System Security 2009 [Closed]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

System Security 2009 [Closed], Can't do anything

Options

Lonesome_dove989 View Member Profile	Jul 3 2009, 05:49 PM Post #1
Member Posts: 91 OS: Windows 98	Hello. First, let me say thank you very much for any help I can get. You guys are always the first I talk to whenever I have a malware problem, and I appreciate you all so much. Somehow I have been infected with System Security 2009. I've attempted to run MBAM (MalwareBytes) but apparently the infection won't allow anything to run. I even used a clean computer, downloaded MBAM to a memory stick and changed the name.. it still will not allow installation. Again, thank you so much for any help you can give me.

fenzodahl512 View Member Profile	Jul 4 2009, 07:07 AM Post #2
Trusted Helper Posts: 9,199 OS: Windows XP	Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following.... Please download The Comedian.exe by Rorschach112 to your desktop Please disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how.. Double click the program to run it. It will only take around several minutes to run. It will do a series of tasks and tell you when each one is finished. You will be prompted to press any key after each step When it is done it will close and exit itself automatically. You can delete The_Comedian.exe once it is finished STOP! if you can't complete this step.. Tell me more about it.. *NEXT* Please download Norman Malware Cleaner and save it to your Desktop. Reboot your computer into Safe Mode. Double-click Norman Malware Cleaner >> click Accept >> click Start scan Let it finish it scan. A log will be created on your Desktop. Post the log in your next reply *NEXT* Please download RSIT by random/random and save it to your Desktop. Double click on RSIT.exe to run RSIT Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply. *NEXT* Please download GMER and unzip it to your Desktop. <<mirror>> Please rename the random filename or GMER into GAMERS Open the renamed program and click on the Rootkit tab. Make sure all the boxes on the right of the screen are checked, EXCEPT for �Show All�. Click on Scan. When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread. IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results Post me these logs in your next reply.. Post each log in separate post.. 1. Norman Malware Cleaner 2. RSIT log.txt 3. RSIT info.txt 4. Attach GAMERS result..

Lonesome_dove989 View Member Profile	Jul 6 2009, 04:50 PM Post #3
Member Posts: 91 OS: Windows 98	Hello fenzodahl512 and thank you for a speedy reply. I'm not getting very far at all with your instructions. I d/l and ran Comedian.exe, but that program could not complete the final step- "Could not create a new restore point". I downloaded Norman and saved it to my desktop, but when I reboot to safe mode, I can not find the program to run it. Should I run it in normal mode? I won't go any further in this process without your advice. Thank you so much!

fenzodahl512 View Member Profile	Jul 7 2009, 12:57 AM Post #4
Trusted Helper Posts: 9,199 OS: Windows XP	Proceed with RSIT and GMER steps please

Lonesome_dove989 View Member Profile	Jul 7 2009, 10:59 AM Post #5
Member Posts: 91 OS: Windows 98	RSIT LOG Logfile of random's system information tool 1.06 (written by random/random) Run by Shelia Merlo at 2009-07-07 11:35:12 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 17 GB (23%) free of 73 GB Total RAM: 1022 MB (41% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:35:35 AM, on 7/7/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\Shelia Merlo\qreesjj.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\ra8cjs2.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\sopidkc.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\ra8cjs2.exe C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\ra8cjs2.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\winlogon.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\install.exe C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\login.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\smss.exe C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\services.exe C:\Documents and Settings\Shelia Merlo\Application Data\pridl\pridl.exe C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\winamp.exe C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\login.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\svchost.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\twain_32\CIS600X\WATCH.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Documents and Settings\Shelia Merlo\Desktop\RSIT.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\Shelia Merlo.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Shelia Merlo\qreesjj.exe \s,C:\Documents and Settings\Shelia Merlo\mari.exe \s O2 - BHO: C:\WINDOWS\system32\sdjee3inf.dll - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\sdjee3inf.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [12163904] C:\Documents and Settings\All Users\Application Data\12163904\12163904.exe O4 - HKLM\..\Run: [skh] C:\WINDOWS\system32\skh.exe \u O4 - HKLM\..\Run: [rgc9npj0ev1l] C:\WINDOWS\system32\qgcenpj0ev1l.exe O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\b.exe O4 - HKCU\..\Run: [pridl] "C:\Documents and Settings\Shelia Merlo\Application Data\pridl\pridl.exe" 61A847B5BBF72811228849360B8D1BE1C59331416DC57C032CBD1BE3D290641833 O4 - HKCU\..\Run: [] C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\ra8cjs2.exe O4 - HKCU\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\ra8cjs2.exe O4 - HKCU\..\Run: [Windows System Recover!] C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\login.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\CIS600X\WATCH.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Desktop Weather Authority.lnk = C:\Program Files\Common Files\Desktop Weather Authority\TrueWeather.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: FLV Getter - C:\Program Files\FlvGetter\FlvGetter.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase7617.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134692508750 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://origin.www.shockwave.com/content/ze...eb.1.0.0.10.cab O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...764/mcfscan.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - AppInit_DLLs: ,C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\280207171328mxx.dll O22 - SharedTaskScheduler: rtasgvfu76ew8ndkfno94 - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\sdjee3inf.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: sopidkc Service (sopidkc) - NewYork DVD LT - C:\WINDOWS\system32\sopidkc.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 11128 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D76AB2A1-00F3-42BD-F434-00BBC39C8953}] C:\WINDOWS\system32\sdjee3inf.dll - C:\WINDOWS\system32\sdjee3inf.dll [2009-07-07 15000] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2005-11-23 98304] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-12-09 225280] "LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe [2005-12-07 489472] "LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe [2005-12-07 73728] "LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144] "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-07-31 180269] "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-03-13 919016] "12163904"=C:\Documents and Settings\All Users\Application Data\12163904\12163904.exe [] "skh"=C:\WINDOWS\system32\skh.exe [2009-07-03 29696] "rgc9npj0ev1l"=C:\WINDOWS\system32\qgcenpj0ev1l.exe [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2005-10-24 307200] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "Cognac"=C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\b.exe [] "pridl"=C:\Documents and Settings\Shelia Merlo\Application Data\pridl\pridl.exe [2009-07-03 11264] ""=C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\ra8cjs2.exe [2009-07-07 15001] "hsf7husjnfg98gi498aejhiugjkdg4"=C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\ra8cjs2.exe [2009-07-07 15001] "Windows System Recover!"=C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\services.exe [2009-07-07 23557] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport] C:\Program Files\Dell Support\DSAgnt.exe [2005-05-15 332800] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla] C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-01-27 86016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe [2000-08-14 36864] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2005-11-23 98304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe [2006-07-31 208941] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [2004-10-14 1404928] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk] C:\Program Files\Dell Photo Printer 720\dlbcserv.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Express Calendar Checker SE.lnk] C:\PROGRA~1\ULEADS~1\ULEADP~1\CalCheck.exe [] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Desktop Weather Authority.lnk - C:\Program Files\Common Files\Desktop Weather Authority\TrueWeather.exe Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Documents and Settings\Shelia Merlo\Start Menu\Programs\Startup Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Watch.lnk - C:\WINDOWS\twain_32\CIS600X\WATCH.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"=",C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\280207171328mxx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler] rtasgvfu76ew8ndkfno94 - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\sdjee3inf.dll [2009-07-07 15000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 "NoFolderOptions"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger" "C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE::Enabled:LEXPPS.EXE" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe::Enabled:Yahoo! Messenger" "C:\Program Files\Grisoft\AVG Free\avgemc.exe"="C:\Program Files\Grisoft\AVG Free\avgemc.exe::Enabled:avgemc.exe" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Grisoft\AVG Free\avgamsvr.exe"="C:\Program Files\Grisoft\AVG Free\avgamsvr.exe::Enabled:avgamsvr.exe" "C:\Program Files\Common Files\Desktop Weather Authority\TrueWeather.exe"="C:\Program Files\Common Files\Desktop Weather Authority\TrueWeather.exe::Enabled:TrueWeather" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe::Enabled:Microsoft DirectPlay Voice Test" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe::Enabled:Logitech Desktop Messenger" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe::Enabled:�Torrent" "C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDOWS\system32\ZoneLabs\vsmon.exe::Enabled:TrueVector Service" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe::Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe::Enabled:AOL" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe::Enabled:AOL" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe::Enabled:Windows Live Messenger 8.0 (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe::Enabled:Logitech Desktop Messenger" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" ======List of files/folders created in the last 3 months====== 2009-07-07 11:35:12 ----DC---- C:\rsit 2009-07-06 16:50:28 ----D---- C:\Program Files\ERUNT 2009-07-06 10:47:17 ----A---- C:\WINDOWS\system32\sdjee3inf.dll 2009-07-06 10:26:25 ----A---- C:\WINDOWS\system32\318910.exe 2009-07-05 19:55:27 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-07-05 16:19:50 ----D---- C:\Program Files\WWShow 2009-07-05 15:48:17 ----D---- C:\Documents and Settings\Shelia Merlo\Application Data\digifast 2009-07-05 15:43:28 ----D---- C:\Documents and Settings\Shelia Merlo\Application Data\cft 2009-07-03 16:55:56 ----A---- C:\WINDOWS\system32\p2hhr.bat 2009-07-03 15:00:29 ----A---- C:\WINDOWS\system32\skh.exe 2009-07-03 14:59:34 ----A---- C:\WINDOWS\system32\tpsaxyd.exe 2009-07-03 14:59:23 ----D---- C:\Program Files\Jcore 2009-07-03 14:58:54 ----D---- C:\Documents and Settings\Shelia Merlo\Application Data\pridl 2009-07-03 14:58:06 ----A---- C:\WINDOWS\system32\msxml71.dll 2009-06-19 14:14:20 ----D---- C:\Program Files\SGPSA 2009-06-19 14:13:49 ----D---- C:\Program Files\Fast Browser Search 2009-06-09 21:10:35 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2009-06-09 21:09:57 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$ 2009-06-09 21:03:03 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2009-06-09 21:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$ 2009-05-27 11:10:04 ----D---- C:\Program Files\CleanUp! 2009-05-26 23:10:14 ----D---- C:\WINDOWS\ie8updates 2009-05-26 23:02:46 ----HDC---- C:\WINDOWS\ie8 2009-05-26 16:57:49 ----D---- C:\Documents and Settings\Shelia Merlo\Application Data\ManyCam 2009-04-22 19:07:56 ----A---- C:\WINDOWS\system32\javaws.exe 2009-04-22 19:07:56 ----A---- C:\WINDOWS\system32\javaw.exe 2009-04-22 19:07:56 ----A---- C:\WINDOWS\system32\java.exe 2009-04-22 19:07:56 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-04-14 21:13:36 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-04-14 21:13:10 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2009-04-14 21:05:55 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-04-14 21:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-04-14 21:04:36 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-04-14 21:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-04-14 20:23:55 ----N---- C:\WINDOWS\system32\xpsp4res.dll ======List of files/folders modified in the last 3 months====== 2009-07-07 11:33:30 ----D---- C:\WINDOWS\Internet Logs 2009-07-07 11:30:50 ----D---- C:\WINDOWS 2009-07-07 11:29:32 ----D---- C:\WINDOWS\system32 2009-07-07 11:29:32 ----AD---- C:\WINDOWS\temp 2009-07-07 11:29:29 ----D---- C:\WINDOWS\system32\CatRoot2 2009-07-07 11:29:04 ----A---- C:\WINDOWS\ModemLog_Intel® 537EP V9x DF PCI Modem.txt 2009-07-07 07:01:17 ----AC---- C:\rollback.ini 2009-07-07 01:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-07-06 23:35:13 ----D---- C:\WINDOWS\system32\ZoneLabs 2009-07-06 17:41:32 ----A---- C:\WINDOWS\ntbtlog.txt 2009-07-06 16:50:28 ----RD---- C:\Program Files 2009-07-06 14:11:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-07-06 14:10:10 ----D---- C:\WINDOWS\system32\drivers 2009-07-06 12:00:04 ----SD---- C:\WINDOWS\Tasks 2009-07-06 10:46:56 ----D---- C:\Program Files\Common Files 2009-07-05 18:51:52 ----D---- C:\WINDOWS\Prefetch 2009-07-01 08:12:58 ----A---- C:\WINDOWS\basefx.INI 2009-06-25 16:08:56 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-06-24 20:30:54 ----D---- C:\Program Files\RegScrubXP 2009-06-24 18:58:21 ----SHD---- C:\RECYCLER 2009-06-19 18:07:05 ----A---- C:\WINDOWS\gmer.ini 2009-06-18 14:59:51 ----A---- C:\WINDOWS\win.ini 2009-06-09 21:24:22 ----HD---- C:\WINDOWS\inf 2009-06-09 21:23:11 ----D---- C:\Program Files\Internet Explorer 2009-06-09 21:12:18 ----RSHD---- C:\WINDOWS\system32\dllcache 2009-06-09 21:11:02 ----HD---- C:\WINDOWS\$hf_mig$ 2009-06-09 21:10:51 ----A---- C:\WINDOWS\imsins.BAK 2009-06-01 23:30:07 ----D---- C:\WINDOWS\system32\Macromed 2009-06-01 11:51:12 ----A---- C:\WINDOWS\system32\MRT.exe 2009-05-27 05:53:13 ----D---- C:\WINDOWS\system32\en-US 2009-05-27 05:53:10 ----D---- C:\WINDOWS\Media 2009-05-27 05:53:09 ----D---- C:\WINDOWS\Help 2009-05-17 09:39:57 ----A---- C:\WINDOWS\v2d.INI 2009-05-17 01:15:08 ----D---- C:\v2d 2009-05-13 00:15:55 ----A---- C:\WINDOWS\system32\wininet.dll 2009-05-13 00:15:55 ----A---- C:\WINDOWS\system32\mshtml.dll 2009-05-07 10:32:35 ----A---- C:\WINDOWS\system32\localspl.dll 2009-04-30 16:22:33 ----A---- C:\WINDOWS\system32\iertutil.dll 2009-04-30 16:22:32 ----A---- C:\WINDOWS\system32\urlmon.dll 2009-04-30 16:22:32 ----A---- C:\WINDOWS\system32\jsproxy.dll 2009-04-30 16:22:32 ----A---- C:\WINDOWS\system32\ieframe.dll 2009-04-30 16:22:31 ----A---- C:\WINDOWS\system32\iedkcs32.dll 2009-04-30 06:21:08 ----A---- C:\WINDOWS\system32\ie4uinit.exe 2009-04-22 19:08:35 ----SHD---- C:\WINDOWS\Installer 2009-04-22 19:08:18 ----D---- C:\Config.Msi 2009-04-22 19:06:50 ----D---- C:\Program Files\Java 2009-04-15 09:51:25 ----A---- C:\WINDOWS\system32\rpcrt4.dll 2009-04-14 21:24:42 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-04-14 21:19:51 ----D---- C:\WINDOWS\system32\wbem 2009-04-14 21:19:50 ----D---- C:\WINDOWS\AppPatch 2009-04-14 21:11:43 ----D---- C:\WINDOWS\ie7updates 2009-04-13 09:07:18 ----AC---- C:\VundoFix.txt ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768] R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627] R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545] R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-03-13 394952] R2 CX23880;V-Stream 2388x Video Capture; C:\WINDOWS\system32\drivers\cx88vid.sys [2004-02-13 186240] R2 CX88XBAR;V-Stream 2388x Crossbar; C:\WINDOWS\system32\drivers\CX88XBAR.sys [2004-02-13 8960] R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480] R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883] R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843] R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123] R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239] R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586] R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227] R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363] R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714] R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603] R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-02-10 154112] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332] R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-06 1233525] R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-06 647929] R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-06-16 61157] R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys [] R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-06 37048] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 senfilt;senfilt; C:\WINDOWS\system32\drivers\senfilt.sys [2004-09-17 732928] R3 SFC4;SFC4; C:\WINDOWS\System32\drivers\SFC4.sys [1998-09-16 41472] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2005-03-22 260224] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys [] S3 CA561;ICatch (VI) PC Camera; C:\WINDOWS\System32\Drivers\SPCA561.SYS [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-01-05 85969] S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys [] S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys [] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-12-05 39424] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] S3 PAC207;Webcam Basic; C:\WINDOWS\system32\DRIVERS\pfc027.sys [] S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-01-25 47360] S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-12-05 287360] S3 RT25USBAP;Nintendo Wi-Fi USB Connector Service; C:\WINDOWS\system32\DRIVERS\rt25usbap.sys [2005-12-08 162944] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys [] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 VICHW00;VICHW00; \??\C:\WINDOWS\SYSTEM32\DRIVERS\VICHW00.SYS [] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472] S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296] R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2005-12-09 81920] R2 sopidkc;sopidkc Service; C:\WINDOWS\system32\sopidkc.exe [2004-08-04 97792] R2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248] R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-03-13 75304] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776] S2 msncache;msncache; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-19 72704] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [2003-12-17 143360] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [] -----------------EOF----------------- RSIT INFO info.txt logfile of random's system information tool 1.06 2009-07-07 11:35:40 ======Uninstall list====== -->"C:\Program Files\eAcceleration\Station\station.exe" /UnRegister -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 -->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} -->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 3D Groove Playback Engine-->RunDll32 C:\WINDOWS\DOWNLO~1\GrooveAX.dll,_RemoveGroove@16 Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103} Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 7.0.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A} Advertisement Service-->C:\WINDOWS\system32\net.net Uninstall AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C} Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe" AV Music Morpher Gold-->C:\Program Files\AV Music Morpher Gold\uninstall.exe AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe Corel Graphics Suite 11-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{07A540AB-D785-11D5-8E89-0090275862A0} Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B} Dell Photo Printer 720 Logger-->C:\Program Files\Dell Photo Printer 720\dlbcunst.exe Dell Photo Printer 720-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720 Dell Support 3.1-->MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC} Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33} DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe" DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe" DVD2SVCD 1.2.3 Build 1-->"C:\Program Files\DVD2SVCD\unins000.exe" EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864} Fast Browser Search (My Web Tattoo)-->regsvr32 /u /s "C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll" FLV Player-->"C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml" FlvGetter-->MsiExec.exe /X{C47B0DC6-EB10-482A-972B-0CF8C800B4F9} Get High Speed Internet!-->MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831} HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF ImgBurn (Remove Only)-->"C:\Program Files\ImgBurn\uninstall.exe" ImTOO DivX to DVD Converter-->C:\Program Files\ImTOO\DivX to DVD Converter\Uninstall.exe Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem" Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572 Intel® PRO Network Adapters and Drivers-->Prounstl.exe Intel® PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7} InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395} J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Jasc Additional Picture Tubes Installer-->C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Tubes\Unwise.exe /U C:\PROGRA~1\JASCSO~1\PAINTS~1\Tubes\INSTALL.LOG Jasc Additional Preset Shapes Installer-->C:\Program Files\Jasc Software Inc\Paint Shop Pro 7\Shapes\Unwise.exe /U C:\PROGRA~1\JASCSO~1\PAINTS~1\Shapes\INSTALL.LOG Jasc Animation Shop 3 20041030_07 Help file Patch-->C:\Program Files\Jasc Software Inc\Animation Shop 3\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\ANIMAT~1\INSTALL.LOG Jasc Animation Shop 3-->MsiExec.exe /I{7C4196CA-CA41-4F34-9C08-7724E7705D52} Jasc Paint Shop Pro 9.01 - (9.0.1.1)-->C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~2\INSTALL.LOG Jasc Paint Shop Pro 9.01 Patch-->C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~2\INSTALL.LOG Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0} Jasc Paint Shop Pro Studio Additional Content-->C:\Program Files\Jasc Software Inc\Paint Shop Pro Studio\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~3\INSTALL.LOG Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} LADSPA_plugins-win-0.4.15-->"C:\Program Files\Audacity\Plug-Ins\unins000.exe" Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C191BE7C-8542-4A61-973A-714EF76C5995}\setup.exe" -l0x9 Logitech� Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT Macromedia Shockwave Player-->MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9} Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} mIRC-->"C:\WINDOWS\system\svchost.exe" -uninstall Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9 Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Mustek 1200 CP v3.0-->C:\WINDOWS\twain_32\CIS600X\UNINST.EXE MyWay Search Assistant-->MsiExec.exe /X{E7559288-223B-453C-9F06-340E3BE21E39} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall QuickTime for Windows (32-bit)-->C:\WINDOWS\QTW32DEL.EXE QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 RegScrubXP 3.25-->"C:\Program Files\RegScrubXP\unins000.exe" Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe" Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29} Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Total Video2DVD Author 2.40-->"C:\Program Files\Total Video2DVD Author\unins000.exe" Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u V-Stream 883 WDM Drivers-->C:\WINDOWS\c8xunist.exe WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4" Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Live Safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89} Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe WM Converter 2.0-->C:\Program Files\WM Converter\Uninstal.exe WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48} Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\unyext.exe Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe =====HijackThis Backups===== O20 - AppInit_DLLs: nrwmfw.dll [2009-01-05] O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-06-19] O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll [2009-06-19] O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-06-19] O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-06-19] O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-06-19] R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Fast Browser Search\IE\tbhelper.dll [2009-06-19] O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file) [2009-06-19] O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/default/T...nx.1.0.0.87.cab [2009-06-25] O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games � Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab [2009-06-25] O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://zone.msn.com/bingame/dsh2/default/D...h2.1.0.0.68.cab [2009-06-25] O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab [2009-06-25] O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab [2009-06-25] O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://77.60.89.217/activex/AxisCamControl.cab [2009-06-25] O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games � Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60231.cab [2009-06-25] O16 - DPF: {B0FB831D-17F6-4CBD-9B5D-3305881D362E} (LHGLauncherXForm Control) - http://www.mumbojumbo.com/assets/HLGLauncher.CAB [2009-06-25] O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab [2009-06-25] O16 - DPF: {C86FF4B0-AA1D-46D4-8612-025FB86583C7} (AstoundLauncher Control) - http://zone.msn.com/bingame/jobo/default/A...ersion=1,0,0,10 [2009-06-25] O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab [2009-06-25] O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://games.bigfishgames.com/en_feedingfr...outLauncher.cab [2009-06-25] O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games � Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab [2009-06-25] O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab [2009-06-25] O16 - DPF: {FC4CAF5F-91BD-4DD9-ADC1-F3C737E37BC4} (CPlayFirstSweetopiaControl Object) - http://zone.msn.com/bingame/swet/default/S...ia.1.0.0.46.cab [2009-06-25] ======Security center information====== AV: ZoneAlarm Security Suite Antivirus FW: ZoneAlarm Security Suite Firewall ======System event log====== Computer Name: DG8HHW81 Event Code: 10005 Message: DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56} Record Number: 44455 Source Name: DCOM Time Written: 20090512230451.000000-300 Event Type: error User: NT AUTHORITY\SYSTEM Computer Name: DG8HHW81 Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 44439 Source Name: Tcpip Time Written: 20090512202852.000000-300 Event Type: warning User: Computer Name: DG8HHW81 Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 44438 Source Name: Tcpip Time Written: 20090512183548.000000-300 Event Type: warning User: Computer Name: DG8HHW81 Event Code: 4226 Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts. Record Number: 44437 Source Name: Tcpip Time Written: 20090512182202.000000-300 Event Type: warning User: Computer Name: DG8HHW81 Event Code: 10005 Message: DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56} Record Number: 44429 Source Name: DCOM Time Written: 20090512161805.000000-300 Event Type: error User: NT AUTHORITY\SYSTEM =====Application event log===== Computer Name: DG8HHW81 Event Code: 1804 Message: The Windows Security Center Service was unable to load instances of AntiVirusProduct from WMI. Record Number: 10293 Source Name: SecurityCenter Time Written: 20080724061710.000000-300 Event Type: error User: Computer Name: DG8HHW81 Event Code: 1001 Message: Detection of product '{F843C6A3-224D-4615-94F8-3C461BD9AEA0}', feature 'PaintShopPro' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}' Record Number: 10290 Source Name: MsiInstaller Time Written: 20080723184520.000000-300 Event Type: warning User: DG8HHW81\Shelia Merlo Computer Name: DG8HHW81 Event Code: 1004 Message: Detection of product '{F843C6A3-224D-4615-94F8-3C461BD9AEA0}', feature 'PaintShopPro', component '{E46B662B-CC16-46AE-8536-DAC1B730A51E}' failed. The resource 'HKEY_CURRENT_USER\Software\Jasc\Paint Shop Pro 9\Installer\CacheFolder' does not exist. Record Number: 10289 Source Name: MsiInstaller Time Written: 20080723184520.000000-300 Event Type: warning User: DG8HHW81\Shelia Merlo Computer Name: DG8HHW81 Event Code: 1001 Message: Detection of product '{F843C6A3-224D-4615-94F8-3C461BD9AEA0}', feature 'PaintShopPro' failed during request for component '{D2D7B4BF-6CCA-11D5-8B3F-00105A9846E9}' Record Number: 10288 Source Name: MsiInstaller Time Written: 20080723184520.000000-300 Event Type: warning User: NT AUTHORITY\NETWORK SERVICE Computer Name: DG8HHW81 Event Code: 1004 Message: Detection of product '{F843C6A3-224D-4615-94F8-3C461BD9AEA0}', feature 'PaintShopPro', component '{E46B662B-CC16-46AE-8536-DAC1B730A51E}' failed. The resource 'HKEY_CURRENT_USER\Software\Jasc\Paint Shop Pro 9\Installer\CacheFolder' does not exist. Record Number: 10287 Source Name: MsiInstaller Time Written: 20080723184520.000000-300 Event Type: warning User: NT AUTHORITY\NETWORK SERVICE ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Adobe\AGL "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel "PROCESSOR_REVISION"=0401 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ "tvdumpflags"=8 -----------------EOF----------------- GAMERS LOG .TXT GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-07-07 11:50:43 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- Code 86ACB1F6 ZwEnumerateKey Code 86ACDA16 ZwFlushInstructionCache Code 86AC6A8D IofCallDriver Code 86AB75A5 IofCompleteRequest ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 86AC6A92 .text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 86AB75AA PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 86ACB1FA PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 86ACDA1A ? srescan.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[220] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 010B000A .text C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe[220] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 010C000A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[248] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0111000A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[248] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0112000A .text C:\WINDOWS\system32\svchost.exe[332] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006B000A .text C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\ra8cjs2.exe[464] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 08C2000A .text C:\WINDOWS\system32\LEXBCES.EXE[536] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 08D4000A .text C:\WINDOWS\system32\LEXBCES.EXE[536] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 08D5000A .text C:\WINDOWS\system32\spoolsv.exe[564] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00E0000A .text C:\WINDOWS\system32\LEXPPS.EXE[580] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0908000A .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[668] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00C9000A .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[668] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00CA000A .text C:\WINDOWS\system32\winlogon.exe[688] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0094000A .text C:\WINDOWS\system32\winlogon.exe[688] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0095000A .text C:\WINDOWS\system32\services.exe[736] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A5000A .text C:\WINDOWS\system32\services.exe[736] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A6000A .text C:\WINDOWS\system32\lsass.exe[748] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00BA000A .text C:\WINDOWS\system32\sopidkc.exe[804] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00F7000A .text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1220] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00CD000A .text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1220] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00E7000A .text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 007B000A .text C:\Documents and Settings\Shelia Merlo\qreesjj.exe[1392] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 011F000A .text C:\WINDOWS\system32\LVCOMSX.EXE[1512] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 08D9000A .text C:\WINDOWS\system32\LVCOMSX.EXE[1512] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 08DA000A .text C:\WINDOWS\System32\PAStiSvc.exe[1532] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B6000A .text C:\WINDOWS\System32\PAStiSvc.exe[1532] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00B7000A .text C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\install.exe[1560] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0905000A .text C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\install.exe[1560] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0906000A .text C:\WINDOWS\system32\svchost.exe[1584] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 007B000A .text C:\WINDOWS\system32\svchost.exe[1608] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006B000A .text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1684] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0126000A .text C:\WINDOWS\Explorer.EXE[1712] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D2000A .text C:\WINDOWS\system32\ElkCtrl.exe[1848] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 08DC000A .text C:\WINDOWS\system32\ElkCtrl.exe[1848] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 08DD000A .text C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\winamp.exe[2000] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0904000A .text C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\winamp.exe[2000] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0905000A .text C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\login.exe[2076] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0904000A .text C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\login.exe[2076] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0905000A .text C:\Program Files\Logitech\Video\CameraAssistant.exe[2192] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 08E3000A .text C:\Program Files\Logitech\Video\CameraAssistant.exe[2192] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 08E4000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2528] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 08D6000A .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2528] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 08D7000A .text C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2588] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0148000A .text C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\ra8cjs2.exe[2980] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0030000A .text C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\ra8cjs2.exe[3060] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 002E000A .text C:\WINDOWS\system32\cmd.exe[3256] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 002E000A .text C:\WINDOWS\system32\cmd.exe[3256] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 002F000A ? C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\smss.exe[3340] image checksum mismatch; time/date stamp mismatch; unknown module: urlmon.dllunknown module: oleaut32.dll .code C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\smss.exe[3340] C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\smss.exe entry point in ".code" section [0x00401286] .idata C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\smss.exe[3340] C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\smss.exe unknown last section [0x00407000, 0x21000, 0xC0000040] .text C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\smss.exe[3340] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0904000A .text C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\smss.exe[3340] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0905000A .text C:\Program Files\Real\RealPlayer\RealPlay.exe[3424] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0920000A .text C:\WINDOWS\system32\ctfmon.exe[3432] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A8000A .text C:\WINDOWS\system32\ctfmon.exe[3432] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A9000A .text C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\login.exe[3596] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0904000A .text C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\login.exe[3596] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0905000A ? C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\services.exe[3800] image checksum mismatch; time/date stamp mismatch; unknown module: urlmon.dllunknown module: oleaut32.dll .code C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\services.exe[3800] C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\services.exe entry point in ".code" section [0x00401286] .idata C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\services.exe[3800] C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\services.exe unknown last section [0x00407000, 0x21000, 0xC0000040] .text C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\services.exe[3800] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0905000A .text C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\services.exe[3800] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0906000A ? C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\winlogon.exe[3836] image checksum mismatch; time/date stamp mismatch; unknown module: urlmon.dllunknown module: oleaut32.dll .code C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\winlogon.exe[3836] C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\winlogon.exe entry point in ".code" section [0x00401286] .idata C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\winlogon.exe[3836] C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\winlogon.exe unknown last section [0x00407000, 0x21000, 0xC0000040] .text C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\winlogon.exe[3836] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0905000A .text C:\WINDOWS\system32\hkcmd.exe[3888] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 08C5000A .text C:\WINDOWS\system32\hkcmd.exe[3888] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 08C6000A .text C:\WINDOWS\system32\igfxpers.exe[3912] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 08D4000A .text C:\WINDOWS\system32\igfxpers.exe[3912] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 08D5000A .text C:\Documents and Settings\Shelia Merlo\Application Data\pridl\pridl.exe[4076] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00E6000A .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[4124] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00F3000A .text C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[4124] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00F4000A ? C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\svchost.exe[4176] image checksum mismatch; time/date stamp mismatch; unknown module: urlmon.dllunknown module: oleaut32.dll .code C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\svchost.exe[4176] C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\svchost.exe entry point in ".code" section [0x00401286] .idata C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\svchost.exe[4176] C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\svchost.exe unknown last section [0x00407000, 0x21000, 0xC0000040] .text C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\svchost.exe[4176] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 002E000A .text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[4300] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 08C4000A .text C:\Documents and Settings\Shelia Merlo\Desktop\gamers.exe[4336] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 08BF000A .text C:\Documents and Settings\Shelia Merlo\Desktop\gamers.exe[4336] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 08C0000A .text C:\Program Files\Internet Explorer\iexplore.exe[4412] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0112000A .text C:\Program Files\Internet Explorer\iexplore.exe[4412] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4412] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9261 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4412] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DC8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4412] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4412] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4412] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4412] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4412] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4412] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4412] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4412] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4412] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4412] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4412] WININET.dll!HttpAddRequestHeadersA 3D94D02E 5 Bytes JMP 011D000A .text C:\Program Files\Internet Explorer\iexplore.exe[4412] WININET.dll!HttpSendRequestW 3D94FB9E 7 Bytes JMP 10003A55 C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\280207171328mxx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4412] WININET.dll!HttpAddRequestHeadersW 3D94FF29 5 Bytes JMP 012E000A .text C:\Program Files\Internet Explorer\iexplore.exe[4412] WININET.dll!HttpSendRequestA 3D95EEB9 7 Bytes JMP 10003ADC C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\280207171328mxx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[4412] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0054FA10 .text C:\Program Files\Internet Explorer\iexplore.exe[4412] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 005512E0 .text C:\Program Files\Internet Explorer\iexplore.exe[4412] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00551120 .text C:\Program Files\Internet Explorer\iexplore.exe[4412] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00551100 .text C:\Program Files\Internet Explorer\iexplore.exe[4412] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0054FDC0 .text C:\Program Files\Internet Explorer\iexplore.exe[4412] WS2_32.dll!recv 71AB676F 5 Bytes JMP 005510E0 .text C:\WINDOWS\twain_32\CIS600X\WATCH.exe[4472] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 090D000A .text C:\WINDOWS\twain_32\CIS600X\WATCH.exe[4472] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 090E000A .text C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe[4908] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 08D7000A .text C:\Program Files\Internet Explorer\iexplore.exe[5136] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0112000A .text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5136] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5136] WININET.dll!HttpAddRequestHeadersA 3D94D02E 5 Bytes JMP 011D000A .text C:\Program Files\Internet Explorer\iexplore.exe[5136] WININET.dll!HttpSendRequestW 3D94FB9E 7 Bytes JMP 10003A55 C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\280207171328mxx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5136] WININET.dll!HttpAddRequestHeadersW 3D94FF29 5 Bytes JMP 012E000A .text C:\Program Files\Internet Explorer\iexplore.exe[5136] WININET.dll!HttpSendRequestA 3D95EEB9 7 Bytes JMP 10003ADC C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\280207171328mxx.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5136] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0035FA10 .text C:\Program Files\Internet Explorer\iexplore.exe[5136] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 003612E0 .text C:\Program Files\Internet Explorer\iexplore.exe[5136] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00361120 .text C:\Program Files\Internet Explorer\iexplore.exe[5136] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00361100 .text C:\Program Files\Internet Explorer\iexplore.exe[5136] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0035FDC0 .text C:\Program Files\Internet Explorer\iexplore.exe[5136] WS2_32.dll!recv 71AB676F 5 Bytes JMP 003610E0 .text C:\Program Files\Internet Explorer\Iexplore.exe[5412] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0111000A .text C:\Program Files\Internet Explorer\Iexplore.exe[5412] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5412] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5412] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5412] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5412] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5412] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5412] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5412] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5412] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5412] WININET.dll!HttpAddRequestHeadersA 3D94D02E 5 Bytes JMP 011C000A .text C:\Program Files\Internet Explorer\Iexplore.exe[5412] WININET.dll!HttpSendRequestW 3D94FB9E 7 Bytes JMP 10003A55 C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\280207171328mxx.dll .text C:\Program Files\Internet Explorer\Iexplore.exe[5412] WININET.dll!HttpAddRequestHeadersW 3D94FF29 5 Bytes JMP 012D000A .text C:\Program Files\Internet Explorer\Iexplore.exe[5412] WININET.dll!HttpSendRequestA 3D95EEB9 7 Bytes JMP 10003ADC C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\280207171328mxx.dll .text C:\Program Files\Internet Explorer\Iexplore.exe[5412] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0054FA10 .text C:\Program Files\Internet Explorer\Iexplore.exe[5412] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 005512E0 .text C:\Program Files\Internet Explorer\Iexplore.exe[5412] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00551120 .text C:\Program Files\Internet Explorer\Iexplore.exe[5412] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00551100 .text C:\Program Files\Internet Explorer\Iexplore.exe[5412] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0054FDC0 .text C:\Program Files\Internet Explorer\Iexplore.exe[5412] WS2_32.dll!recv 71AB676F 5 Bytes JMP 005510E0 .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0111000A .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9261 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DC8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] WININET.dll!HttpAddRequestHeadersA 3D94D02E 5 Bytes JMP 011C000A .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] WININET.dll!HttpSendRequestW 3D94FB9E 7 Bytes JMP 10003A55 C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\280207171328mxx.dll .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] WININET.dll!HttpAddRequestHeadersW 3D94FF29 5 Bytes JMP 012D000A .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] WININET.dll!HttpSendRequestA 3D95EEB9 7 Bytes JMP 10003ADC C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\280207171328mxx.dll .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0054FA10 .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 005512E0 .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00551120 .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00551100 .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0054FDC0 .text C:\Program Files\Internet Explorer\Iexplore.exe[5520] WS2_32.dll!recv 71AB676F 5 Bytes JMP 005510E0 ? C:\WINDOWS\system32\svchost.exe[5544] image checksum mismatch; time/date stamp mismatch; unknown module: dbghelp.dll ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [ED468CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [ED4691C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [ED469320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [ED468E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [ED468E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [ED468CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [ED4691C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [ED469320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [ED468CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [ED468E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [ED469320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [ED4691C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [ED469320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [ED4691C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [ED468CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [ED476330] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [ED468E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [ED468CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [ED4691C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [ED469320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [ED468CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [ED468E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [ED469320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [ED4691C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [ED4615C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [ED461770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [ED4612D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [ED461670] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C42F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C42DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C42D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C42DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\LVCOMSX.EXE[1512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BB2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\LVCOMSX.EXE[1512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BB2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\LVCOMSX.EXE[1512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BB2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\LVCOMSX.EXE[1512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BB2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\install.exe[1560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\install.exe[1560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\install.exe[1560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\install.exe[1560] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1684] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!GetProcAddress] [00382C13] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC) IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1684] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!UnhandledExceptionFilter] [00382D34] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC) IAT C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1684] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!TerminateProcess] [00382D03] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC) IAT C:\WINDOWS\Explorer.EXE[1712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01A02F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01A02DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01A02D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[1712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01A02DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\ElkCtrl.exe[1848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B52F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\ElkCtrl.exe[1848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B52DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\ElkCtrl.exe[1848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B52D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\ElkCtrl.exe[1848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B52DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\winamp.exe[2000] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00DE2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\winamp.exe[2000] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00DE2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\winamp.exe[2000] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00DE2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\winamp.exe[2000] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00DE2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\login.exe[2076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\login.exe[2076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\login.exe[2076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\login.exe[2076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Logitech\Video\CameraAssistant.exe[2192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C52F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Logitech\Video\CameraAssistant.exe[2192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C52DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Logitech\Video\CameraAssistant.exe[2192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C52D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Logitech\Video\CameraAssistant.exe[2192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C52DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B22F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B22DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B22D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2528] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B22DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01032F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01032DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01032D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2588] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01032DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2588] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!GetProcAddress] [00582C13] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC) IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2588] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!UnhandledExceptionFilter] [00582D34] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC) IAT C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe[2588] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!TerminateProcess] [00582D03] C:\WINDOWS\system32\VSINIT.dll (TrueVector Service/Zone Labs, LLC) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\ra8cjs2.exe[2980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\ra8cjs2.exe[2980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\ra8cjs2.exe[2980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A12D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\ra8cjs2.exe[2980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\ra8cjs2.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\ra8cjs2.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\ra8cjs2.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A12D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\ra8cjs2.exe[3060] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\cmd.exe[3256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [08BC2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\cmd.exe[3256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [08BC2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\cmd.exe[3256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [08BC2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\cmd.exe[3256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [08BC2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\smss.exe[3340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00DE2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\smss.exe[3340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00DE2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\smss.exe[3340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00DE2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\smss.exe[3340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00DE2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[3424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00FB2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[3424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00FB2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[3424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00FB2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[3424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00FB2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\ctfmon.exe[3432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\ctfmon.exe[3432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\ctfmon.exe[3432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A32D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\ctfmon.exe[3432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\login.exe[3596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00DE2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\login.exe[3596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00DE2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\login.exe[3596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00DE2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\login.exe[3596] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00DE2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\services.exe[3800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\services.exe[3800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\services.exe[3800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\services.exe[3800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\winlogon.exe[3836] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\winlogon.exe[3836] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\winlogon.exe[3836] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\winlogon.exe[3836] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\hkcmd.exe[3888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AE2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\hkcmd.exe[3888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AE2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\hkcmd.exe[3888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AE2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\hkcmd.exe[3888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AE2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\igfxpers.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\igfxpers.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\igfxpers.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\igfxpers.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Shelia Merlo\Application Data\pridl\pridl.exe[4076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Shelia Merlo\Application Data\pridl\pridl.exe[4076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Shelia Merlo\Application Data\pridl\pridl.exe[4076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A12D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Shelia Merlo\Application Data\pridl\pridl.exe[4076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[4124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AF2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[4124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AF2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[4124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AF2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe[4124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AF2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\svchost.exe[4176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E02F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\svchost.exe[4176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E02DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\svchost.exe[4176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E02D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\svchost.exe[4176] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E02DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[4300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[4300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[4300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009B2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[4300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Shelia Merlo\Desktop\gamers.exe[4336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [08B92F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Shelia Merlo\Desktop\gamers.exe[4336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [08B92DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Shelia Merlo\Desktop\gamers.exe[4336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [08B92D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\Shelia Merlo\Desktop\gamers.exe[4336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [08B92DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Internet Explorer\iexplore.exe[4412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00DA2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Internet Explorer\iexplore.exe[4412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00DA2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Internet Explorer\iexplore.exe[4412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00DA2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Internet Explorer\iexplore.exe[4412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00DA2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Internet Explorer\iexplore.exe[4412] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1A7B] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\WINDOWS\twain_32\CIS600X\WATCH.exe[4472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E72F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\twain_32\CIS600X\WATCH.exe[4472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E72DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\twain_32\CIS600X\WATCH.exe[4472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E72D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\twain_32\CIS600X\WATCH.exe[4472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E72DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe[4908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A22F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe[4908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A22DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe[4908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A22D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe[4908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A22DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Internet Explorer\iexplore.exe[5136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00DA2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Internet Explorer\iexplore.exe[5136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00DA2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Internet Explorer\iexplore.exe[5136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00DA2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Internet Explorer\iexplore.exe[5136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00DA2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 244C8D51 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 1BC82B04 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 23D0F7C0 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 25C48BC8 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] FFFFF000 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 0A72C83B IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 9459C18B IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 0489008B IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 002DC324 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 85000010 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 0FE9EB00 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] 082444B7 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 74FF5056 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] F6330C24 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 4015FF46 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] 8B0990A1 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] 55C35EC6 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] EC83EC8B IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] 33575318 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] A1F468DB IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5D890990 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] 890990A1 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] 15FFEC45 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] [0990A07C] C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] FB3BF88B IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] 75F47D89 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] E9C03307 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] 000000EA IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 78358B56 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] 680990A0 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] [0990A1D4] C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 68D6FF57 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [0990A1C8] C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] F8458957 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] B468D6FF IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] FF0990A1 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetTickCount] F88BF475 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 5D39D6FF IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] AF840FF8 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 3B000000 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!TerminateProcess] A7840FFB IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 3B000000 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] 9F840FC3 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] 8D000000 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] FF51F04D IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] A07415FF IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] C33B0990 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] 0FEC4589 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] 00008E84 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] 0288BE00 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] 53560000 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 7015FF50 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 8B0990A0 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] 74FB3BF8 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FC458D7A IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 75895750 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] F855FFFC IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 756FF883 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] FC75FF10 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 75FF5357 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] 6C15FFEC IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] 8B0990A0 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] 46F633F8 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 3874FB3B IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] 50FC458D IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 2C75C085 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 888BC78B IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 0000019C IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 74F04D3B IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] 3B008B08 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] EBEF75C3 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] A0B8830C IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 06000001 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 75890374 IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B32F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B32DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B32D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\svchost.exe[5544] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B32DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) ---- Devices - GMER 1.0.15 ---- Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) Device \FileSystem\Fastfat \Fat EB8B6D20 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- Processes - GMER 1.0.15 ---- Library \\?\globalroot\systemroot\system32\UACumiltiqvepvnbfn.dll ( hidden * ) @ C:\WINDOWS\system32\svchost.exe [332] 0x00B70000 Library \\?\globalroot\systemroot\system32\UACumiltiqvepvnbfn.dll (* hidden * ) @ C:\WINDOWS\system32\svchost.exe [924] 0x036A0000 Library \\?\globalroot\systemroot\system32\UACumiltiqvepvnbfn.dll (* hidden * ) @ C:\WINDOWS\system32\svchost.exe [1048] 0x00B70000 Library \\?\globalroot\systemroot\system32\UACumiltiqvepvnbfn.dll (* hidden * ) @ C:\WINDOWS\System32\svchost.exe [1168] 0x00C70000 Library \\?\globalroot\systemroot\system32\UACumiltiqvepvnbfn.dll (* hidden * ) @ C:\WINDOWS\system32\svchost.exe [1244] 0x00C70000 Library \\?\globalroot\systemroot\system32\UACumiltiqvepvnbfn.dll (* hidden * ) @ C:\WINDOWS\system32\svchost.exe [1464] 0x00B60000 Library \\?\globalroot\systemroot\system32\UACumiltiqvepvnbfn.dll (* hidden * ) @ C:\WINDOWS\system32\svchost.exe [1584] 0x00C80000 Library \\?\globalroot\systemroot\system32\UACumiltiqvepvnbfn.dll (* hidden * ) @ C:\WINDOWS\system32\svchost.exe [1608] 0x00B60000 Library \\?\globalroot\systemroot\system32\UACumiltiqvepvnbfn.dll (* hidden * ) @ C:\WINDOWS\Explorer.EXE [1712] 0x00E10000 Library \\?\globalroot\systemroot\system32\UACumiltiqvepvnbfn.dll (* hidden * ) @ C:\DOCUME~1\SHELIA~1\LOCALS~1\Temp\svchost.exe [4176] 0x09170000 Library \\?\globalroot\systemroot\system32\UACumiltiqvepvnbfn.dll (* hidden * ) @ C:\WINDOWS\system32\svchost.exe [5544] 0x00FE0000 ---- EOF - GMER 1.0.15 ---- Attached File(s) gamers.txt ( 107.34K ) Number of downloads: 21

fenzodahl512 View Member Profile	Jul 8 2009, 01:40 AM Post #6
Trusted Helper Posts: 9,199 OS: Windows XP	Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 Link 3 -------------------------------------------------------------------- Double click on Combo-Fix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Lonesome_dove989 View Member Profile	Jul 8 2009, 08:16 AM Post #7
Member Posts: 91 OS: Windows 98	Combo-fix ComboFix 09-07-07.A7 - Shelia Merlo 07/08/2009 8:17.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.596 [GMT -5:00] Running from: c:\documents and settings\Shelia Merlo\Desktop\Combo-Fix.exe AV: ZoneAlarm Security Suite Antivirus On-access scanning disabled (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} FW: ZoneAlarm Security Suite Firewall disabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Resident AV is active . The following files were disabled during the run: c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\SHELIA~1\LOCALS~1\Temp\csrss.exe c:\docume~1\SHELIA~1\LOCALS~1\Temp\lsass.exe c:\docume~1\SHELIA~1\LOCALS~1\Temp\services.exe c:\docume~1\SHELIA~1\LOCALS~1\Temp\svchost.exe c:\docume~1\SHELIA~1\LOCALS~1\Temp\taskmgr.exe c:\docume~1\SHELIA~1\LOCALS~1\Temp\winlogon.exe c:\documents and settings\Shelia Merlo\Application Data\digifast c:\documents and settings\Shelia Merlo\Application Data\digifast\config.cfg c:\documents and settings\Shelia Merlo\Application Data\digifast\DFUninstall.exe c:\documents and settings\Shelia Merlo\Application Data\wiaserva.log c:\documents and settings\Shelia Merlo\Local Settings\Temporary Internet Files\bestwiner.stt c:\documents and settings\Shelia Merlo\Local Settings\Temporary Internet Files\fbk.sts c:\documents and settings\Shelia Merlo\qreesjj.exe c:\program files\Fast Browser Search c:\program files\Fast Browser Search\IE\1.bat c:\program files\Fast Browser Search\IE\about.html c:\program files\Fast Browser Search\IE\affid.dat c:\program files\Fast Browser Search\IE\basis.xml c:\program files\Fast Browser Search\IE\BHO.dll c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe c:\program files\Fast Browser Search\IE\error.html c:\program files\Fast Browser Search\IE\FBSPlugin.dll c:\program files\Fast Browser Search\IE\fbsProtection.xml c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe c:\program files\Fast Browser Search\IE\icons.bmp c:\program files\Fast Browser Search\IE\info.txt c:\program files\Fast Browser Search\IE\local.xml c:\program files\Fast Browser Search\IE\logobg.bmp c:\program files\Fast Browser Search\IE\MTWBtoolbar.html c:\program files\Fast Browser Search\IE\search.bmp c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico c:\program files\Fast Browser Search\IE\SGPU.ico c:\program files\Fast Browser Search\IE\sgpUpdater.exe c:\program files\Fast Browser Search\IE\sgpUpdater.xml c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe c:\program files\Fast Browser Search\IE\tbhelper.dll c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js c:\program files\Fast Browser Search\IE\Toolbar Help.htm c:\program files\Fast Browser Search\IE\uninstall.exe c:\program files\Fast Browser Search\IE\uninstalSGP.exe c:\program files\Fast Browser Search\IE\uninstalSGPU.exe c:\program files\Fast Browser Search\IE\update.exe c:\program files\Fast Browser Search\IE\version.txt c:\program files\Jcore c:\program files\SGPSA c:\program files\WWShow c:\program files\WWShow\WWShow.dll c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\Install.txt c:\windows\Installer\WMEncoder.msi c:\windows\system32\318910.exe c:\windows\system32\comsa32.sys c:\windows\system32\drivers\hjgruilupsdwjc.sys c:\windows\system32\drivers\UACunpnvalnpnoouja.sys c:\windows\system32\FInstall.sys c:\windows\system32\hjgruifhkrxxrr.dat c:\windows\system32\hjgruipowkdxsa.dat c:\windows\system32\hjgruitpecmqqr.dll c:\windows\system32\hjgruiuvphpcww.dll c:\windows\system32\Install.txt c:\windows\system32\kr_done1 c:\windows\system32\msncache.dll c:\windows\system32\p2hhr.bat c:\windows\system32\sopidkc.exe c:\windows\system32\tpsaxyd.exe c:\windows\system32\UACecqometcpvciwfo.db c:\windows\system32\UACesdhvjpjxnklcvv.dll c:\windows\system32\uacinit.dll c:\windows\system32\UACoadohnxygwnbuxy.dll c:\windows\system32\UACpqileawrmmvxdsd.dll c:\windows\system32\UACsvpblwpyncfplkh.dll c:\windows\system32\uactmp.db c:\windows\system32\UACumiltiqvepvnbfn.dll c:\windows\system32\UACxfmlidmdbxxyxrrpi.log c:\windows\system32\UACxllsdgjxovnmbqi.dat c:\windows\system32\wbem\grpconv.exe c:\windows\system32\wiawow32.sys c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job c:\windows\system32\grpconv.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_hjgruixeddjmja -------\Service_UACd.sys -------\Legacy_MSNCACHE -------\Legacy_SOPIDKC -------\Service_msncache -------\Service_sopidkc ((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 ))))))))))))))))))))))))))))))) . 2009-07-08 13:31 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe 2009-07-08 13:31 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe 2009-07-08 13:28 . 2009-07-08 13:28 29696 ----a-w- c:\windows\system32\_skh.exe_.vir 2009-07-08 13:27 . 2009-07-08 13:28 15000 ----a-w- c:\windows\system32\_sdjee3inf.dll_.vir 2009-07-07 16:35 . 2009-07-07 16:35 -------- dc----w- C:\rsit 2009-07-06 21:50 . 2009-07-06 21:50 -------- d-----w- c:\program files\ERUNT 2009-07-06 15:49 . 2009-07-06 15:49 43520 ---h--w- c:\windows\system32\secupdat.dat 2009-07-06 15:49 . 2009-07-06 15:49 13312 ---ha-w- c:\documents and settings\Shelia Merlo\mari.exe 2009-07-06 15:47 . 2009-07-08 13:28 15000 ----a-w- c:\windows\system32\sdjee3inf.dll 2009-07-06 15:31 . 2009-07-06 15:31 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-07-06 02:37 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-07-06 00:55 . 2009-07-06 15:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-05 23:50 . 2009-07-05 23:50 18186048 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\msgup900_2162_us_v2.exe 2009-07-05 20:43 . 2009-07-06 02:40 -------- d-----w- c:\documents and settings\Shelia Merlo\Application Data\cft 2009-07-03 21:59 . 2009-07-03 21:59 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-07-03 20:01 . 2009-07-03 20:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-07-03 20:00 . 2009-07-08 13:36 29696 ----a-w- c:\windows\system32\skh.exe 2009-07-03 19:58 . 2009-07-03 19:58 -------- d-----w- c:\documents and settings\Shelia Merlo\Application Data\pridl 2009-07-03 19:58 . 2009-07-03 19:58 11264 ----a-w- c:\documents and settings\Shelia Merlo\Application Data\pridl\pridl.exe 2009-07-03 19:45 . 2009-07-03 19:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-06-09 21:58 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll 2009-06-09 21:58 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-08 13:33 . 2008-09-29 01:13 2671556 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-07-08 13:33 . 2008-09-29 01:13 201847328 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-07-08 13:27 . 2004-08-04 11:00 134656 ----a-w- c:\windows\system32\wiwow64.exe 2009-07-07 19:02 . 2009-07-07 19:05 2897408 ----a-w- c:\windows\Internet Logs\xDB3D.tmp 2009-07-06 20:27 . 2009-07-06 20:28 2825216 ----a-w- c:\windows\Internet Logs\xDB3C.tmp 2009-07-06 19:11 . 2009-01-01 19:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-06 19:10 . 2008-09-29 00:48 4212 ---h--w- c:\windows\system32\zllictbl.dat 2009-07-06 19:07 . 2009-07-06 19:08 2814976 ----a-w- c:\windows\Internet Logs\xDB3B.tmp 2009-07-06 01:07 . 2009-01-04 22:31 5808477 ----a-w- c:\windows\Internet Logs\tvDebug.zip 2009-07-05 19:22 . 2009-07-05 19:31 2661888 ----a-w- c:\windows\Internet Logs\xDB3A.tmp 2009-07-05 19:22 . 2009-07-05 19:31 19968 ----a-w- c:\windows\Internet Logs\xDB39.tmp 2009-07-03 23:26 . 2009-07-05 13:30 32768 ----a-w- c:\windows\Internet Logs\xDB37.tmp 2009-07-03 23:26 . 2009-07-05 13:30 2667008 ----a-w- c:\windows\Internet Logs\xDB38.tmp 2009-07-03 22:28 . 2009-07-03 22:48 2667008 ----a-w- c:\windows\Internet Logs\xDB36.tmp 2009-07-03 22:14 . 2009-07-03 22:26 2666496 ----a-w- c:\windows\Internet Logs\xDB35.tmp 2009-07-03 22:08 . 2009-07-03 22:12 647680 ----a-w- c:\windows\Internet Logs\xDB33.tmp 2009-07-03 22:08 . 2009-07-03 22:12 2666496 ----a-w- c:\windows\Internet Logs\xDB34.tmp 2009-07-03 21:56 . 2009-07-03 22:06 2666496 ----a-w- c:\windows\Internet Logs\xDB32.tmp 2009-06-30 14:09 . 2009-06-30 14:10 2249728 ----a-w- c:\windows\Internet Logs\xDB31.tmp 2009-06-25 01:30 . 2008-12-18 17:33 -------- d-----w- c:\program files\RegScrubXP 2009-06-24 23:55 . 2009-06-25 01:18 204288 ----a-w- c:\windows\Internet Logs\xDB2F.tmp 2009-06-24 23:55 . 2009-06-25 01:18 2610176 ----a-w- c:\windows\Internet Logs\xDB30.tmp 2009-06-24 01:49 . 2009-06-24 01:50 1302016 ----a-w- c:\windows\Internet Logs\xDB2E.tmp 2009-06-23 02:57 . 2009-06-23 02:59 2607104 ----a-w- c:\windows\Internet Logs\xDB2D.tmp 2009-06-19 19:31 . 2009-06-19 20:56 1996288 ----a-w- c:\windows\Internet Logs\xDB2C.tmp 2009-06-17 16:27 . 2009-01-01 19:08 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 16:27 . 2009-01-01 19:08 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-16 05:55 . 2009-06-16 12:50 871424 ----a-w- c:\windows\Internet Logs\xDB2B.tmp 2009-06-15 00:56 . 2009-06-15 00:57 1630208 ----a-w- c:\windows\Internet Logs\xDB2A.tmp 2009-06-10 02:22 . 2009-06-10 02:23 2707968 ----a-w- c:\windows\Internet Logs\xDB29.tmp 2009-06-05 04:54 . 2005-12-09 02:09 56 --sh--r- c:\windows\system32\1286F908A6.sys 2009-06-05 04:54 . 2005-12-09 02:09 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-06-02 21:24 . 2009-06-02 21:23 3371383 ----a-r- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-06-02 04:29 . 2009-06-02 04:30 985088 ----a-w- c:\windows\Internet Logs\xDB28.tmp 2009-05-30 04:46 . 2009-05-30 04:47 3115008 ----a-w- c:\windows\Internet Logs\xDB27.tmp 2009-05-28 14:44 . 2009-05-28 14:45 1787904 ----a-w- c:\windows\Internet Logs\xDB26.tmp 2009-05-27 16:10 . 2009-05-27 16:10 -------- d-----w- c:\program files\CleanUp! 2009-05-26 22:15 . 2009-05-26 22:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-05-26 22:04 . 2009-05-26 21:57 -------- d-----w- c:\documents and settings\Shelia Merlo\Application Data\ManyCam 2009-05-26 22:00 . 2009-05-26 22:01 724992 ----a-w- c:\windows\Internet Logs\xDB25.tmp 2009-05-26 00:45 . 2009-05-26 00:46 181248 ----a-w- c:\windows\Internet Logs\xDB24.tmp 2009-05-25 17:55 . 2009-05-25 17:56 1302016 ----a-w- c:\windows\Internet Logs\xDB23.tmp 2009-05-22 02:36 . 2009-05-22 02:37 819200 ----a-w- c:\windows\Internet Logs\xDB22.tmp 2009-05-20 13:02 . 2009-05-20 13:03 364032 ----a-w- c:\windows\Internet Logs\xDB21.tmp 2009-05-19 23:11 . 2009-05-19 23:12 1019392 ----a-w- c:\windows\Internet Logs\xDB20.tmp 2009-05-15 02:58 . 2009-05-15 02:59 351232 ----a-w- c:\windows\Internet Logs\xDB1F.tmp 2009-05-14 15:07 . 2009-05-14 15:08 304640 ----a-w- c:\windows\Internet Logs\xDB1E.tmp 2009-05-14 02:14 . 2009-05-14 02:15 1494016 ----a-w- c:\windows\Internet Logs\xDB1D.tmp 2009-05-13 05:15 . 2004-08-10 18:51 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-12 03:38 . 2009-05-12 03:38 366592 ----a-w- c:\windows\Internet Logs\xDB1C.tmp 2009-05-11 19:58 . 2009-05-11 19:59 539648 ----a-w- c:\windows\Internet Logs\xDB1B.tmp 2009-05-10 14:33 . 2009-05-10 14:34 245248 ----a-w- c:\windows\Internet Logs\xDB1A.tmp 2009-05-09 19:05 . 2009-05-09 19:06 638976 ----a-w- c:\windows\Internet Logs\xDB19.tmp 2009-05-07 23:44 . 2009-05-07 23:45 219648 ----a-w- c:\windows\Internet Logs\xDB18.tmp 2009-05-07 18:03 . 2009-05-07 18:04 417792 ----a-w- c:\windows\Internet Logs\xDB17.tmp 2009-05-07 15:32 . 2004-08-10 18:51 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-06 17:01 . 2009-05-06 17:02 885760 ----a-w- c:\windows\Internet Logs\xDB16.tmp 2009-05-03 19:32 . 2009-05-03 19:33 1081344 ----a-w- c:\windows\Internet Logs\xDB15.tmp 2009-04-29 15:37 . 2009-04-29 15:38 897024 ----a-w- c:\windows\Internet Logs\xDB14.tmp 2009-04-24 18:54 . 2009-04-24 18:55 1240064 ----a-w- c:\windows\Internet Logs\xDB13.tmp 2009-04-23 00:06 . 2009-04-23 00:07 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-04-23 00:05 . 2009-04-23 00:05 152576 ----a-w- c:\documents and settings\Shelia Merlo\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-17 12:26 . 2004-08-10 18:51 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-08-10 18:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-15 02:19 . 2009-04-15 02:20 244224 ----a-w- c:\windows\Internet Logs\xDB12.tmp 2009-04-13 01:26 . 2009-04-13 01:27 650752 ----a-w- c:\windows\Internet Logs\xDB11.tmp . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "pridl"="c:\documents and settings\Shelia Merlo\Application Data\pridl\pridl.exe" [2009-07-03 11264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-23 98304] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280] "LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472] "LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 15:33 73728] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-31 180269] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 919016] "skh"="c:\windows\system32\skh.exe" [2009-07-08 29696] c:\documents and settings\Shelia Merlo\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] Watch.lnk - c:\windows\twain_32\CIS600X\WATCH.exe [2005-12-10 379904] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk backup=c:\windows\pss\dlbcserv.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Express Calendar Checker SE.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk backup=c:\windows\pss\Photo Express Calendar Checker SE.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5700:TCP"= 5700:TCP:5700 R2 CX88XBAR;V-Stream 2388x Crossbar;c:\windows\system32\drivers\cx88xbar.sys [12/26/2005 7:33 PM 8960] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/12/2008 9:47 PM 24652] R3 SFC4;SFC4;c:\windows\system32\drivers\sfc4.sys [12/10/2005 9:59 PM 41472] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?] S3 PAC207;Webcam Basic;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?] S3 VICHW00;VICHW00;\??\c:\windows\SYSTEM32\DRIVERS\VICHW00.SYS --> c:\windows\SYSTEM32\DRIVERS\VICHW00.SYS [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . - - - - ORPHANS REMOVED - - - - HKLM-Run-12163904 - c:\documents and settings\All Users\Application Data\12163904\12163904.exe HKLM-Run-rgc9npj0ev1l - c:\windows\system32\qgcenpj0ev1l.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://m.www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: FLV Getter - c:\program files\FlvGetter\FlvGetter.html IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab . ************************************************************************ scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(5492) c:\windows\system32\WININET.dll c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe c:\windows\system32\PAStiSvc.exe c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe . ************************************************************************ . Completion time: 2009-07-08 9:00 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-08 14:00 ComboFix2.txt 2009-01-04 22:53 Pre-Run: 17,694,609,408 bytes free Post-Run: 18,430,472,192 bytes free 321 --- E O F --- 2009-06-10 02:12 HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:12:13 AM, on 7/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Shelia Merlo\Application Data\pridl\pridl.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\WINDOWS\twain_32\CIS600X\WATCH.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [skh] C:\WINDOWS\system32\skh.exe \u O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [pridl] "C:\Documents and Settings\Shelia Merlo\Application Data\pridl\pridl.exe" 61A847B5BBF72811228849360B8D1BE1C59331416DC57C032CBD1BE3D290641833 O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Watch.lnk = C:\WINDOWS\twain_32\CIS600X\WATCH.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Desktop Weather Authority.lnk = C:\Program Files\Common Files\Desktop Weather Authority\TrueWeather.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: FLV Getter - C:\Program Files\FlvGetter\FlvGetter.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase7617.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1134692508750 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk...ows-i586-jc.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://origin.www.shockwave.com/content/ze...eb.1.0.0.10.cab O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://zone.msn.com/bingame/fotg/default/ddfotg.1.0.0.37.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...5/installer.exe O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...764/mcfscan.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8798 bytes

fenzodahl512 View Member Profile	Jul 8 2009, 12:30 PM Post #8
Trusted Helper Posts: 9,199 OS: Windows XP	Please uninstall these programs (if any) before doing our fixes.. We don't want them to interfere with the fixes.. 1. Lavasoft Ad-Aware 2. Spybot S&D 3. Viewpoint Also, disable your ZoneAlarm Security Suite before doing this fix.. You can re-enable it after doing all steps given Please download OTM Save it to your desktop. Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE :Processes explorer.exe aawservice.exe ViewpointService.exe :Services :Reg [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "pridl"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "skh"=- :Files c:\windows\system32\_skh.exe_.vir c:\windows\system32\_sdjee3inf.dll_.vir c:\windows\system32\secupdat.dat c:\documents and settings\Shelia Merlo\mari.exe c:\windows\system32\sdjee3inf.dll c:\documents and settings\Shelia Merlo\Application Data\cft c:\windows\system32\skh.exe c:\documents and settings\Shelia Merlo\Application Data\pridl c:\windows\system32\wiwow64.exe c:\windows\Internet Logs\xDB.tmp :Commands [purity] [emptytemp] [Reboot] Return to OTM, right click in the "Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTM and reboot your PC. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Then run ComboFix again.. Post these logs in your next reply.. 1. OTM 2. ComboFix

Lonesome_dove989 View Member Profile	Jul 10 2009, 07:18 AM Post #9
Member Posts: 91 OS: Windows 98	I already have OTMoveIt3 from a previous infection. Can I use it, or do I need a fresh installation? If I need a fresh installation, how do I remove the one I already have?

fenzodahl512 View Member Profile	Jul 10 2009, 07:29 AM Post #10
Trusted Helper Posts: 9,199 OS: Windows XP	You can use OTMoveIt3 for the script..

Lonesome_dove989 View Member Profile	Jul 10 2009, 08:29 AM Post #11
Member Posts: 91 OS: Windows 98	OTMoveIt3 ========== PROCESSES ========== Process explorer.exe killed successfully. Unable to kill process: aawservice.exe Unable to kill process: ViewpointService.exe ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\pridl deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\skh deleted successfully. ========== FILES ========== c:\windows\system32\_skh.exe_.vir moved successfully. c:\windows\system32\_sdjee3inf.dll_.vir moved successfully. c:\windows\system32\secupdat.dat moved successfully. c:\documents and settings\Shelia Merlo\mari.exe moved successfully. c:\windows\system32\sdjee3inf.dll NOT unregistered. c:\windows\system32\sdjee3inf.dll moved successfully. c:\documents and settings\Shelia Merlo\Application Data\cft moved successfully. c:\windows\system32\skh.exe moved successfully. c:\documents and settings\Shelia Merlo\Application Data\pridl moved successfully. c:\windows\system32\wiwow64.exe moved successfully. c:\windows\Internet Logs\xDB1.tmp moved successfully. c:\windows\Internet Logs\xDB10.tmp moved successfully. c:\windows\Internet Logs\xDB11.tmp moved successfully. c:\windows\Internet Logs\xDB12.tmp moved successfully. c:\windows\Internet Logs\xDB13.tmp moved successfully. c:\windows\Internet Logs\xDB14.tmp moved successfully. c:\windows\Internet Logs\xDB15.tmp moved successfully. c:\windows\Internet Logs\xDB16.tmp moved successfully. c:\windows\Internet Logs\xDB17.tmp moved successfully. c:\windows\Internet Logs\xDB18.tmp moved successfully. c:\windows\Internet Logs\xDB19.tmp moved successfully. c:\windows\Internet Logs\xDB1A.tmp moved successfully. c:\windows\Internet Logs\xDB1B.tmp moved successfully. c:\windows\Internet Logs\xDB1C.tmp moved successfully. c:\windows\Internet Logs\xDB1D.tmp moved successfully. c:\windows\Internet Logs\xDB1E.tmp moved successfully. c:\windows\Internet Logs\xDB1F.tmp moved successfully. c:\windows\Internet Logs\xDB2.tmp moved successfully. c:\windows\Internet Logs\xDB20.tmp moved successfully. c:\windows\Internet Logs\xDB21.tmp moved successfully. c:\windows\Internet Logs\xDB22.tmp moved successfully. c:\windows\Internet Logs\xDB23.tmp moved successfully. c:\windows\Internet Logs\xDB24.tmp moved successfully. c:\windows\Internet Logs\xDB25.tmp moved successfully. c:\windows\Internet Logs\xDB26.tmp moved successfully. c:\windows\Internet Logs\xDB27.tmp moved successfully. c:\windows\Internet Logs\xDB28.tmp moved successfully. c:\windows\Internet Logs\xDB29.tmp moved successfully. c:\windows\Internet Logs\xDB2A.tmp moved successfully. c:\windows\Internet Logs\xDB2B.tmp moved successfully. c:\windows\Internet Logs\xDB2C.tmp moved successfully. c:\windows\Internet Logs\xDB2D.tmp moved successfully. c:\windows\Internet Logs\xDB2E.tmp moved successfully. c:\windows\Internet Logs\xDB2F.tmp moved successfully. c:\windows\Internet Logs\xDB3.tmp moved successfully. c:\windows\Internet Logs\xDB30.tmp moved successfully. c:\windows\Internet Logs\xDB31.tmp moved successfully. c:\windows\Internet Logs\xDB32.tmp moved successfully. c:\windows\Internet Logs\xDB33.tmp moved successfully. c:\windows\Internet Logs\xDB34.tmp moved successfully. c:\windows\Internet Logs\xDB35.tmp moved successfully. c:\windows\Internet Logs\xDB36.tmp moved successfully. c:\windows\Internet Logs\xDB37.tmp moved successfully. c:\windows\Internet Logs\xDB38.tmp moved successfully. c:\windows\Internet Logs\xDB39.tmp moved successfully. c:\windows\Internet Logs\xDB3A.tmp moved successfully. c:\windows\Internet Logs\xDB3B.tmp moved successfully. c:\windows\Internet Logs\xDB3C.tmp moved successfully. c:\windows\Internet Logs\xDB3D.tmp moved successfully. c:\windows\Internet Logs\xDB4.tmp moved successfully. c:\windows\Internet Logs\xDB5.tmp moved successfully. c:\windows\Internet Logs\xDB6.tmp moved successfully. c:\windows\Internet Logs\xDB7.tmp moved successfully. c:\windows\Internet Logs\xDB8.tmp moved successfully. c:\windows\Internet Logs\xDB9.tmp moved successfully. c:\windows\Internet Logs\xDBA.tmp moved successfully. c:\windows\Internet Logs\xDBB.tmp moved successfully. c:\windows\Internet Logs\xDBC.tmp moved successfully. c:\windows\Internet Logs\xDBD.tmp moved successfully. c:\windows\Internet Logs\xDBE.tmp moved successfully. c:\windows\Internet Logs\xDBF.tmp moved successfully. ========== COMMANDS ========== User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 07102009_085656 Files moved on Reboot... C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully. Combo-Fix ComboFix 09-07-09.08 - Shelia Merlo 07/10/2009 9:12.3.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.681 [GMT -5:00] Running from: c:\documents and settings\Shelia Merlo\Desktop\Combo-Fix.exe AV: ZoneAlarm Security Suite Antivirus On-access scanning disabled (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} FW: ZoneAlarm Security Suite Firewall disabled {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . The following files were disabled during the run: c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Shelia Merlo\Local Settings\Temporary Internet Files\fbk.sts . ((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 ))))))))))))))))))))))))))))))) . 2009-07-08 13:31 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe 2009-07-08 13:31 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\dllcache\grpconv.exe 2009-07-07 16:35 . 2009-07-07 16:35 -------- dc----w- C:\rsit 2009-07-06 21:50 . 2009-07-06 21:50 -------- d-----w- c:\program files\ERUNT 2009-07-06 15:31 . 2009-07-06 15:31 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-07-06 02:37 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-07-06 00:55 . 2009-07-06 15:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-05 23:50 . 2009-07-05 23:50 18186048 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\msgup900_2162_us_v2.exe 2009-07-03 21:59 . 2009-07-03 21:59 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-07-03 20:01 . 2009-07-03 20:01 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-07-03 19:45 . 2009-07-03 19:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-10 14:02 . 2005-11-28 18:32 111488 ----a-w- c:\documents and settings\Shelia Merlo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-10 13:57 . 2008-09-29 01:13 2682956 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-07-10 13:57 . 2008-09-29 01:13 201847328 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-07-06 19:11 . 2009-01-01 19:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-06 19:10 . 2008-09-29 00:48 4212 ---h--w- c:\windows\system32\zllictbl.dat 2009-07-06 01:07 . 2009-01-04 22:31 5808477 ----a-w- c:\windows\Internet Logs\tvDebug.zip 2009-06-25 01:30 . 2008-12-18 17:33 -------- d-----w- c:\program files\RegScrubXP 2009-06-17 16:27 . 2009-01-01 19:08 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 16:27 . 2009-01-01 19:08 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-05 04:54 . 2005-12-09 02:09 56 --sh--r- c:\windows\system32\1286F908A6.sys 2009-06-05 04:54 . 2005-12-09 02:09 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-06-02 21:24 . 2009-06-02 21:23 3371383 ----a-r- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2009-05-27 16:10 . 2009-05-27 16:10 -------- d-----w- c:\program files\CleanUp! 2009-05-26 22:15 . 2009-05-26 22:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-05-26 22:04 . 2009-05-26 21:57 -------- d-----w- c:\documents and settings\Shelia Merlo\Application Data\ManyCam 2009-05-13 05:15 . 2004-08-10 18:51 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:32 . 2004-08-10 18:51 345600 ----a-w- c:\windows\system32\localspl.dll 2009-04-23 00:06 . 2009-04-23 00:07 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-04-23 00:05 . 2009-04-23 00:05 152576 ----a-w- c:\documents and settings\Shelia Merlo\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-04-17 12:26 . 2004-08-10 18:51 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 14:51 . 2004-08-10 18:51 585216 ----a-w- c:\windows\system32\rpcrt4.dll . ((((((((((((((((((((((((((((( SnapShot@2009-07-08_13.47.24 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-29 01:14 . 2009-07-10 14:03 163800 c:\windows\system32\ZoneLabs\avsys\bases\sfdb.dat + 2004-08-10 18:57 . 2009-07-10 13:58 387688 c:\windows\system32\FNTCACHE.DAT - 2004-08-10 18:57 . 2009-06-10 02:23 387688 c:\windows\system32\FNTCACHE.DAT + 2008-09-30 00:19 . 2009-07-10 04:36 12404224 c:\windows\system32\ZoneLabs\zlqrtdb.dat - 2008-09-30 00:19 . 2009-07-08 13:36 12404224 c:\windows\system32\ZoneLabs\zlqrtdb.dat + 2008-09-29 00:47 . 2009-07-09 14:42 12895393 c:\windows\system32\ZoneLabs\spyware.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-11-23 98304] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280] "LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472] "LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 15:33 73728] "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-31 180269] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 919016] c:\documents and settings\Shelia Merlo\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] Watch.lnk - c:\windows\twain_32\CIS600X\WATCH.exe [2005-12-10 379904] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^dlbcserv.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk backup=c:\windows\pss\dlbcserv.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Express Calendar Checker SE.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Photo Express Calendar Checker SE.lnk backup=c:\windows\pss\Photo Express Calendar Checker SE.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\LEXPPS.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgemc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5700:TCP"= 5700:TCP:5700 R2 CX88XBAR;V-Stream 2388x Crossbar;c:\windows\system32\drivers\cx88xbar.sys [12/26/2005 7:33 PM 8960] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/12/2008 9:47 PM 24652] R3 SFC4;SFC4;c:\windows\system32\drivers\sfc4.sys [12/10/2005 9:59 PM 41472] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys --> c:\windows\system32\DRIVERS\ManyCam.sys [?] S3 PAC207;Webcam Basic;c:\windows\system32\DRIVERS\pfc027.sys --> c:\windows\system32\DRIVERS\pfc027.sys [?] S3 VICHW00;VICHW00;\??\c:\windows\SYSTEM32\DRIVERS\VICHW00.SYS --> c:\windows\SYSTEM32\DRIVERS\VICHW00.SYS [?] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . . ------- Supplementary Scan ------- . uStart Page = hxxp://m.www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: FLV Getter - c:\program files\FlvGetter\FlvGetter.html IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-10 09:20 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-07-10 9:25 ComboFix-quarantined-files.txt 2009-07-10 14:24 ComboFix2.txt 2009-07-08 14:00 ComboFix3.txt 2009-01-04 22:53 Pre-Run: 18,257,440,768 bytes free Post-Run: 18,243,190,784 bytes free 160 --- E O F --- 2009-06-10 02:12

fenzodahl512 View Member Profile	Jul 10 2009, 09:31 AM Post #12
Trusted Helper Posts: 9,199 OS: Windows XP	Please run a free online scan with the ESET Online Scanner *Note*: You will need to use Internet Explorer for this scan. Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the ActiveX control to install Click Start Make sure that the options Remove found threats and the option Scan unwanted applications is checked Click Scan Wait for the scan to finish Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt Copy and paste that log as a reply to this topic How's the computer now?

Lonesome_dove989 View Member Profile	Jul 10 2009, 11:10 AM Post #13
Member Posts: 91 OS: Windows 98	ESET scan results: C:\Documents and Settings\Shelia Merlo\Desktop\ComboFix.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Documents and Settings\Shelia Merlo\qreesjj.exe.vir Win32/Agent.NWL trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Documents and Settings\Shelia Merlo\Application Data\digifast\DFUninstall.exe.vir probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\318910.exe.vir a variant of Win32/Kryptik.VO trojan deleted - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\sopidkc.exe.vir Win32/Adware.Coolezweb application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\tpsaxyd.exe.vir Win32/Adware.Coolezweb.AT application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\UACesdhvjpjxnklcvv.dll.vir a variant of Win32/Kryptik.PS trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\UACumiltiqvepvnbfn.dll.vir Win32/Olmarik.HQ trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\ukwcjvam.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\xkekoqeh.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACunpnvalnpnoouja.sys.vir a variant of Win32/Olmarik.IN trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\grpconv.exe.vir a variant of Win32/TrojanDownloader.Bredolab.AA trojan cleaned by deleting - quarantined C:\_OTMoveIt\MovedFiles\07102009_085656\documents and settings\Shelia Merlo\Application Data\pridl\pridl.exe Win32/TrojanDownloader.Agent.OOL trojan cleaned by deleting - quarantined C:\_OTMoveIt\MovedFiles\07102009_085656\windows\system32\skh.exe Win32/Agent.NWL trojan cleaned by deleting - quarantined C:\_OTMoveIt\MovedFiles\07102009_085656\windows\system32\wiwow64.exe Win32/Adware.Coolezweb application cleaned by deleting - quarantined C:\_OTMoveIt\MovedFiles\07102009_085656\windows\system32\_skh.exe_.vir Win32/Agent.NWL trojan cleaned by deleting - quarantined The computer is usable, but I'm still seeing little things that I never had a problem with before. Such as, typing is still a little slow, and the down arrow at the address bar doesn't work, I can't see URL's that I had typed in just before. But, I am starting to see improvements. You rock, lol! After all this is done, I will start a new topic if necessary on how to remove the utilities/progams I used in a previous infection.. such as SDFix, a previous GMER (I need to remove both GMERS now, lol) and I had 2 copies of ComboFix. Ijust wanna get my desktop cleaned off, lol. So, what is, in your opinion, the best Antivirus program to prevent these infections? I've had fails with Norton, McAfee, and now Zone Alarm. I've used AVG, but you know what they say... you get what you pay for I'm looking for the best preventative to these rogue antiviruses. Thanks so much!

fenzodahl512 View Member Profile	Jul 10 2009, 11:24 PM Post #14
Trusted Helper Posts: 9,199 OS: Windows XP	QUOTE After all this is done, I will start a new topic if necessary on how to remove the utilities/progams I used in a previous infection.. such as SDFix, a previous GMER (I need to remove both GMERS now, lol) and I had 2 copies of ComboFix. Ijust wanna get my desktop cleaned off, lol. Just delete them manually.. QUOTE The computer is usable, but I'm still seeing little things that I never had a problem with before. Such as, typing is still a little slow, and the down arrow at the address bar doesn't work, I can't see URL's that I had typed in just before. But, I am starting to see improvements. You rock, lol! Er.. can you list out one by one what's wrong with the computer again?.. I just a bit confuse whether you still have above problem or its resolved already.. QUOTE So, what is, in your opinion, the best Antivirus program to prevent these infections? General rule of thumb, One antivirus, One antispyware, One firewall for each computer.. Each one of us has their own favourites.. But below is my personal cocktail Antivirus: Avira Personal Edition Antispyware: Malwarebytes' Anti-Malware Firewall: PC Tools Firewall Plus..

Lonesome_dove989 View Member Profile	Jul 14 2009, 06:05 AM Post #15
Member Posts: 91 OS: Windows 98	Sorry for the delay, i haven't been feeling well lately. ZoneAlarm has been alerting to various trojans the past couple of days. I'll try to pay more attention to the names of the infections when it scans again today. Yesterday it caught 6 and quarantined them, but I don't know if it holds. I remember some infections come back on reboot. Thanks!

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal System Security 2009 [Closed] 12	20 / 1,288	28th July 2009 - 11:47 AM cappsd started - last by heir
Virus, Spyware and Trojan Removal System Security 2009 help! [Closed]	2 / 151	16th July 2009 - 02:06 AM Marcus X started - last by fenzodahl512
Virus, Spyware and Trojan Removal Google Redirect, System Security 2009, and messenger immediately logs	13 / 334	26th July 2009 - 11:36 AM LoneWolf217 started - last by Rorschach112
Virus, Spyware and Trojan Removal System Security 2009 [Solved] 12	20 / 516	28th July 2009 - 11:45 AM Pomarrosa started - last by heir