytes [ 00, 68, 00, 00, 00, 00, 00, ... ]
.text acdudw6m.SYS B96563AA 24 Bytes [ 00, 00, 20, 00, 00, E0, 00, ... ]
.text acdudw6m.SYS B96563C4 3 Bytes [ 00, 00, 00 ]
.text acdudw6m.SYS B96563C9 1 Byte [ 00 ]
.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Windows Live\Mail\wlmail.exe[220] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 004044A7 C:\Program Files\Windows Live\Mail\wlmail.exe (Windows Live Mail/Microsoft Corporation)
.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1448] ntdll.dll!KiFastSystemCall + 2 7C90E4F2 2 Bytes [ CD, 20 ]

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A8942D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F750A93C] spuu.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F750A990] spuu.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F74DB040] spuu.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F74DB13C] spuu.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74DB0BE] spuu.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F74DB7FC] spuu.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74DB6D2] spuu.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 8A61C2D8
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!RtlInitUnicodeString] 000000A5
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!swprintf] 000000E5
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!KeSetEvent] 000000F1
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 00000071
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 000000D8
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00000031
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!MmFreeMappingAddress] 00000015
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 00000004
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 000000C7
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!MmUnmapIoSpace] 00000023
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 000000C3
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IofCompleteRequest] 00000018
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 00000096
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IofCallDriver] 00000005
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 0000009A
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 00000007
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoConnectInterrupt] 00000012
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoDetachDevice] 00000080
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!KeWaitForSingleObject] 000000E2
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!KeInitializeEvent] 000000EB
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!KeCancelTimer] 00000027
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 000000B2
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!RtlInitAnsiString] 00000075
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 00000009
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoQueueWorkItem] 00000083
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!MmMapIoSpace] 0000002C
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0000001A
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoReportDetectedDevice] 0000001B
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoReportResourceForDetection] 0000006E
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 0000005A
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000000A0
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!PoRequestPowerIrp] 00000052
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 0000003B
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 000000D6
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!sprintf] 000000B3
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00000029
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!ObfDereferenceObject] 000000E3
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 0000002F
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 00000084
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!ZwClose] 00000053
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] 000000D1
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00000000
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 000000ED
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 00000020
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoCreateDevice] 000000FC
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 000000B1
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 0000005B
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 0000006A
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!ZwOpenKey] 000000CB
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 000000BE
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoStartTimer] 00000039
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!KeInitializeTimer] 0000004A
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoInitializeTimer] 0000004C
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!KeInitializeDpc] 00000058
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!KeInitializeSpinLock] 000000CF
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoInitializeIrp] 000000D0
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!ZwCreateKey] 000000EF
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 000000AA
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 000000FB
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!ZwSetValueKey] 00000043
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!KeInsertQueueDpc] 0000004D
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 00000033
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoStartPacket] 00000085
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 00000045
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 000000F9
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoFreeMdl] 00000002
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!MmUnlockPages] 0000007F
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 00000050
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 0000003C
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 0000009F
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 000000A8
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!KeSynchronizeExecution] 00000051
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoStartNextPacket] 000000A3
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!KeBugCheckEx] 00000040
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 0000008F
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!KeSetTimer] 00000092
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!_allmul] 0000009D
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!MmProbeAndLockPages] 00000038
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!_except_handler3] 000000F5
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!PoSetPowerState] 000000BC
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 000000B6
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 000000DA
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 00000021
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!_aulldiv] 00000010
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!strstr] 000000FF
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!_strupr] 000000F3
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!KeQuerySystemTime] 000000D2
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 000000CD
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!KeTickCount] 0000000C
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 00000013
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoDeleteDevice] 000000EC
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 0000005F
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00000097
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoAllocateIrp] 00000044
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoAllocateMdl] 00000017
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 000000C4
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!MmLockPagableDataSection] 000000A7
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 0000007E
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 0000003D
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!ExFreePoolWithTag] 00000064
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoFreeIrp] 0000005D
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!IoFreeWorkItem] 00000019
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!InitSafeBootMode] 00000073
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!RtlCompareMemory] 00000060
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!PoCallDriver] 00000081
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!memmove] 0000004F
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[ntoskrnl.exe!MmHighestUserAddress] 000000DC
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\acdudw6m.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [ABF57410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [ABF57220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [ABF57B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [ABF55780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [ABF55780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [ABF57410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [ABF57220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [ABF57B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [ABF57410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [ABF55780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [ABF57B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [ABF57220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [ABF57B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [ABF57220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [ABF57410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [ABF55780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [ABF57410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [ABF57220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [ABF57B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [ABF57B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [ABF57220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [ABF55780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [ABF57410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [ABF5F870] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [ABF57410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [ABF55780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [ABF57B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [ABF57220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [ABF50320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [ABF504D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [ABF50040] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [ABF503D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A8901F8
Device \FileSystem\Fastfat \FatCdrom 8A491500
Device \FileSystem\Udfs \UdfsCdRom 88DF71F8
Device \FileSystem\Udfs \UdfsDisk 88DF71F8
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\usbuhci \Device\USBPDO-0 8A61B500
Device \Driver\PCI_PNP9862 \Device\00000051 spuu.sys
Device \Driver\PCI_PNP9862 \Device\00000051 spuu.sys
Device \Driver\usbuhci \Device\USBPDO-1 8A61B500
Device \Driver\usbuhci \Device\USBPDO-2 8A61B500
Device \Driver\usbehci \Device\USBPDO-3 8A5EA1F8
Device \Driver\usbuhci \Device\USBPDO-4 8A61B500
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A8921F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A8921F8
Device \Driver\Cdrom \Device\CdRom0 8A57D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A8921F8
Device \Driver\Cdrom \Device\CdRom1 8A57D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A8921F8
Device \Driver\Cdrom \Device\CdRom2 8A57D1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{DF9907C8-16F2-4C9A-8B62-B19F6FAB6892} 892E11F8
Device \Driver\Cdrom \Device\CdRom3 8A57D1F8
Device \Driver\Cdrom \Device\CdRom4 8A57D1F8
Device \Driver\Cdrom \Device\CdRom5 8A57D1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 892E11F8
Device \Driver\Cdrom \Device\CdRom6 8A57D1F8
Device \Driver\NetBT \Device\NetbiosSmb 892E11F8
Device \Driver\sptd \Device\3708629862 spuu.sys
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\usbuhci \Device\USBFDO-0 8A61B500
Device \Driver\usbuhci \Device\USBFDO-1 8A61B500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 890F21F8
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\usbuhci \Device\USBFDO-2 8A61B500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 890F21F8
Device \Driver\usbuhci \Device\USBFDO-3 8A61B500
Device \Driver\usbehci \Device\USBFDO-4 8A5EA1F8
Device \Driver\Ftdisk \Device\FtControl 8A8921F8
Device \Driver\acdudw6m \Device\Scsi\acdudw6m1Port4Path0Target1Lun0 8A53B1F8
Device \Driver\acdudw6m \Device\Scsi\acdudw6m1Port4Path0Target5Lun0 8A53B1F8
Device \Driver\acdudw6m \Device\Scsi\acdudw6m1Port4Path0Target3Lun0 8A53B1F8
Device \Driver\acdudw6m \Device\Scsi\acdudw6m1Port4Path0Target0Lun0 8A53B1F8
Device \Driver\acdudw6m \Device\Scsi\acdudw6m1 8A53B1F8
Device \Driver\acdudw6m \Device\Scsi\acdudw6m1Port4Path0Target4Lun0 8A53B1F8
Device \Driver\acdudw6m \Device\Scsi\acdudw6m1Port4Path0Target2Lun0 8A53B1F8
Device \FileSystem\Fastfat \Fat 8A491500
Device \FileSystem\Cdfs \Cdfs 8A201500

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x12 0x3A 0x36 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2C 0x4E 0xF3 0xDA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xCC 0xDB 0x66 0x86 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xF0 0x51 0x26 0x57 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x4A 0x11 0x56 0x30 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x0D 0x88 0xD3 0x44 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x0D 0x88 0xD3 0x44 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0x0D 0x88 0xD3 0x44 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFC 0x80 0x3B 0x41 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2C 0x4E 0xF3 0xDA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x1D 0xA6 0x2D 0x75 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xA6 0x42 0xB3 0xBE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x4A 0x11 0x56 0x30 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x0D 0x88 0xD3 0x44 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x0D 0x88 0xD3 0x44 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0x0D 0x88 0xD3 0x44 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x12 0x3A 0x36 0xE0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x2C 0x4E 0xF3 0xDA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF8 0x4D 0x52 0x22 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xF0 0x51 0x26 0x57 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg42@ujdew 0x4A 0x11 0x56 0x30 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg43@ujdew 0x0D 0x88 0xD3 0x44 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg44@ujdew 0x0D 0x88 0xD3 0x44 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg45@ujdew 0x0D 0x88 0xD3 0x44 ...

---- EOF - GMER 1.0.14 ----

 

[Blade81]

Hi

Let's try one more run with ComboFix. Please delete old copy of ComboFix.exe if still in your system.

Then download combofix from any of these links and save it to Desktop:
Link 1
Link 2
Link 3

Run it and post the log.

 

[Blade81]

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.