Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PendingFileRenameOperations [Solved]

Started by T3L3PROOF , Apr 27 2009 06:20 PM

  • This topic is locked This topic is locked

#1
T3L3PROOF
Posted 27 April 2009 - 06:20 PM

T3L3PROOF

    Member

  • Member
  • PipPip
  • 20 posts
Ok first of all I wanted to say that this website looks helpful. And just incase you know how to remove this virus called "win32/cutwail.F" it has destroyed my whole computer. I can only sign in through Safe Mode, and even then the virus is active.

OK this is a reply to this topic, http://www.geekstogo...rus-t93888.html

He said to run Killbox and paste in this file C:\WINDOWS\system32\dmgsh.exe when I was deleting it it showed a weird message saying "PendingFileRenameOperations registry data has been removed by external processes!" he said if anyone gets this message, to contact him, or tell him.

This virus "win32/cutwail.F has destroyed my whole computer, I was devastated when this happened, Please I beg anyone, if you have a program that can erase this, I beg you, HELP ME!!

These are the problems I have noticed that this virus has gave me:

1. Registry Problems

2. Blocks My internet from accessing Secure Sites (any website that includes "spyware" or mccafee")
3. Redirects my google Sites

4. Tried to block me from accessing my internet by putting me in proxy

5. Doesn't let me log in normally, I get this message saying (the windows logo comes on then this happens)

"Services.exe
The instruction at "0x00620675" referanced memory at "0x00620675". The memory could not be "written"
Click on OK to terminate the program
Click on Cancel to debug the program"

then after i click either one, my screen just turns dark, and all I can see is my mouse.


6. When i press F10 to go into recovery mode, a big blue screen comes out (forgot what it said) saying something along the lines that i can't go on it, then it says "system shutoff".

7. Deleted all my recovery points.

8. also I am beginning to wonder why my computer keeps making a folder called "internet explorer" then inside the folder there is another folder called "connection wizard", so I decided to rename the folder to "F*** THIS", then right now just as I was checking to get more info, I see the folder called internet explorer with the same folder inside of it called "connection wizard". (i know internet explorer is not supposed to be there because I deleted internet explorer for suspicion.)

9. Also made a login process when i barely go onto the computer, before when i turned it on, my computer would head directly to my only user I had, without need of password or nothing like that, but now when i turn on this computer, I have to type in a password (its blank) and the user im going to use.

Once again if you help me, YOU WILL BE MY GOD!! I love this computer and I wasted to much money on it.

Edited by T3L3PROOF, 28 April 2009 - 09:58 PM.

  • 0

Advertisements

#2
Thunderbird1988
Posted 28 April 2009 - 08:36 AM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello T3L3PROOF and welcome at Geekstogo,

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.

  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Thunderbird1988
  • 0

#3
T3L3PROOF
Posted 28 April 2009 - 09:35 PM

T3L3PROOF

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
By the way here are some pictures I took of error messages during the process
ERROR1 http://i44.tinypic.com/anljck.jpg
ERROR2 http://i40.tinypic.com/168ebyq.jpg





GMER SCAN

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-28 20:12:34
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code 89E854D0 pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.reloc C:\WINDOWS\system32\drivers\NDIS.sys section is executable [0x89DF9200, 0x32F2A, 0xE0000060]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\dncyool64.sys[120] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4751
.text C:\WINDOWS\system32\dncyool64.sys[120] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA47E0
.text C:\WINDOWS\system32\dncyool64.sys[120] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA47ED
.text C:\WINDOWS\system32\dncyool64.sys[120] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A67
.text C:\WINDOWS\system32\dncyool64.sys[120] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47D6
.text C:\WINDOWS\system32\dncyool64.sys[120] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA482E
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[128] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4751
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[128] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA47E0
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[128] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA47ED
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[128] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A67
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[128] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47D6
.text C:\Documents and Settings\user\Desktop\gmer\gmer.exe[128] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA482E
.text C:\WINDOWS\system32\winlogon.exe[440] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4751
.text C:\WINDOWS\system32\winlogon.exe[440] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA47E0
.text C:\WINDOWS\system32\winlogon.exe[440] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA47ED
.text C:\WINDOWS\system32\winlogon.exe[440] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A67
.text C:\WINDOWS\system32\winlogon.exe[440] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47D6
.text C:\WINDOWS\system32\winlogon.exe[440] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA482E
.text C:\WINDOWS\system32\services.exe[484] C:\WINDOWS\system32\services.exe section is writeable [0x01001000, 0x196A5, 0xE0000060]
.rsrc C:\WINDOWS\system32\services.exe[484] C:\WINDOWS\system32\services.exe section is executable [0x0101C000, 0x5800, 0xE0000040]
.text C:\WINDOWS\system32\services.exe[484] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4751
.text C:\WINDOWS\system32\services.exe[484] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA47E0
.text C:\WINDOWS\system32\services.exe[484] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA47ED
.text C:\WINDOWS\system32\services.exe[484] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A67
.text C:\WINDOWS\system32\services.exe[484] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47D6
.text C:\WINDOWS\system32\services.exe[484] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA482E
.text C:\WINDOWS\system32\lsass.exe[500] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4751
.text C:\WINDOWS\system32\lsass.exe[500] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA47E0
.text C:\WINDOWS\system32\lsass.exe[500] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA47ED
.text C:\WINDOWS\system32\lsass.exe[500] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A67
.text C:\WINDOWS\system32\lsass.exe[500] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47D6
.text C:\WINDOWS\system32\lsass.exe[500] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA482E
.text C:\WINDOWS\system32\svchost.exe[696] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[696] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4751
.text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA47E0
.text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA47ED
.text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A67
.text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47D6
.text C:\WINDOWS\system32\svchost.exe[696] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA482E
.text C:\WINDOWS\system32\svchost.exe[744] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[744] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[744] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4751
.text C:\WINDOWS\system32\svchost.exe[744] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA47E0
.text C:\WINDOWS\system32\svchost.exe[744] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA47ED
.text C:\WINDOWS\system32\svchost.exe[744] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A67
.text C:\WINDOWS\system32\svchost.exe[744] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47D6
.text C:\WINDOWS\system32\svchost.exe[744] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA482E
.text C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[832] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4751
.text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA47E0
.text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA47ED
.text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A67
.text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47D6
.text C:\WINDOWS\system32\svchost.exe[832] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA482E
.text C:\WINDOWS\system32\svchost.exe[860] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[860] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4751
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA47E0
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA47ED
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A67
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47D6
.text C:\WINDOWS\system32\svchost.exe[860] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA482E
.text C:\DOCUME~1\user\LOCALS~1\Temp\779386532.exe[908] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4751
.text C:\DOCUME~1\user\LOCALS~1\Temp\779386532.exe[908] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA47E0
.text C:\DOCUME~1\user\LOCALS~1\Temp\779386532.exe[908] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA47ED
.text C:\DOCUME~1\user\LOCALS~1\Temp\779386532.exe[908] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A67
.text C:\DOCUME~1\user\LOCALS~1\Temp\779386532.exe[908] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47D6
.text C:\DOCUME~1\user\LOCALS~1\Temp\779386532.exe[908] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA482E
.text C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\system32\svchost.exe section is writeable [0x01001000, 0x2C00, 0xE0000060]
.rsrc C:\WINDOWS\system32\svchost.exe[936] C:\WINDOWS\system32\svchost.exe section is executable [0x01005000, 0x5600, 0xE0000040]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4751
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA47E0
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA47ED
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A67
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47D6
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA482E
.text C:\WINDOWS\TEMP\BNB.tmp[980] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4751
.text C:\WINDOWS\TEMP\BNB.tmp[980] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA47E0
.text C:\WINDOWS\TEMP\BNB.tmp[980] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA47ED
.text C:\WINDOWS\TEMP\BNB.tmp[980] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A67
.text C:\WINDOWS\TEMP\BNB.tmp[980] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47D6
.text C:\WINDOWS\TEMP\BNB.tmp[980] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA482E
.text C:\WINDOWS\TEMP\VRT1.tmp[1372] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4751
.text C:\WINDOWS\TEMP\VRT1.tmp[1372] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA47E0
.text C:\WINDOWS\TEMP\VRT1.tmp[1372] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA47ED
.text C:\WINDOWS\TEMP\VRT1.tmp[1372] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A67
.text C:\WINDOWS\TEMP\VRT1.tmp[1372] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47D6
.text C:\WINDOWS\TEMP\VRT1.tmp[1372] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA482E
.text c:\program[1412] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4751
.text c:\program[1412] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA47E0
.text c:\program[1412] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA47ED
.text c:\program[1412] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A67
.text c:\program[1412] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47D6
.text c:\program[1412] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA482E
.text C:\WINDOWS\system32\tpsaxyd.exe[1468] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4751
.text C:\WINDOWS\system32\tpsaxyd.exe[1468] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA47E0
.text C:\WINDOWS\system32\tpsaxyd.exe[1468] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA47ED
.text C:\WINDOWS\system32\tpsaxyd.exe[1468] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A67
.text C:\WINDOWS\system32\tpsaxyd.exe[1468] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47D6
.text C:\WINDOWS\system32\tpsaxyd.exe[1468] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA482E
.text C:\WINDOWS\Explorer.EXE[1860] Explorer.EXE 0101E26B 4 Bytes [FF, 15, 98, 10]
.text C:\WINDOWS\Explorer.EXE[1860] C:\WINDOWS\Explorer.EXE section is writeable [0x01001000, 0x44689, 0xE0000060]
.reloc C:\WINDOWS\Explorer.EXE[1860] C:\WINDOWS\Explorer.EXE section is executable [0x010FB000, 0x8800, 0xE0000040]
.text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes CALL 7FFA4751
.text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes CALL 7FFA47E0
.text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes CALL 7FFA47ED
.text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!NtDeviceIoControlFile 7C90D27E 5 Bytes CALL 7FFA4A67
.text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes CALL 7FFA47D6
.text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!NtQueryInformationProcess 7C90D7FE 5 Bytes CALL 7FFA482E

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\dncyool64.sys[120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416
IAT C:\WINDOWS\system32\dncyool64.sys[120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8
IAT C:\WINDOWS\system32\dncyool64.sys[120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A
IAT C:\WINDOWS\system32\dncyool64.sys[120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337
IAT C:\WINDOWS\system32\dncyool64.sys[120] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0013471E
IAT C:\WINDOWS\system32\dncyool64.sys[120] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00134A23
IAT C:\WINDOWS\system32\dncyool64.sys[120] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 00134A7E
IAT C:\WINDOWS\system32\dncyool64.sys[120] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!PeekMessageW] 00134A7E
IAT C:\WINDOWS\system32\dncyool64.sys[120] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetMessageW] 00134A23
IAT C:\WINDOWS\system32\dncyool64.sys[120] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 0013471E
IAT C:\WINDOWS\system32\dncyool64.sys[120] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 001349F7
IAT C:\WINDOWS\system32\dncyool64.sys[120] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00134A23
IAT C:\WINDOWS\system32\dncyool64.sys[120] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00134A4F
IAT C:\WINDOWS\system32\dncyool64.sys[120] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 00134A7E
IAT C:\WINDOWS\system32\dncyool64.sys[120] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416
IAT C:\Documents and Settings\user\Desktop\gmer\gmer.exe[128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00144416
IAT C:\Documents and Settings\user\Desktop\gmer\gmer.exe[128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001443A8
IAT C:\Documents and Settings\user\Desktop\gmer\gmer.exe[128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014436A
IAT C:\Documents and Settings\user\Desktop\gmer\gmer.exe[128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00144337
IAT C:\Documents and Settings\user\Desktop\gmer\gmer.exe[128] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!PeekMessageW] 00144A7E
IAT C:\Documents and Settings\user\Desktop\gmer\gmer.exe[128] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetMessageW] 00144A23
IAT C:\Documents and Settings\user\Desktop\gmer\gmer.exe[128] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 0014471E
IAT C:\Documents and Settings\user\Desktop\gmer\gmer.exe[128] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 001449F7
IAT C:\Documents and Settings\user\Desktop\gmer\gmer.exe[128] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00144A23
IAT C:\Documents and Settings\user\Desktop\gmer\gmer.exe[128] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00144A4F
IAT C:\Documents and Settings\user\Desktop\gmer\gmer.exe[128] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 00144A7E
IAT C:\Documents and Settings\user\Desktop\gmer\gmer.exe[128] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0014471E
IAT C:\Documents and Settings\user\Desktop\gmer\gmer.exe[128] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00144A23
IAT C:\Documents and Settings\user\Desktop\gmer\gmer.exe[128] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 00144A7E
IAT C:\Documents and Settings\user\Desktop\gmer\gmer.exe[128] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00144416
IAT C:\WINDOWS\system32\services.exe[484] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00044416
IAT C:\WINDOWS\system32\services.exe[484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00044416
IAT C:\WINDOWS\system32\services.exe[484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000443A8
IAT C:\WINDOWS\system32\services.exe[484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0004436A
IAT C:\WINDOWS\system32\services.exe[484] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00044337
IAT C:\WINDOWS\system32\services.exe[484] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0004471E
IAT C:\WINDOWS\system32\services.exe[484] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00044A23
IAT C:\WINDOWS\system32\services.exe[484] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 00044A7E
IAT C:\WINDOWS\system32\services.exe[484] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!PeekMessageW] 00044A7E
IAT C:\WINDOWS\system32\services.exe[484] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetMessageW] 00044A23
IAT C:\WINDOWS\system32\services.exe[484] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 0004471E
IAT C:\WINDOWS\system32\services.exe[484] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 000449F7
IAT C:\WINDOWS\system32\services.exe[484] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00044A23
IAT C:\WINDOWS\system32\services.exe[484] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00044A4F
IAT C:\WINDOWS\system32\services.exe[484] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 00044A7E
IAT C:\WINDOWS\system32\services.exe[484] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00044416
IAT C:\WINDOWS\system32\lsass.exe[500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00B24416
IAT C:\WINDOWS\system32\lsass.exe[500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00B243A8
IAT C:\WINDOWS\system32\lsass.exe[500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00B2436A
IAT C:\WINDOWS\system32\lsass.exe[500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00B24337
IAT C:\WINDOWS\system32\lsass.exe[500] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00B243A8
IAT C:\WINDOWS\system32\lsass.exe[500] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00B24416
IAT C:\WINDOWS\system32\lsass.exe[500] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00B243A8
IAT C:\WINDOWS\system32\lsass.exe[500] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00B2436A
IAT C:\WINDOWS\system32\lsass.exe[500] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00B2471E
IAT C:\WINDOWS\system32\lsass.exe[500] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00B24A23
IAT C:\WINDOWS\system32\lsass.exe[500] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 00B24A7E
IAT C:\WINDOWS\system32\lsass.exe[500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!PeekMessageW] 00B24A7E
IAT C:\WINDOWS\system32\lsass.exe[500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetMessageW] 00B24A23
IAT C:\WINDOWS\system32\lsass.exe[500] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00B2471E
IAT C:\WINDOWS\system32\lsass.exe[500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 00B249F7
IAT C:\WINDOWS\system32\lsass.exe[500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00B24A23
IAT C:\WINDOWS\system32\lsass.exe[500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00B24A4F
IAT C:\WINDOWS\system32\lsass.exe[500] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 00B24A7E
IAT C:\WINDOWS\system32\svchost.exe[696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00764337
IAT C:\WINDOWS\system32\svchost.exe[744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00854416
IAT C:\WINDOWS\system32\svchost.exe[744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008543A8
IAT C:\WINDOWS\system32\svchost.exe[744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0085436A
IAT C:\WINDOWS\system32\svchost.exe[744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00854337
IAT C:\WINDOWS\system32\svchost.exe[744] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0085471E
IAT C:\WINDOWS\system32\svchost.exe[744] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00854A23
IAT C:\WINDOWS\system32\svchost.exe[744] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 00854A7E
IAT C:\WINDOWS\system32\svchost.exe[744] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!PeekMessageW] 00854A7E
IAT C:\WINDOWS\system32\svchost.exe[744] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetMessageW] 00854A23
IAT C:\WINDOWS\system32\svchost.exe[744] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 0085471E
IAT C:\WINDOWS\system32\svchost.exe[744] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 008549F7
IAT C:\WINDOWS\system32\svchost.exe[744] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00854A23
IAT C:\WINDOWS\system32\svchost.exe[744] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00854A4F
IAT C:\WINDOWS\system32\svchost.exe[744] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 00854A7E
IAT C:\WINDOWS\system32\svchost.exe[744] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00854416
IAT C:\WINDOWS\system32\svchost.exe[832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 01014416
IAT C:\WINDOWS\system32\svchost.exe[832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 010143A8
IAT C:\WINDOWS\system32\svchost.exe[832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0101436A
IAT C:\WINDOWS\system32\svchost.exe[832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 01014337
IAT C:\WINDOWS\system32\svchost.exe[832] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0101471E
IAT C:\WINDOWS\system32\svchost.exe[832] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 01014A23
IAT C:\WINDOWS\system32\svchost.exe[832] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 01014A7E
IAT C:\WINDOWS\system32\svchost.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!PeekMessageW] 01014A7E
IAT C:\WINDOWS\system32\svchost.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetMessageW] 01014A23
IAT C:\WINDOWS\system32\svchost.exe[832] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 0101471E
IAT C:\WINDOWS\system32\svchost.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 010149F7
IAT C:\WINDOWS\system32\svchost.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 01014A23
IAT C:\WINDOWS\system32\svchost.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 01014A4F
IAT C:\WINDOWS\system32\svchost.exe[832] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 01014A7E
IAT C:\WINDOWS\system32\svchost.exe[832] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 01014416
IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 008B4416
IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008B43A8
IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 008B436A
IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 008B4337
IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 008B471E
IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 008B4A23
IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 008B4A7E
IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!PeekMessageW] 008B4A7E
IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetMessageW] 008B4A23
IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 008B471E
IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 008B49F7
IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 008B4A23
IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 008B4A4F
IAT C:\WINDOWS\system32\svchost.exe[860] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 008B4A7E
IAT C:\WINDOWS\system32\svchost.exe[860] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 008B4416
IAT C:\DOCUME~1\user\LOCALS~1\Temp\779386532.exe[908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00144416
IAT C:\DOCUME~1\user\LOCALS~1\Temp\779386532.exe[908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001443A8
IAT C:\DOCUME~1\user\LOCALS~1\Temp\779386532.exe[908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0014436A
IAT C:\DOCUME~1\user\LOCALS~1\Temp\779386532.exe[908] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00144337
IAT C:\DOCUME~1\user\LOCALS~1\Temp\779386532.exe[908] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 001449F7
IAT C:\DOCUME~1\user\LOCALS~1\Temp\779386532.exe[908] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00144A23
IAT C:\DOCUME~1\user\LOCALS~1\Temp\779386532.exe[908] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00144A4F
IAT C:\DOCUME~1\user\LOCALS~1\Temp\779386532.exe[908] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 00144A7E
IAT C:\DOCUME~1\user\LOCALS~1\Temp\779386532.exe[908] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0014471E
IAT C:\DOCUME~1\user\LOCALS~1\Temp\779386532.exe[908] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00144A23
IAT C:\DOCUME~1\user\LOCALS~1\Temp\779386532.exe[908] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 00144A7E
IAT C:\DOCUME~1\user\LOCALS~1\Temp\779386532.exe[908] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!PeekMessageW] 00144A7E
IAT C:\DOCUME~1\user\LOCALS~1\Temp\779386532.exe[908] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetMessageW] 00144A23
IAT C:\DOCUME~1\user\LOCALS~1\Temp\779386532.exe[908] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 0014471E
IAT C:\DOCUME~1\user\LOCALS~1\Temp\779386532.exe[908] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00144416
IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 006A4416
IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 006A43A8
IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 006A436A
IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 006A4337
IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 006A471E
IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 006A4A23
IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 006A4A7E
IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!PeekMessageW] 006A4A7E
IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetMessageW] 006A4A23
IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 006A471E
IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 006A49F7
IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 006A4A23
IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 006A4A4F
IAT C:\WINDOWS\system32\svchost.exe[936] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 006A4A7E
IAT C:\WINDOWS\system32\svchost.exe[936] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 006A4416
IAT C:\WINDOWS\TEMP\BNB.tmp[980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00134416
IAT C:\WINDOWS\TEMP\BNB.tmp[980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001343A8
IAT C:\WINDOWS\TEMP\BNB.tmp[980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0013436A
IAT C:\WINDOWS\TEMP\BNB.tmp[980] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00134337
IAT C:\WINDOWS\TEMP\BNB.tmp[980] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!PeekMessageW] 00134A7E
IAT C:\WINDOWS\TEMP\BNB.tmp[980] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetMessageW] 00134A23
IAT C:\WINDOWS\TEMP\BNB.tmp[980] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 0013471E
IAT C:\WINDOWS\TEMP\BNB.tmp[980] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 001349F7
IAT C:\WINDOWS\TEMP\BNB.tmp[980] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00134A23
IAT C:\WINDOWS\TEMP\BNB.tmp[980] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00134A4F
IAT C:\WINDOWS\TEMP\BNB.tmp[980] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 00134A7E
IAT C:\WINDOWS\TEMP\BNB.tmp[980] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0013471E
IAT C:\WINDOWS\TEMP\BNB.tmp[980] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00134A23
IAT C:\WINDOWS\TEMP\BNB.tmp[980] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 00134A7E
IAT C:\WINDOWS\TEMP\BNB.tmp[980] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00134416
IAT C:\WINDOWS\TEMP\VRT1.tmp[1372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00E14416
IAT C:\WINDOWS\TEMP\VRT1.tmp[1372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00E143A8
IAT C:\WINDOWS\TEMP\VRT1.tmp[1372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00E1436A
IAT C:\WINDOWS\TEMP\VRT1.tmp[1372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00E14337
IAT C:\WINDOWS\TEMP\VRT1.tmp[1372] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00E1471E
IAT C:\WINDOWS\TEMP\VRT1.tmp[1372] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00E14A23
IAT C:\WINDOWS\TEMP\VRT1.tmp[1372] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 00E14A7E
IAT C:\WINDOWS\TEMP\VRT1.tmp[1372] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 00E149F7
IAT C:\WINDOWS\TEMP\VRT1.tmp[1372] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00E14A23
IAT C:\WINDOWS\TEMP\VRT1.tmp[1372] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00E14A4F
IAT C:\WINDOWS\TEMP\VRT1.tmp[1372] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 00E14A7E
IAT C:\WINDOWS\TEMP\VRT1.tmp[1372] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!PeekMessageW] 00E14A7E
IAT C:\WINDOWS\TEMP\VRT1.tmp[1372] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetMessageW] 00E14A23
IAT C:\WINDOWS\TEMP\VRT1.tmp[1372] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00E1471E
IAT C:\WINDOWS\TEMP\VRT1.tmp[1372] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00E14416
IAT c:\program[1412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00844416
IAT c:\program[1412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 008443A8
IAT c:\program[1412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 0084436A
IAT c:\program[1412] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00844337
IAT c:\program[1412] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0084471E
IAT c:\program[1412] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00844A23
IAT c:\program[1412] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 00844A7E
IAT c:\program[1412] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 008449F7
IAT c:\program[1412] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00844A23
IAT c:\program[1412] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00844A4F
IAT c:\program[1412] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 00844A7E
IAT c:\program[1412] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!PeekMessageW] 00844A7E
IAT c:\program[1412] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetMessageW] 00844A23
IAT c:\program[1412] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 0084471E
IAT c:\program[1412] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00844416
IAT C:\WINDOWS\system32\tpsaxyd.exe[1468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00EA4416
IAT C:\WINDOWS\system32\tpsaxyd.exe[1468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00EA43A8
IAT C:\WINDOWS\system32\tpsaxyd.exe[1468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00EA436A
IAT C:\WINDOWS\system32\tpsaxyd.exe[1468] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00EA4337
IAT C:\WINDOWS\system32\tpsaxyd.exe[1468] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00EA471E
IAT C:\WINDOWS\system32\tpsaxyd.exe[1468] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00EA4A23
IAT C:\WINDOWS\system32\tpsaxyd.exe[1468] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 00EA4A7E
IAT C:\WINDOWS\system32\tpsaxyd.exe[1468] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 00EA49F7
IAT C:\WINDOWS\system32\tpsaxyd.exe[1468] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00EA4A23
IAT C:\WINDOWS\system32\tpsaxyd.exe[1468] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00EA4A4F
IAT C:\WINDOWS\system32\tpsaxyd.exe[1468] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 00EA4A7E
IAT C:\WINDOWS\system32\tpsaxyd.exe[1468] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00EA4416
IAT C:\WINDOWS\system32\tpsaxyd.exe[1468] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!PeekMessageW] 00EA4A7E
IAT C:\WINDOWS\system32\tpsaxyd.exe[1468] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetMessageW] 00EA4A23
IAT C:\WINDOWS\system32\tpsaxyd.exe[1468] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00EA471E
IAT C:\WINDOWS\Explorer.EXE[1860] @ C:\WINDOWS\Explorer.EXE [USER32.dll!GetMessageW] 00B24A23
IAT C:\WINDOWS\Explorer.EXE[1860] @ C:\WINDOWS\Explorer.EXE [USER32.dll!PeekMessageW] 00B24A7E
IAT C:\WINDOWS\Explorer.EXE[1860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00B24416
IAT C:\WINDOWS\Explorer.EXE[1860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00B243A8
IAT C:\WINDOWS\Explorer.EXE[1860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00B2436A
IAT C:\WINDOWS\Explorer.EXE[1860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00B24337
IAT C:\WINDOWS\Explorer.EXE[1860] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageA] 00B249F7
IAT C:\WINDOWS\Explorer.EXE[1860] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetMessageW] 00B24A23
IAT C:\WINDOWS\Explorer.EXE[1860] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageA] 00B24A4F
IAT C:\WINDOWS\Explorer.EXE[1860] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!PeekMessageW] 00B24A7E
IAT C:\WINDOWS\Explorer.EXE[1860] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!PeekMessageW] 00B24A7E
IAT C:\WINDOWS\Explorer.EXE[1860] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetMessageW] 00B24A23
IAT C:\WINDOWS\Explorer.EXE[1860] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00B2471E
IAT C:\WINDOWS\Explorer.EXE[1860] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00B2471E
IAT C:\WINDOWS\Explorer.EXE[1860] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetMessageW] 00B24A23
IAT C:\WINDOWS\Explorer.EXE[1860] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!PeekMessageW] 00B24A7E
IAT C:\WINDOWS\Explorer.EXE[1860] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00B24416

---- Devices - GMER 1.0.15 ----

Device \Driver\NDIS \Device\Ndis [89E00982] NDIS.sys[.reloc]
Device \FileSystem\Cdfs \Cdfs B9BF2400
---- Processes - GMER 1.0.15 ----

Library c:\program (*** hidden *** ) @ c:\program [1412] 0x00400000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Files - GMER 1.0.15 ----

File C:\Program Files\Common Files\Pure Networks Shared\Platform\purendis\purendis.sys (size mismatch) 25272/182912 bytes executable
File C:\WINDOWS\SoftwareDistribution\Download\79123dd72d0f61d4ed8c7a816ed338d7\ndis.sys (size mismatch) 182656/182912 bytes executable
File C:\WINDOWS\ServicePackFiles\i386\ndis.sys (size mismatch) 182656/182912 bytes executable
File C:\WINDOWS\system32\dllcache\ndis.sys (size mismatch) 213376/182912 bytes executable
File C:\WINDOWS\system32\drivers\ndis.sys (size mismatch) 213376/182912 bytes executable
File C:\WINDOWS\system32\drivers\symndis.sys (size mismatch) 46208/182912 bytes executable
File C:\WINDOWS\system32\Install.txt (size mismatch) 226/270 bytes
File C:\WINDOWS\system32\ntos.exe 523264 bytes executable
File C:\WINDOWS\system32\wsnpoem 0 bytes
File C:\WINDOWS\system32\wsnpoem\audio.dll 0 bytes
File C:\WINDOWS\system32\wsnpoem\video.dll 36086 bytes

---- EOF - GMER 1.0.15 ----

Edited by T3L3PROOF, 28 April 2009 - 09:37 PM.

  • 0

#4
T3L3PROOF
Posted 28 April 2009 - 09:39 PM

T3L3PROOF

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
OTListIT.txt

OTListIt logfile created on: 4/28/2009 8:26:25 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.77 Gb Total Space | 112.70 Gb Free Space | 78.39% Space Free | Partition Type: NTFS
Drive D: | 5.26 Gb Total Space | 0.68 Gb Free Space | 12.97% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HACKS
Current User Name: user
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - c:\program Files\ThunMail\testabd.exe File not found
PRC - C:\WINDOWS\system32\tpsaxyd.exe (65.38.43.234)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\WINDOWS\system32\3361\SVCHOST.exe (All)
PRC - C:\Documents and Settings\user\Local Settings\Temp\732249922.exe ()
PRC - C:\WINDOWS\System32\reader_s.exe (Microsoft Corporation)
PRC - C:\WINDOWS\sysguard.exe (?????????? ??????????)
PRC - C:\WINDOWS\system32\dncyool64.sys (sdmggt)
PRC - C:\Documents and Settings\user\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (ccEvtMgr [Auto | Stopped]) -- c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccProxy [Auto | Stopped]) -- c:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
SRV - (ccPwdSvc [On_Demand | Stopped]) -- c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Stopped]) -- c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPodService [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (MDM [Auto | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (navapsvc [Auto | Stopped]) -- c:\Program Files\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
SRV - (NPFMntor [Auto | Stopped]) -- c:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (Symantec Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SAVScan [Disabled | Stopped]) -- c:\Program Files\Norton AntiVirus\SAVScan.exe (Symantec Corporation)
SRV - (SNDSrvc [On_Demand | Stopped]) -- c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc [On_Demand | Stopped]) -- c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (SymWSC [Auto | Stopped]) -- c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
SRV - (UMWdf [Auto | Stopped]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (msncache [Auto | Stopped]) -- C:\WINDOWS\system32\msncache.dll (2.6.0.5)
SRV - (sopidkc [Auto | Stopped]) -- C:\WINDOWS\system32\sopidkc.exe (65.543.235.12)
SRV - (6to4 [Auto | Stopped]) -- C:\WINDOWS\system32\6to4v32.dll ()
SRV - (DhcpSrv [Auto | Stopped]) -- C:\WINDOWS\dhcp\svchost.exe ()

========== Driver Services (SafeList) ==========

DRV - (AgereSoftModem [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Iviaspi [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (NAVENG [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041006.020\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20041006.020\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Pfc [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (protect [Boot | Stopped]) -- C:\WINDOWS\System32\drivers\protect.sys ()
DRV - (Ps2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\PS2.sys (Hewlett-Packard Company)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (restore [On_Demand | Stopped]) -- C:\WINDOWS\System32\Restore [2009/04/25 17:44:00 | 00,000,000 | ---D | M]
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation )
DRV - (SAVRT [On_Demand | Stopped]) -- c:\Program Files\Norton AntiVirus\SAVRT.SYS (Symantec Corporation)
DRV - (SAVRTPEL [Auto | Stopped]) -- c:\Program Files\Norton AntiVirus\SAVRTPEL.SYS (Symantec Corporation)
DRV - (SiS315 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp [System | Stopped]) -- C:\WINDOWS\system32\DRIVERS\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SymEvent [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20040813.178\SymIDSCo.sys (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viagfx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)
DRV - (qtkab87 [System | Stopped]) -- C:\WINDOWS\System32\drivers\qtkab87.sys ()

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {1B04D445-8137-4F0A-AC44-8B6D466C435C}:1.0
FF - prefs.js..extensions.enabledItems: {8396A770-0CE6-4596-8D07-F89D64B526BB}:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {DB4D516B-67C5-48EE-90A2-EF6E43183423}:1.0
FF - prefs.js..extensions.enabledItems: {E33DE41D-572C-4388-BABF-8550E62D3F96}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/28 15:31:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/28 15:31:10 | 00,000,000 | ---D | M]

[2009/04/26 21:00:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Extensions
[2009/04/26 21:00:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/26 21:00:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\wpggbgvk.default\extensions
[2009/04/28 20:12:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/25 10:43:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{1B04D445-8137-4F0A-AC44-8B6D466C435C}
[2009/04/25 12:51:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{8396A770-0CE6-4596-8D07-F89D64B526BB}
[2009/04/28 15:31:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/01/19 23:30:47 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/04/25 11:26:51 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{DB4D516B-67C5-48EE-90A2-EF6E43183423}
[2009/04/25 11:53:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{E33DE41D-572C-4388-BABF-8550E62D3F96}
[2009/04/28 15:31:07 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 15:31:07 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/10/29 23:00:50 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/29 23:00:50 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/29 23:00:50 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/10/29 23:00:50 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/29 23:00:50 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/10/29 23:00:50 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/29 23:00:50 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (181 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O1 - Hosts: 127.0.0.1 microsoft.com
O2 - BHO: (C:\WINDOWS\system32\kjsdiowq8oikf.dll) - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\kjsdiowq8oikf.dll ()
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RRT-Auto] C:\Documents and Settings\user\Desktop\RRT\RRT.exe auto File not found
O4 - HKLM..\Run: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe" (All)
O4 - HKCU..\Run: [Diagnostic Manager] C:\DOCUME~1\user\LOCALS~1\Temp\732249922.exe ()
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKLM..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\3361\SVCHOST.exe" (All)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\ntos.exe) - C:\WINDOWS\system32\ntos.exe [FILE handle not seen by OS]
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O22 - SharedTaskScheduler: {B2BA40A2-74F0-42BD-F434-12345A2C8953} - jso8joigm409gopgmrlgd - C:\WINDOWS\system32\kjsdiowq8oikf.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - D:\AUTOEXEC.BAT () - [ FAT32 ]
O32 - Autorun File - D:\AUTORUN.FCB () - [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[181 C:\*.tmp files]
[27 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/04/28 20:13:41 | 00,523,264 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTListIt2.exe
[2009/04/28 20:12:12 | 00,114,419 | ---- | C] () -- C:\Documents and Settings\user\Desktop\error1.JPG
[2009/04/28 20:11:37 | 00,113,724 | ---- | C] () -- C:\Documents and Settings\user\Desktop\error2.JPG
[2009/04/28 20:11:06 | 01,440,054 | ---- | C] () -- C:\Documents and Settings\user\Desktop\error1.bmp
[2009/04/28 19:56:59 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\iehelper.dll
[2009/04/28 19:56:41 | 00,314,384 | ---- | C] (?????????? ??????????) -- C:\WINDOWS\sysguard.exe
[2009/04/28 19:56:23 | 00,032,768 | ---- | C] () -- C:\svn.exe
[2009/04/28 19:56:22 | 00,382,976 | ---- | C] () -- C:\FWSb.exe
[2009/04/28 19:49:58 | 00,018,944 | -H-- | C] () -- C:\WINDOWS\System32\drivers\protect.sys
[2009/04/28 19:49:50 | 00,017,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\qtkab87.sys
[2009/04/28 15:33:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\gmer
[2009/04/28 15:28:45 | 00,246,272 | ---- | C] (65.38.43.234) -- C:\WINDOWS\System32\tpsaxyd.exe
[2009/04/28 15:28:45 | 00,036,864 | ---- | C] (wixdjmajfojh) -- C:\WINDOWS\System32\dpcxool64.sys
[2009/04/28 15:28:45 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\comsa32.sys
[2009/04/28 07:29:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\S
[2009/04/28 07:28:45 | 00,041,984 | ---- | C] (Doug Knox) -- C:\Documents and Settings\user\Desktop\SysRestorePoint.exe
[2009/04/27 17:38:52 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/27 17:38:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes
[2009/04/27 16:34:15 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009/04/27 16:24:49 | 00,000,000 | ---D | C] -- C:\Program Files\Hijackthis!
[2009/04/27 15:54:27 | 00,000,000 | ---D | C] -- C:\Program Files\internet explorer
[2009/04/27 15:48:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Adobe
[2009/04/27 15:48:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\My eBooks
[2009/04/27 15:45:06 | 00,016,244 | ---- | C] () -- C:\WINDOWS\System32\rrt_is.wav
[2009/04/27 15:45:06 | 00,007,302 | ---- | C] () -- C:\WINDOWS\System32\rrt_vf.wav
[2009/04/27 15:45:06 | 00,007,148 | ---- | C] () -- C:\WINDOWS\System32\rrt_tv.wav
[2009/04/27 15:45:06 | 00,006,282 | ---- | C] () -- C:\WINDOWS\System32\rrt_tn.wav
[2009/04/27 15:35:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/04/26 21:10:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Macromedia
[2009/04/26 21:10:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Adobe
[2009/04/26 21:00:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Mozilla
[2009/04/26 21:00:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Mozilla
[2009/04/26 21:00:28 | 00,000,658 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Shortcut to firefox.lnk
[2009/04/26 20:57:52 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\kjsdiowq8oikf.dll
[2009/04/26 20:57:34 | 00,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reader_s.exe
[2009/04/26 20:57:17 | 00,822,152 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db
[2009/04/26 20:57:17 | 00,002,235 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Help and Support.lnk
[2009/04/26 20:57:17 | 00,001,527 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Notepad.lnk
[2009/04/26 20:57:17 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\fusioncache.dat
[2009/04/26 20:57:17 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Startup\desktop.ini
[2009/04/26 20:57:17 | 00,000,076 | -HS- | C] () -- C:\Documents and Settings\user\My Documents\desktop.ini
[2009/04/26 20:57:17 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\user\Application Data\desktop.ini
[2009/04/26 20:57:16 | 00,000,000 | --SD | C] -- C:\Documents and Settings\user\Application Data\Microsoft
[2009/04/26 20:57:16 | 00,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\My Videos
[2009/04/26 20:57:16 | 00,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\My Pictures
[2009/04/26 20:57:16 | 00,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\My Music
[2009/04/26 20:57:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Microsoft
[2009/04/26 20:57:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\ApplicationHistory
[2009/04/26 20:57:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Apple Computer
[2009/04/26 20:57:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2009/04/26 20:57:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Symantec
[2009/04/26 20:57:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Sun
[2009/04/26 20:57:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Sonic
[2009/04/26 20:57:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\SampleView
[2009/04/26 20:57:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Real
[2009/04/26 20:57:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Intervideo
[2009/04/26 20:57:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Identities
[2009/04/26 20:57:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Apple Computer
[2009/04/26 20:31:44 | 00,000,000 | ---D | C] -- C:\Program Files\Free RAR Extract Frog
[2009/04/26 20:16:12 | 00,000,000 | ---D | C] -- C:\Program Files\Exterminate It!
[2009/04/26 19:59:11 | 00,108,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/04/26 19:59:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3361
[2009/04/26 19:59:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\dhcp
[2009/04/26 11:55:47 | 02,180,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/04/26 11:55:47 | 02,015,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/04/26 11:55:46 | 02,136,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/04/26 11:55:46 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/04/26 11:55:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2009/04/26 11:54:18 | 00,351,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2009/04/26 09:10:37 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\jksahfo93wjfkd.dll
[2009/04/26 08:26:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/04/26 08:26:50 | 00,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2009/04/26 08:19:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/04/25 23:09:23 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/25 18:51:47 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/25 18:51:47 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/25 18:51:43 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/25 18:35:40 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/25 18:16:54 | 00,000,286 | ---- | C] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2009/04/25 18:10:14 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/04/25 18:09:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2009/04/25 18:06:46 | 00,001,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Install Quicken New User Edition.lnk
[2009/04/25 18:06:46 | 00,001,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Install Game Channel.lnk
[2009/04/25 18:06:06 | 00,021,060 | ---- | C] (InterVideo, Inc.) -- C:\WINDOWS\System32\drivers\iviaspi.sys
[2009/04/25 18:00:33 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/04/25 17:55:31 | 00,059,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2009/04/25 17:55:24 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2009/04/25 17:55:23 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2009/04/25 17:55:22 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2009/04/25 17:55:21 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\DMusic.sys
[2009/04/25 17:55:18 | 00,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2009/04/25 17:55:17 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2009/04/25 17:55:16 | 00,171,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2009/04/25 17:55:16 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2009/04/25 17:55:15 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2009/04/25 17:55:14 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSKSSRV.sys
[2009/04/25 17:55:13 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSPQM.sys
[2009/04/25 17:55:12 | 00,031,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/04/25 17:55:12 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSPCLOCK.sys
[2009/04/25 17:55:10 | 00,026,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBSTOR.SYS
[2009/04/25 17:55:07 | 00,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2009/04/25 17:55:03 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2009/04/25 17:55:03 | 00,060,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2009/04/25 17:55:03 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2009/04/25 17:54:34 | 00,061,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ohci1394.sys
[2009/04/25 17:54:34 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys
[2009/04/25 17:54:33 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\1394bus.sys
[2009/04/25 17:37:18 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/04/25 13:59:05 | 00,007,168 | -HS- | C] () -- C:\WINDOWS\Thumbs.db
[2009/04/25 13:31:24 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/04/25 10:45:30 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mqcd.dbt
[2009/04/25 10:44:56 | 00,000,000 | RHSD | C] -- C:\Program Files\ThunMail
[2009/04/25 10:44:51 | 00,000,434 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2009/04/25 10:44:50 | 00,000,001 | ---- | C] () -- C:\WINDOWS\9g2234wesdf3dfgjf23
[2009/04/25 10:44:36 | 00,175,104 | ---- | C] (kgqlcwbpci Corporation) -- C:\xptfh.exe
[2009/04/25 10:44:32 | 00,043,520 | ---- | C] () -- C:\pdtivk.exe
[2009/04/25 10:44:27 | 00,000,002 | ---- | C] () -- C:\-1935368898
[2009/04/25 10:44:26 | 00,031,232 | ---- | C] () -- C:\celkadaa.exe
[2009/04/25 10:44:22 | 00,290,304 | ---- | C] () -- C:\kggi.exe
[2009/04/24 18:59:31 | 00,000,000 | ---D | C] -- C:\Program Files\nygreen.net
[2009/04/24 18:58:23 | 00,000,000 | ---D | C] -- C:\Program Files\Mind Compression
[2009/04/20 19:34:51 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2009/04/20 19:29:03 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/04/20 19:28:04 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/04/20 19:23:41 | 00,000,000 | ---D | C] -- C:\2fdb6db04d66e1b892e5351b2597b275
[2009/04/10 12:10:55 | 00,000,000 | ---D | C] -- C:\Program Files\MagicDVDRipper
[2009/04/10 11:49:08 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/04/10 11:35:10 | 00,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2009/04/10 11:34:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/04/10 11:34:54 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2009/04/09 20:02:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2009/04/09 20:02:43 | 00,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2009/04/09 20:01:57 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2008/11/12 23:19:46 | 00,000,056 | ---- | C] () -- C:\WINDOWS\wb.ini
[2004/10/28 19:21:46 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\6to4v32.dll
[2004/10/28 19:21:38 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/10/22 03:16:20 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/10/21 23:09:10 | 00,013,948 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/10/21 23:08:58 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/10/21 22:57:10 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/21 22:38:10 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2004/10/21 22:38:10 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2004/10/21 22:38:10 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2004/10/21 22:38:10 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2004/10/21 22:38:10 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2004/10/21 22:38:10 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/10/21 22:18:25 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/10/21 22:05:35 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll
[2004/10/21 22:05:35 | 00,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/10/21 21:28:28 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/10/21 21:28:28 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/10/21 21:27:01 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/10/21 21:13:11 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/10/21 20:48:55 | 00,000,572 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/10/21 20:48:09 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/10/21 20:47:59 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/09/13 23:35:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/20 03:14:46 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/08/20 03:14:46 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/08/13 19:00:18 | 00,182,912 | ---- | C] () -- C:\WINDOWS\System32\drivers\symndis.sys
[2004/08/03 14:00:00 | 00,000,006 | ---- | C] () -- C:\WINDOWS\System32\FInstall.sys
[2003/04/10 23:04:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 22:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/16 17:00:00 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000106.DLL

========== Files - Modified Within 30 Days ==========

[181 C:\*.tmp files]
[27 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/04/29 01:34:39 | 00,246,272 | ---- | M] (65.38.43.234) -- C:\WINDOWS\System32\tpsaxyd.exe
[2009/04/29 01:30:43 | 00,036,864 | ---- | M] (wixdjmajfojh) -- C:\WINDOWS\System32\dpcxool64.sys
[2009/04/28 20:13:42 | 00,523,264 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTListIt2.exe
[2009/04/28 20:12:12 | 00,114,419 | ---- | M] () -- C:\Documents and Settings\user\Desktop\error1.JPG
[2009/04/28 20:11:37 | 00,113,724 | ---- | M] () -- C:\Documents and Settings\user\Desktop\error2.JPG
[2009/04/28 20:11:06 | 01,440,054 | ---- | M] () -- C:\Documents and Settings\user\Desktop\error1.bmp
[2009/04/28 19:59:37 | 00,000,181 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/04/28 19:56:59 | 00,010,752 | ---- | M] () -- C:\WINDOWS\System32\iehelper.dll
[2009/04/28 19:56:23 | 00,314,384 | ---- | M] (?????????? ??????????) -- C:\WINDOWS\sysguard.exe
[2009/04/28 19:56:23 | 00,032,768 | ---- | M] () -- C:\svn.exe
[2009/04/28 19:56:22 | 00,382,976 | ---- | M] () -- C:\FWSb.exe
[2009/04/28 19:49:58 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\reader_s.exe
[2009/04/28 19:49:58 | 00,018,944 | -H-- | M] () -- C:\WINDOWS\System32\drivers\protect.sys
[2009/04/28 19:49:50 | 00,017,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\qtkab87.sys
[2009/04/28 15:27:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/28 07:28:46 | 00,041,984 | ---- | M] (Doug Knox) -- C:\Documents and Settings\user\Desktop\SysRestorePoint.exe
[2009/04/27 15:52:48 | 00,001,527 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Notepad.lnk
[2009/04/27 15:45:06 | 00,016,244 | ---- | M] () -- C:\WINDOWS\System32\rrt_is.wav
[2009/04/27 15:45:06 | 00,007,302 | ---- | M] () -- C:\WINDOWS\System32\rrt_vf.wav
[2009/04/27 15:45:06 | 00,007,148 | ---- | M] () -- C:\WINDOWS\System32\rrt_tv.wav
[2009/04/27 15:45:06 | 00,006,282 | ---- | M] () -- C:\WINDOWS\System32\rrt_tn.wav
[2009/04/27 15:35:48 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/26 21:01:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/26 21:00:28 | 00,000,658 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Shortcut to firefox.lnk
[2009/04/26 20:57:52 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\kjsdiowq8oikf.dll
[2009/04/26 20:57:37 | 00,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/04/26 20:57:37 | 00,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/04/26 20:52:21 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/26 20:52:21 | 00,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/26 20:52:21 | 00,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/26 20:51:39 | 00,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/26 19:59:11 | 00,108,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MSWINSCK.OCX
[2009/04/26 09:10:37 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\jksahfo93wjfkd.dll
[2009/04/25 18:51:47 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/25 18:41:45 | 00,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/25 18:17:14 | 00,003,649 | ---- | M] () -- C:\WINDOWS\viassary-hp.reg
[2009/04/25 18:17:03 | 00,000,286 | ---- | M] () -- C:\WINDOWS\tasks\Easy Internet Sign-up.job
[2009/04/25 18:10:52 | 00,000,283 | RHS- | M] () -- C:\boot.ini
[2009/04/25 18:10:02 | 00,000,244 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2009/04/25 18:07:09 | 00,000,993 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/04/25 17:58:49 | 00,000,213 | RHS- | M] () -- C:\BOOT.BAK
[2009/04/25 17:55:51 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/25 14:06:32 | 00,000,434 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2009/04/25 13:59:05 | 00,007,168 | -HS- | M] () -- C:\WINDOWS\Thumbs.db
[2009/04/25 10:45:30 | 00,000,000 | ---- | M] () -- C:\WINDOWS\mqcd.dbt
[2009/04/25 10:44:50 | 00,000,001 | ---- | M] () -- C:\WINDOWS\9g2234wesdf3dfgjf23
[2009/04/25 10:44:43 | 00,175,104 | ---- | M] (kgqlcwbpci Corporation) -- C:\xptfh.exe
[2009/04/25 10:44:34 | 00,043,520 | ---- | M] () -- C:\pdtivk.exe
[2009/04/25 10:44:28 | 00,000,002 | ---- | M] () -- C:\-1935368898
[2009/04/25 10:44:26 | 00,031,232 | ---- | M] () -- C:\celkadaa.exe
[2009/04/25 10:44:24 | 00,290,304 | ---- | M] () -- C:\kggi.exe
[2009/04/24 18:00:00 | 00,000,422 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Compaq_Owner.job
[2009/04/23 08:03:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/15 18:57:55 | 00,000,008 | ---- | M] () -- C:\WINDOWS\System32\comsa32.sys
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/05 12:55:05 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >
  • 0

#5
T3L3PROOF
Posted 28 April 2009 - 09:44 PM

T3L3PROOF

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Extras.Txt



OTListIt Extras logfile created on: 4/28/2009 8:26:25 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\user\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.77 Gb Total Space | 112.70 Gb Free Space | 78.39% Space Free | Partition Type: NTFS
Drive D: | 5.26 Gb Total Space | 0.68 Gb Free Space | 12.97% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HACKS
Current User Name: user
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes (Apple Computer, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Computer, Inc.)
C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario (Hewlett-Packard)
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FC6799-866E-44A1-A60C-DCF394CF56FD}" = iTunes
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec
"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}" = Norton Personal Firewall
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{503AA035-41E2-4858-B31F-1E49AC66C309}" = Norton Security Center
"{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}" = Norton Internet Security
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{91AA4B1F-B918-4e0b-A304-F8D4EC5D7726}" = Norton Internet Security
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A398F2DC-D706-4bb2-AC38-5532CD229D08}" = CC_ccProxyMSI
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{C3F058C0-A21C-452D-8D99-95B1A45F417D}" = InterVideo DiscLabel
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005
"{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}" = Norton Internet Security
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D6414CC7-F215-467F-88B1-546ED863F35B}" = CC_ccStart
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{E47EE8FB-ACC0-4608-859C-4E2851B18A6A}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{F7514465-E5F3-48E9-A952-327DAEF33DE6}" = InterVideo Home Theater
"{FC2C0536-583C-46c0-844A-62CECAE01F22}" = Norton Internet Security
"{FC37ABD0-2108-4beb-B010-1254E0662B5A}" = MSRedist
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"BackWeb-6750491 Uninstaller" = Compaq Connections
"Exterminate It!" = Exterminate It!
"Free RAR Extract Frog 1.00" = Free RAR Extract Frog 1.00
"Help and Support Additions" = Help and Support Additions
"HijackThis" = HijackThis 2.0.2
"InstallShield_{00FC6799-866E-44A1-A60C-DCF394CF56FD}" = iTunes
"InstallShield_{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA}" = PC-Doctor for Windows
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"LiveReg" = LiveReg (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSNINST" = MSN
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"SymSetup.{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}" = Norton Personal Firewall (Symantec Corporation)
"SymSetup.{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2005 (Symantec Corporation)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/26/2009 2:46:48 PM | Computer Name = HACKS | Source = Application Error | ID = 1000
Description = Faulting application regsvr32.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x003d0675.

Error - 4/26/2009 2:46:57 PM | Computer Name = HACKS | Source = Application Error | ID = 1000
Description = Faulting application alg.exe, version 5.1.2600.2180, faulting module
unknown, version 0.0.0.0, fault address 0x003d0675.

Error - 4/26/2009 2:51:02 PM | Computer Name = HACKS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x009c0675.

Error - 4/26/2009 2:52:33 PM | Computer Name = HACKS | Source = Application Error | ID = 1000
Description = Faulting application taskmgr.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x009b0675.

Error - 4/26/2009 2:53:09 PM | Computer Name = HACKS | Source = Application Error | ID = 1004
Description = Faulting application regsvr32.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x003d0675.

Error - 4/26/2009 2:53:21 PM | Computer Name = HACKS | Source = Application Error | ID = 1004
Description = Faulting application alg.exe, version 5.1.2600.2180, faulting module
unknown, version 0.0.0.0, fault address 0x003d0675.

Error - 4/26/2009 10:59:27 PM | Computer Name = HACKS | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 4/26/2009 11:01:36 PM | Computer Name = HACKS | Source = Application Error | ID = 1000
Description = Faulting application hijackthis.exe, version 2.0.0.2, faulting module
hijackthis.exe, version 2.0.0.2, fault address 0x00162c74.

Error - 4/26/2009 11:01:40 PM | Computer Name = HACKS | Source = Application Error | ID = 1000
Description = Faulting application hijackthis.exe, version 2.0.0.2, faulting module
hijackthis.exe, version 2.0.0.2, fault address 0x00162c74.

Error - 4/27/2009 6:24:32 PM | Computer Name = HACKS | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 4/28/2009 10:23:37 AM | Computer Name = HACKS | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 4/28/2009 10:23:37 AM | Computer Name = HACKS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm SYMTDI

Error - 4/28/2009 11:11:44 AM | Computer Name = HACKS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/28/2009 6:28:05 PM | Computer Name = HACKS | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 4/28/2009 6:29:35 PM | Computer Name = HACKS | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 4/28/2009 6:29:35 PM | Computer Name = HACKS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm SYMTDI

Error - 4/28/2009 6:31:00 PM | Computer Name = HACKS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/28/2009 10:48:52 PM | Computer Name = HACKS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.103 for the Network Card with network
address 0011D82881B8 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/28/2009 11:10:56 PM | Computer Name = HACKS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/28/2009 11:11:25 PM | Computer Name = HACKS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >
  • 0

#6
Thunderbird1988
Posted 28 April 2009 - 11:53 PM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello T3L3PROOF,

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. :)

If you decice to continue, please do the following:

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Thunderbird1988
  • 0

#7
T3L3PROOF
Posted 29 April 2009 - 04:37 PM

T3L3PROOF

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Hello ThunderBird1988,

I am getting this message from ComboFix all the time, nothing is running, other then the program itself, and I get this message: http://i42.tinypic.com/30u7o1f.jpg

I also need help with formatting my computer, first of all, I do not have the disk that came with the computer, this computer is from the year 2004- 2005 and I do not remember getting the disks for the computer. So is there another way I can get them?

And what do I do with the combo fix :)

One more thing, how bad is my situation here?
  • 0

#8
Thunderbird1988
Posted 30 April 2009 - 03:28 AM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello T3L3PROOF,

One more thing, how bad is my situation here?


To be honest, your computer is badly infected. At the moment, I can not say if we are able to let your computer recover from its infections.

If you want to continue with the cleaning process please do the following:


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'No to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.

Please do not let Dr. Web clean the infections it found until you are asked to do so.

Thunderbird1988
  • 0

#9
T3L3PROOF
Posted 30 April 2009 - 08:30 AM

T3L3PROOF

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
:) :) :)

Unfortunately this virus!! Blocked the download http://i41.tinypic.com/2ainhn6.jpg

I'm thinking maybe we should take away the effects off the virus (if possible) step by step so then it would be easier to delete it. I clearly have no clue whats going on, Ive never had a virus do this to me! :) I feel really hopeless about my situation here.
  • 0

#10
T3L3PROOF
Posted 01 May 2009 - 09:08 AM

T3L3PROOF

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Is there a way to format my hardrive without the disks that the computer needs? or a alternative way?
  • 0

Advertisements

#11
Thunderbird1988
Posted 02 May 2009 - 05:15 AM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello T3L3PROOF,

If you want to re-install Windows you need a Windows CD. If your computer didn't came with a Windows cd. Maybe you can borrow one from a friend, otherwise, you will need to buy one.

You will also need your cd license key. If you don't know it, you can retrieve it by using Magic jelly bean keyfinder.

Thunderbird1988
  • 0

#12
T3L3PROOF
Posted 10 May 2009 - 10:01 AM

T3L3PROOF

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Ok I think I should buy one, but what store sells them? and does the CD just have to be for XP? or does it have to be specific?
  • 0

#13
Thunderbird1988
Posted 11 May 2009 - 12:20 AM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Hello T3L3PROOF,

You can order Windows XP at www.tigerdirect.com You can choose any version of XP you like. You can also choose to upgrade to Windows Vista. If you want to know what version you should choose. I recommand you to start a new topic here as they have more knowledge about that topic. If you have any malware related questions, please let me know.

Thunderbird1988
  • 0

#14
T3L3PROOF
Posted 12 May 2009 - 05:40 PM

T3L3PROOF

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
thank you for your help I will donate 20 dollars to you when my computer is back, right now the virus made me lose connectivity to the internet from my computer and im writting this from my Playstation 3. you may now close this topic. :)
  • 0

#15
Thunderbird1988
Posted 14 May 2009 - 08:58 AM

Thunderbird1988

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,416 posts
Ok then, I wish you good luck with teh re-installation of your Windows and thank you in advacne for your donation :)

Thunderbird1988
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP