Any help or advice would be appreciated.
Spyware 2009, can't remove or use Malware
Started by
scruffy griff
, May 17 2009 10:28 AM
#1
Posted 17 May 2009 - 10:28 AM
Any help or advice would be appreciated.
#2
Posted 17 May 2009 - 01:22 PM
Hello scruffy griff
Welcome to G2Go.
=====================
Download This file. Note its name and save it to your root folder, such as C:\.
Welcome to G2Go.
=====================
- Download OTListIt2 to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Under the Standard Registry box change it to All.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
Download This file. Note its name and save it to your root folder, such as C:\.
- Disconnect from the Internet and close all running programs.
- Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
- Click on this link to see a list of programs that should be disabled.
- Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
- Allow the driver to load if asked.
- You may be prompted to scan immediately if it detects rootkit activity.
- If you are prompted to scan your system click "Yes" to begin the scan.
- If not prompted, click the "Rootkit/Malware" tab.
- On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
- Select all drives that are connected to your system to be scanned.
- Click the Scan button to begin. (Please be patient as it can take some time to complete)
- When the scan is finished, click Save to save the scan results to your Desktop.
- Save the file as Results.log and copy/paste the contents in your next reply.
- Exit the program and re-enable all active protection when done.
#3
Posted 17 May 2009 - 02:44 PM
here are the scan results
OTListIt logfile created on: 5/17/2009 2:02:44 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Bobbe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.41% Memory free
3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 660.05 Gb Free Space | 94.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BOBBE-FFCEBA743
Current User Name: Bobbe
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office\OSA.EXE ()
PRC - C:\Documents and Settings\Bobbe\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (gupdate1c9c689c1082348 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (nTuneService [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
========== Driver Services (SafeList) ==========
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVR0Dev [On_Demand | Running]) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.)
DRV - (Point32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/23 19:36:17 | 00,000,000 | ---D | M]
O1 HOSTS File: (305936 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10536 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent File not found
O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (NVIDIA)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Bobbe\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/10 11:33:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5b14f7d3-c41d-11dc-a16d-00125a0fa624}\Shell - "" = AutoRun
O33 - MountPoints2\{5b14f7d3-c41d-11dc-a16d-00125a0fa624}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5b14f7d3-c41d-11dc-a16d-00125a0fa624}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/17 14:02:03 | 00,000,000 | ---D | M]
========== Files/Folders - Created Within 30 Days ==========
[2009/05/17 13:58:21 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bobbe\Desktop\OTListIt2.exe
[2009/05/17 08:26:40 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/17 08:22:41 | 00,001,777 | ---- | C] () -- C:\Documents and Settings\Bobbe\Desktop\HijackThis.lnk
[2009/05/17 08:17:37 | 00,000,823 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/17 08:17:37 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/17 08:17:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bobbe\Application Data\SUPERAntiSpyware.com
[2009/05/17 08:17:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/05/17 08:11:38 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/17 07:39:10 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\iehelper.dll
[2009/05/17 07:29:08 | 00,292,880 | ---- | C] (?????????? ??????????) -- C:\WINDOWS\sysguard.exe
[2009/05/06 16:40:21 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Bobbe\Desktop\setup-spybotsd162.exe
[2009/04/26 10:34:50 | 00,000,692 | ---- | C] () -- C:\Documents and Settings\Bobbe\My Documents\2881 East Upland Drive.kmz
[2009/04/26 10:13:26 | 00,001,879 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk
[2009/04/26 10:12:11 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/19 07:47:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/04/19 07:47:12 | 00,001,478 | ---- | C] () -- C:\DivX Author – Create DivX Movies.lnk
[2009/04/19 07:47:12 | 00,001,410 | ---- | C] () -- C:\Enhance your video soundtracks.lnk
[2009/04/19 07:47:12 | 00,001,364 | ---- | C] () -- C:\Post DivX® video to your website.lnk
[2009/04/18 08:59:29 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/18 08:59:29 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/18 08:59:29 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/18 08:59:29 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/18 08:59:29 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/18 08:59:29 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/18 08:59:29 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/18 08:59:29 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/18 08:59:29 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/18 08:59:13 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/18 08:59:13 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/18 08:59:12 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2008/10/15 18:34:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Topo.INI
[2008/06/30 20:03:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/06/05 17:19:17 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/02/24 10:01:02 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/12 08:49:06 | 00,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/11 13:48:46 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/01/11 13:48:46 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/01/11 13:48:46 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/01/11 13:48:46 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/01/11 13:48:22 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/01/11 12:56:24 | 00,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/05 16:59:14 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2004/08/04 06:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 06:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1996/11/17 02:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 02:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 02:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/17 14:00:56 | 00,464,860 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/17 14:00:56 | 00,397,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/17 14:00:56 | 00,059,984 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/17 13:58:22 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bobbe\Desktop\OTListIt2.exe
[2009/05/17 13:57:16 | 00,013,706 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/17 13:56:42 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/05/17 13:56:36 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Bobbe\Local Settings\desktop.ini
[2009/05/17 13:56:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/17 13:56:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/17 13:05:45 | 00,000,976 | ---- | M] () -- C:\Documents and Settings\Bobbe\Desktop\Spybot - Search & Destroy.lnk
[2009/05/17 08:22:41 | 00,001,777 | ---- | M] () -- C:\Documents and Settings\Bobbe\Desktop\HijackThis.lnk
[2009/05/17 08:17:37 | 00,000,823 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/17 07:39:10 | 00,010,752 | ---- | M] () -- C:\WINDOWS\System32\iehelper.dll
[2009/05/17 07:28:54 | 00,292,880 | ---- | M] (?????????? ??????????) -- C:\WINDOWS\sysguard.exe
[2009/05/09 14:01:12 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/07 01:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 19:53:52 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/06 17:38:16 | 00,305,936 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/05/06 16:42:03 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Bobbe\Desktop\setup-spybotsd162.exe
[2009/04/26 10:34:50 | 00,000,692 | ---- | M] () -- C:\Documents and Settings\Bobbe\My Documents\2881 East Upland Drive.kmz
[2009/04/26 10:13:26 | 00,001,879 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk
[2009/04/19 07:47:42 | 00,000,838 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\DivX Player.lnk
[2009/04/19 07:47:12 | 00,001,478 | ---- | M] () -- C:\DivX Author – Create DivX Movies.lnk
[2009/04/19 07:47:12 | 00,001,410 | ---- | M] () -- C:\Enhance your video soundtracks.lnk
[2009/04/19 07:47:12 | 00,001,364 | ---- | M] () -- C:\Post DivX® video to your website.lnk
[2009/04/19 07:47:12 | 00,001,280 | ---- | M] () -- C:\DivX.com.lnk
[2009/04/18 09:12:41 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== LOP Check ==========
[2009/01/20 17:09:37 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data
[2008/02/05 17:37:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
[2008/01/11 18:11:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
[2008/01/11 18:11:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
[2008/12/16 12:54:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Applications
[2009/02/03 21:33:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2008/10/26 19:48:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2008/01/13 08:32:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
[2009/01/19 21:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
[2009/05/17 13:57:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2009/01/20 14:50:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2008/01/12 07:57:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
[2009/05/17 08:17:37 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Bobbe\Application Data
[2008/01/14 16:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Adobe
[2008/01/11 18:18:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Apple Computer
[2008/01/16 04:42:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\DivX
[2008/01/21 17:59:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\ESRI
[2008/01/21 18:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Google
[2008/01/10 20:45:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Identities
[2009/05/09 15:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\LimeWire
[2008/01/11 13:49:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Macromedia
[2008/10/26 19:48:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Malwarebytes
[2008/06/05 17:19:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Bobbe\Application Data\Microsoft
[2008/01/12 08:53:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Microsoft Web Folders
[2009/03/11 15:53:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Mozilla
[2009/01/17 12:36:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Real
[2008/01/20 05:30:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Sun
[2009/05/17 08:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\SUPERAntiSpyware.com
[2009/02/16 11:38:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\U3
[2008/01/11 13:59:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Webroot
[2008/01/11 16:55:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Winamp
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/05/17 13:56:42 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job
[2009/05/17 13:56:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34
< End of report >
OTListIt Extras logfile created on: 5/17/2009 2:02:44 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Bobbe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.41% Memory free
3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 660.05 Gb Free Space | 94.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BOBBE-FFCEBA743
Current User Name: Bobbe
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B18E7E2-AFCA-4CBE-8CD5-3613315AB262}" = ArcGIS Explorer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{97A908F8-F3B6-44ED-83BB-55E7BFE23F06}" = TOPO!
"{A057B18D-0622-4931-8A3B-43C6C64622AA}" = TOPO! Utah Map Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A98AFBC7-D5A7-46A1-8795-EABE2F55A7D6}" = Microsoft Office Live Meeting 2007
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EB88B6218325D2AB47CFFBF7170236B60A6198FF" = Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
"FLV Player" = FLV Player 2.0 (build 25)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{97A908F8-F3B6-44ED-83BB-55E7BFE23F06}" = TOPO!
"InstallShield_{A057B18D-0622-4931-8A3B-43C6C64622AA}" = TOPO! Utah Map Pack
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"LimeWire" = LimeWire 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Office8.0" = Microsoft Office 97, Professional Edition
"ProjectManagementIQ" = ProjectManagementIQ
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"Winamp" = Winamp
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/30/2008 10:01:56 PM | Computer Name = BOBBE-FFCEBA743 | Source = Application Hang | ID = 1002
Description = Hanging application IDriver.exe, version 8.1.0.293, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 7/5/2008 12:38:15 PM | Computer Name = BOBBE-FFCEBA743 | Source = Application Error | ID = 1000
Description = Faulting application divx player.exe, version 6.7.0.22, faulting module
divx player.exe, version 6.7.0.22, fault address 0x000f3de0.
Error - 8/13/2008 5:34:23 PM | Computer Name = BOBBE-FFCEBA743 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16674, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 10/3/2008 3:06:19 PM | Computer Name = BOBBE-FFCEBA743 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16674, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 5/17/2009 12:21:22 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2
Error - 5/17/2009 12:21:22 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep
Error - 5/17/2009 3:03:44 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate1c9c689c1082348) service to connect.
Error - 5/17/2009 3:03:44 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate1c9c689c1082348) service failed
to start due to the following error: %%1053
Error - 5/17/2009 3:03:44 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2
Error - 5/17/2009 3:03:44 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep
Error - 5/17/2009 3:58:09 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate1c9c689c1082348) service to connect.
Error - 5/17/2009 3:58:09 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate1c9c689c1082348) service failed
to start due to the following error: %%1053
Error - 5/17/2009 3:58:09 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2
Error - 5/17/2009 3:58:09 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep
< End of report >
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-17 14:41:56
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
Code 8A392748 ZwEnumerateKey
Code 8A38ECB0 ZwFlushInstructionCache
Code 89EC58A6 IofCallDriver
Code 8A30A1AE IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 89EC58AB
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 8A30A1B3
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[284] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00C0000A
.text C:\WINDOWS\Explorer.EXE[284] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00C1000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A0000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A1000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WININET.dll!HttpAddRequestHeadersA 7805FB35 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WININET.dll!HttpAddRequestHeadersW 780CD015 5 Bytes JMP 00E6000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E7F9F0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E80A60 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00E808A0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E80780 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E7FDA0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E7FFD0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\WINDOWS\system32\ctfmon.exe[500] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\ctfmon.exe[500] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\nvsvc32.exe[628] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006C000A
.text C:\WINDOWS\system32\nvsvc32.exe[628] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 006D000A
.text C:\WINDOWS\system32\RUNDLL32.EXE[644] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A7000A
.text C:\WINDOWS\system32\RUNDLL32.EXE[644] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A8000A
.text C:\WINDOWS\RTHDCPL.EXE[652] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01A4000A
.text C:\WINDOWS\RTHDCPL.EXE[652] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 01A5000A
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[688] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 007A000A
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[688] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 007B000A
.text C:\Program Files\Winamp\winampa.exe[708] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008C000A
.text C:\Program Files\Winamp\winampa.exe[708] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008D000A
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[736] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A9000A
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[736] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AA000A
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[744] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B6000A
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[744] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00B7000A
.text C:\WINDOWS\system32\rundll32.exe[788] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A7000A
.text C:\WINDOWS\system32\rundll32.exe[788] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A8000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[796] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00BA000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[796] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00BC000A
.text C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[828] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0098000A
.text C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[828] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0099000A
.text C:\Program Files\Messenger\msmsgs.exe[888] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00AC000A
.text C:\Program Files\Messenger\msmsgs.exe[888] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AD000A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[916] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00DB000A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[916] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00DC000A
.text C:\Program Files\Webroot\Washer\wwDisp.exe[944] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0166000A
.text C:\Program Files\Webroot\Washer\wwDisp.exe[944] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0167000A
.text C:\WINDOWS\system32\winlogon.exe[964] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0068000A
.text C:\WINDOWS\system32\winlogon.exe[964] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0069000A
.text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0071000A
.text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0075000A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1320] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0094000A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1320] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0096000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0072000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0073000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0098000A
.text C:\Program Files\internet explorer\iexplore.exe[1996] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A0000A
.text C:\Program Files\internet explorer\iexplore.exe[1996] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A1000A
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] WININET.dll!HttpAddRequestHeadersA 7805FB35 5 Bytes JMP 00DE000A
.text C:\Program Files\internet explorer\iexplore.exe[1996] WININET.dll!HttpAddRequestHeadersW 780CD015 5 Bytes JMP 00E6000A
.text C:\Program Files\internet explorer\iexplore.exe[1996] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E7F9F0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\internet explorer\iexplore.exe[1996] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E80A60 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\internet explorer\iexplore.exe[1996] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00E808A0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\internet explorer\iexplore.exe[1996] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E80780 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\internet explorer\iexplore.exe[1996] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E7FDA0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\internet explorer\iexplore.exe[1996] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E7FFD0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2276] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0081000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2276] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0085000A
.text C:\WINDOWS\System32\alg.exe[2712] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0075000A
.text C:\WINDOWS\System32\alg.exe[2712] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0077000A
.text C:\data\s4zrwz0f.exe[3548] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009E000A
.text C:\data\s4zrwz0f.exe[3548] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009F000A
.text C:\WINDOWS\system32\wuauclt.exe[3596] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\wuauclt.exe[3596] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0070000A
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
---- Devices - GMER 1.0.15 ----
Device \Driver\BTHUSB \Device\00000071 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000071 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000073 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000073 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [320] 0x00E70000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1204] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1256] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1404] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1476] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1540] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1576] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1656] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\Program Files\internet explorer\iexplore.exe [1996] 0x00E70000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2044] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [3372] 0x00A00000
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\UACqwhkltoqooblxfu.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a0fa624
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACqwhkltoqooblxfu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACqwhkltoqooblxfu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwnvdpqxmkiicpqe.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACtxvkbtkcpalkmtb.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACeplrsrmbjitexym.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACexmyxiqrbwemhxn.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACgwvjbpigbccxoii.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACdojvraipjewodaf.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACwhfertvxtbopobv.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACwsrugbwbfwgdyos.log
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00125a0fa624
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACqwhkltoqooblxfu.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACqwhkltoqooblxfu.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwnvdpqxmkiicpqe.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACtxvkbtkcpalkmtb.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACeplrsrmbjitexym.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACexmyxiqrbwemhxn.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACgwvjbpigbccxoii.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACdojvraipjewodaf.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACwhfertvxtbopobv.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACwsrugbwbfwgdyos.log
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Bobbe\Local Settings\temp\UAC3a1d.tmp 343040 bytes executable
File C:\Documents and Settings\Bobbe\Local Settings\Temporary Internet Files\Content.IE5\XRBRQ4UP\uacjjqpwwccciiiwvcuum.akc 56 bytes
File C:\WINDOWS\system32\drivers\UACqwhkltoqooblxfu.sys 52224 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\UACdojvraipjewodaf.log 2550 bytes
File C:\WINDOWS\system32\UACeplrsrmbjitexym.dll 19968 bytes executable
File C:\WINDOWS\system32\UACexmyxiqrbwemhxn.dll 17408 bytes executable
File C:\WINDOWS\system32\UACgwvjbpigbccxoii.dll 19968 bytes executable
File C:\WINDOWS\system32\uacinit.dll 5584 bytes
File C:\WINDOWS\system32\UACtxvkbtkcpalkmtb.dat 224 bytes
File C:\WINDOWS\system32\UACwmltqsttvdjdfyy.dll 66560 bytes
File C:\WINDOWS\system32\UACwnvdpqxmkiicpqe.dll 24064 bytes executable
---- EOF - GMER 1.0.15 ----
OTListIt logfile created on: 5/17/2009 2:02:44 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Bobbe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.41% Memory free
3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 660.05 Gb Free Space | 94.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BOBBE-FFCEBA743
Current User Name: Bobbe
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== Processes (SafeList) ==========
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office\OSA.EXE ()
PRC - C:\Documents and Settings\Bobbe\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (gupdate1c9c689c1082348 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (nTuneService [Auto | Running]) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
========== Driver Services (SafeList) ==========
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVR0Dev [On_Demand | Running]) -- C:\WINDOWS\nvoclock.sys (NVidia Corp.)
DRV - (Point32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\point32.sys (Microsoft Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/01/23 19:36:17 | 00,000,000 | ---D | M]
O1 HOSTS File: (305936 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10536 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent File not found
O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe /EnsureFileVersions (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (NVIDIA)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Bobbe\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/10 11:33:01 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5b14f7d3-c41d-11dc-a16d-00125a0fa624}\Shell - "" = AutoRun
O33 - MountPoints2\{5b14f7d3-c41d-11dc-a16d-00125a0fa624}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5b14f7d3-c41d-11dc-a16d-00125a0fa624}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/17 14:02:03 | 00,000,000 | ---D | M]
========== Files/Folders - Created Within 30 Days ==========
[2009/05/17 13:58:21 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bobbe\Desktop\OTListIt2.exe
[2009/05/17 08:26:40 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/17 08:22:41 | 00,001,777 | ---- | C] () -- C:\Documents and Settings\Bobbe\Desktop\HijackThis.lnk
[2009/05/17 08:17:37 | 00,000,823 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/17 08:17:37 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/17 08:17:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bobbe\Application Data\SUPERAntiSpyware.com
[2009/05/17 08:17:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/05/17 08:11:38 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/05/17 07:39:10 | 00,010,752 | ---- | C] () -- C:\WINDOWS\System32\iehelper.dll
[2009/05/17 07:29:08 | 00,292,880 | ---- | C] (?????????? ??????????) -- C:\WINDOWS\sysguard.exe
[2009/05/06 16:40:21 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Bobbe\Desktop\setup-spybotsd162.exe
[2009/04/26 10:34:50 | 00,000,692 | ---- | C] () -- C:\Documents and Settings\Bobbe\My Documents\2881 East Upland Drive.kmz
[2009/04/26 10:13:26 | 00,001,879 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk
[2009/04/26 10:12:11 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/19 07:47:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/04/19 07:47:12 | 00,001,478 | ---- | C] () -- C:\DivX Author – Create DivX Movies.lnk
[2009/04/19 07:47:12 | 00,001,410 | ---- | C] () -- C:\Enhance your video soundtracks.lnk
[2009/04/19 07:47:12 | 00,001,364 | ---- | C] () -- C:\Post DivX® video to your website.lnk
[2009/04/18 08:59:29 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/18 08:59:29 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/18 08:59:29 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/18 08:59:29 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/18 08:59:29 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/18 08:59:29 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/18 08:59:29 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/18 08:59:29 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/18 08:59:29 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/18 08:59:13 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/18 08:59:13 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/18 08:59:12 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2008/10/15 18:34:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Topo.INI
[2008/06/30 20:03:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2008/06/05 17:19:17 | 00,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/02/24 10:01:02 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/12 08:49:06 | 00,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/11 13:48:46 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/01/11 13:48:46 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/01/11 13:48:46 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/01/11 13:48:46 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/01/11 13:48:22 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/01/11 12:56:24 | 00,143,360 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/05 16:59:14 | 00,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2004/08/04 06:00:00 | 00,000,573 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 06:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1996/11/17 02:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/11/17 02:00:00 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/11/17 02:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
========== Files - Modified Within 30 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/17 14:00:56 | 00,464,860 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/17 14:00:56 | 00,397,890 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/17 14:00:56 | 00,059,984 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/17 13:58:22 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bobbe\Desktop\OTListIt2.exe
[2009/05/17 13:57:16 | 00,013,706 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/17 13:56:42 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/05/17 13:56:36 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Bobbe\Local Settings\desktop.ini
[2009/05/17 13:56:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/17 13:56:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/17 13:05:45 | 00,000,976 | ---- | M] () -- C:\Documents and Settings\Bobbe\Desktop\Spybot - Search & Destroy.lnk
[2009/05/17 08:22:41 | 00,001,777 | ---- | M] () -- C:\Documents and Settings\Bobbe\Desktop\HijackThis.lnk
[2009/05/17 08:17:37 | 00,000,823 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/05/17 07:39:10 | 00,010,752 | ---- | M] () -- C:\WINDOWS\System32\iehelper.dll
[2009/05/17 07:28:54 | 00,292,880 | ---- | M] (?????????? ??????????) -- C:\WINDOWS\sysguard.exe
[2009/05/09 14:01:12 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/07 01:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 19:53:52 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/05/06 17:38:16 | 00,305,936 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/05/06 16:42:03 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Bobbe\Desktop\setup-spybotsd162.exe
[2009/04/26 10:34:50 | 00,000,692 | ---- | M] () -- C:\Documents and Settings\Bobbe\My Documents\2881 East Upland Drive.kmz
[2009/04/26 10:13:26 | 00,001,879 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Google Earth.lnk
[2009/04/19 07:47:42 | 00,000,838 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\DivX Player.lnk
[2009/04/19 07:47:12 | 00,001,478 | ---- | M] () -- C:\DivX Author – Create DivX Movies.lnk
[2009/04/19 07:47:12 | 00,001,410 | ---- | M] () -- C:\Enhance your video soundtracks.lnk
[2009/04/19 07:47:12 | 00,001,364 | ---- | M] () -- C:\Post DivX® video to your website.lnk
[2009/04/19 07:47:12 | 00,001,280 | ---- | M] () -- C:\DivX.com.lnk
[2009/04/18 09:12:41 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
========== LOP Check ==========
[2009/01/20 17:09:37 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data
[2008/02/05 17:37:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
[2008/01/11 18:11:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
[2008/01/11 18:11:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
[2008/12/16 12:54:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Applications
[2009/02/03 21:33:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
[2008/10/26 19:48:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2008/01/13 08:32:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
[2009/01/19 21:17:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
[2009/05/17 13:57:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
[2009/01/20 14:50:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
[2008/01/12 07:57:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Windows Genuine Advantage
[2009/05/17 08:17:37 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Bobbe\Application Data
[2008/01/14 16:25:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Adobe
[2008/01/11 18:18:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Apple Computer
[2008/01/16 04:42:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\DivX
[2008/01/21 17:59:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\ESRI
[2008/01/21 18:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Google
[2008/01/10 20:45:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Identities
[2009/05/09 15:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\LimeWire
[2008/01/11 13:49:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Macromedia
[2008/10/26 19:48:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Malwarebytes
[2008/06/05 17:19:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Bobbe\Application Data\Microsoft
[2008/01/12 08:53:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Microsoft Web Folders
[2009/03/11 15:53:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Mozilla
[2009/01/17 12:36:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Real
[2008/01/20 05:30:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Sun
[2009/05/17 08:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\SUPERAntiSpyware.com
[2009/02/16 11:38:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\U3
[2008/01/11 13:59:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Webroot
[2008/01/11 16:55:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Bobbe\Application Data\Winamp
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/05/17 13:56:42 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job
[2009/05/17 13:56:36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP:5C321E34
< End of report >
OTListIt Extras logfile created on: 5/17/2009 2:02:44 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Bobbe\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.41% Memory free
3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 660.05 Gb Free Space | 94.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BOBBE-FFCEBA743
Current User Name: Bobbe
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11
"{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Camera Support Core Library
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = RAW Image Task 1.1
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B18E7E2-AFCA-4CBE-8CD5-3613315AB262}" = ArcGIS Explorer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{97A908F8-F3B6-44ED-83BB-55E7BFE23F06}" = TOPO!
"{A057B18D-0622-4931-8A3B-43C6C64622AA}" = TOPO! Utah Map Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A98AFBC7-D5A7-46A1-8795-EABE2F55A7D6}" = Microsoft Office Live Meeting 2007
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Camera Window
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{BEF56F2D-56ED-4176-BF72-7B68D4A3B98D}" = Canon PhotoRecord
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = RemoteCapture Task 1.0.3
"{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = MovieEdit Task
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = PhotoStitch
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EB88B6218325D2AB47CFFBF7170236B60A6198FF" = Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
"FLV Player" = FLV Player 2.0 (build 25)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{26BDE7D8-93F0-4A07-AD47-1707DB417941}" = Canon Camera Support Core Library
"InstallShield_{68E7E8BD-2233-49BE-81D6-1A1FAF1B5196}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{97A908F8-F3B6-44ED-83BB-55E7BFE23F06}" = TOPO!
"InstallShield_{A057B18D-0622-4931-8A3B-43C6C64622AA}" = TOPO! Utah Map Pack
"InstallShield_{B34BE30D-A759-4EC2-B58F-19FE2DEBF651}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{CF2C1A86-5A98-4862-A3AE-9992E3A6427D}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{DE286975-ACF1-45B8-9EF7-34E162B2C817}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{EF4C7EB0-D71B-43A3-9552-8053DE4B0401}" = Canon Utilities PhotoStitch 3.1
"LimeWire" = LimeWire 5.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Office8.0" = Microsoft Office 97, Professional Edition
"ProjectManagementIQ" = ProjectManagementIQ
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"Winamp" = Winamp
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/30/2008 10:01:56 PM | Computer Name = BOBBE-FFCEBA743 | Source = Application Hang | ID = 1002
Description = Hanging application IDriver.exe, version 8.1.0.293, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 7/5/2008 12:38:15 PM | Computer Name = BOBBE-FFCEBA743 | Source = Application Error | ID = 1000
Description = Faulting application divx player.exe, version 6.7.0.22, faulting module
divx player.exe, version 6.7.0.22, fault address 0x000f3de0.
Error - 8/13/2008 5:34:23 PM | Computer Name = BOBBE-FFCEBA743 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16674, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 10/3/2008 3:06:19 PM | Computer Name = BOBBE-FFCEBA743 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16674, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 5/17/2009 12:21:22 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2
Error - 5/17/2009 12:21:22 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep
Error - 5/17/2009 3:03:44 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate1c9c689c1082348) service to connect.
Error - 5/17/2009 3:03:44 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate1c9c689c1082348) service failed
to start due to the following error: %%1053
Error - 5/17/2009 3:03:44 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2
Error - 5/17/2009 3:03:44 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep
Error - 5/17/2009 3:58:09 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate1c9c689c1082348) service to connect.
Error - 5/17/2009 3:58:09 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate1c9c689c1082348) service failed
to start due to the following error: %%1053
Error - 5/17/2009 3:58:09 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2
Error - 5/17/2009 3:58:09 PM | Computer Name = BOBBE-FFCEBA743 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep
< End of report >
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-17 14:41:56
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
Code 8A392748 ZwEnumerateKey
Code 8A38ECB0 ZwFlushInstructionCache
Code 89EC58A6 IofCallDriver
Code 8A30A1AE IofCompleteRequest
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 89EC58AB
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 8A30A1B3
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[284] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00C0000A
.text C:\WINDOWS\Explorer.EXE[284] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00C1000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A0000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A1000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WININET.dll!HttpAddRequestHeadersA 7805FB35 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WININET.dll!HttpAddRequestHeadersW 780CD015 5 Bytes JMP 00E6000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E7F9F0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E80A60 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00E808A0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E80780 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E7FDA0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\Internet Explorer\Iexplore.exe[320] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E7FFD0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\WINDOWS\system32\ctfmon.exe[500] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0098000A
.text C:\WINDOWS\system32\ctfmon.exe[500] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0099000A
.text C:\WINDOWS\system32\nvsvc32.exe[628] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006C000A
.text C:\WINDOWS\system32\nvsvc32.exe[628] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 006D000A
.text C:\WINDOWS\system32\RUNDLL32.EXE[644] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A7000A
.text C:\WINDOWS\system32\RUNDLL32.EXE[644] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A8000A
.text C:\WINDOWS\RTHDCPL.EXE[652] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 01A4000A
.text C:\WINDOWS\RTHDCPL.EXE[652] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 01A5000A
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[688] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 007A000A
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[688] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 007B000A
.text C:\Program Files\Winamp\winampa.exe[708] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 008C000A
.text C:\Program Files\Winamp\winampa.exe[708] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 008D000A
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[736] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A9000A
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[736] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AA000A
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[744] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00B6000A
.text C:\Program Files\Microsoft IntelliPoint\point32.exe[744] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00B7000A
.text C:\WINDOWS\system32\rundll32.exe[788] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A7000A
.text C:\WINDOWS\system32\rundll32.exe[788] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A8000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[796] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00BA000A
.text C:\Program Files\Java\jre6\bin\jusched.exe[796] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00BC000A
.text C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[828] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0098000A
.text C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe[828] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0099000A
.text C:\Program Files\Messenger\msmsgs.exe[888] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00AC000A
.text C:\Program Files\Messenger\msmsgs.exe[888] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AD000A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[916] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00DB000A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[916] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00DC000A
.text C:\Program Files\Webroot\Washer\wwDisp.exe[944] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0166000A
.text C:\Program Files\Webroot\Washer\wwDisp.exe[944] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0167000A
.text C:\WINDOWS\system32\winlogon.exe[964] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0068000A
.text C:\WINDOWS\system32\winlogon.exe[964] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0069000A
.text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0064000A
.text C:\WINDOWS\system32\services.exe[1016] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0065000A
.text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0071000A
.text C:\WINDOWS\system32\lsass.exe[1028] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0075000A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1320] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0094000A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[1320] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0096000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0072000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0073000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0097000A
.text C:\WINDOWS\system32\spoolsv.exe[1788] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0098000A
.text C:\Program Files\internet explorer\iexplore.exe[1996] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A0000A
.text C:\Program Files\internet explorer\iexplore.exe[1996] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A1000A
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A51777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A516F8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A5173C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A51684 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516BE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1996] WININET.dll!HttpAddRequestHeadersA 7805FB35 5 Bytes JMP 00DE000A
.text C:\Program Files\internet explorer\iexplore.exe[1996] WININET.dll!HttpAddRequestHeadersW 780CD015 5 Bytes JMP 00E6000A
.text C:\Program Files\internet explorer\iexplore.exe[1996] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00E7F9F0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\internet explorer\iexplore.exe[1996] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E80A60 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\internet explorer\iexplore.exe[1996] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00E808A0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\internet explorer\iexplore.exe[1996] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E80780 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\internet explorer\iexplore.exe[1996] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00E7FDA0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\Program Files\internet explorer\iexplore.exe[1996] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E7FFD0 \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2276] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0081000A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2276] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0085000A
.text C:\WINDOWS\System32\alg.exe[2712] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0075000A
.text C:\WINDOWS\System32\alg.exe[2712] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0077000A
.text C:\data\s4zrwz0f.exe[3548] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 009E000A
.text C:\data\s4zrwz0f.exe[3548] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 009F000A
.text C:\WINDOWS\system32\wuauclt.exe[3596] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 006F000A
.text C:\WINDOWS\system32\wuauclt.exe[3596] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 0070000A
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
IAT C:\Program Files\Webroot\Washer\wwDisp.exe[944] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0042C8AC] C:\Program Files\Webroot\Washer\wwDisp.exe (Window Washer hard disk cleaning utility/Webroot Software)
---- Devices - GMER 1.0.15 ----
Device \Driver\BTHUSB \Device\00000071 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000071 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000073 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000073 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\Iexplore.exe [320] 0x00E70000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1204] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1256] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1404] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1476] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1540] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1576] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1656] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\Program Files\internet explorer\iexplore.exe [1996] 0x00E70000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [2044] 0x00A00000
Library \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [3372] 0x00A00000
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\UACqwhkltoqooblxfu.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00125a0fa624
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACqwhkltoqooblxfu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACqwhkltoqooblxfu.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwnvdpqxmkiicpqe.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACtxvkbtkcpalkmtb.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACeplrsrmbjitexym.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACexmyxiqrbwemhxn.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACgwvjbpigbccxoii.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACdojvraipjewodaf.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACwhfertvxtbopobv.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACwsrugbwbfwgdyos.log
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00125a0fa624
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACqwhkltoqooblxfu.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACqwhkltoqooblxfu.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwnvdpqxmkiicpqe.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACtxvkbtkcpalkmtb.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACeplrsrmbjitexym.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACexmyxiqrbwemhxn.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACgwvjbpigbccxoii.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACwmltqsttvdjdfyy.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACdojvraipjewodaf.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACwhfertvxtbopobv.log
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACwsrugbwbfwgdyos.log
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Bobbe\Local Settings\temp\UAC3a1d.tmp 343040 bytes executable
File C:\Documents and Settings\Bobbe\Local Settings\Temporary Internet Files\Content.IE5\XRBRQ4UP\uacjjqpwwccciiiwvcuum.akc 56 bytes
File C:\WINDOWS\system32\drivers\UACqwhkltoqooblxfu.sys 52224 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\UACdojvraipjewodaf.log 2550 bytes
File C:\WINDOWS\system32\UACeplrsrmbjitexym.dll 19968 bytes executable
File C:\WINDOWS\system32\UACexmyxiqrbwemhxn.dll 17408 bytes executable
File C:\WINDOWS\system32\UACgwvjbpigbccxoii.dll 19968 bytes executable
File C:\WINDOWS\system32\uacinit.dll 5584 bytes
File C:\WINDOWS\system32\UACtxvkbtkcpalkmtb.dat 224 bytes
File C:\WINDOWS\system32\UACwmltqsttvdjdfyy.dll 66560 bytes
File C:\WINDOWS\system32\UACwnvdpqxmkiicpqe.dll 24064 bytes executable
---- EOF - GMER 1.0.15 ----
#4
Posted 22 May 2009 - 03:56 PM
can I please get some help on this?
#5
Posted 22 May 2009 - 04:26 PM
Sorry I wasn't notified of your reply.
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.
Link 1
Link 2
Link 3
--------------------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
When finished, it will produce a report for you.
[Please post the C:\ComboFix.txt
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.
Link 1
Link 2
Link 3
--------------------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
When finished, it will produce a report for you.
[Please post the C:\ComboFix.txt
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users