Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Facebook redirecting to http://sony07.t35.com/07.php

Started by f0xy , Jan 05 2010 01:58 PM

  • Please log in to reply

#1
f0xy
Posted 05 January 2010 - 01:58 PM

f0xy

    Member

  • Member
  • PipPip
  • 72 posts
Anyone able to help?

OTL logfile created on: 05/01/2010 19:46:16 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = D:\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31.91 Gb Total Space | 13.03 Gb Free Space | 40.83% Space Free | Partition Type: NTFS
Drive D: | 200.88 Gb Total Space | 119.34 Gb Free Space | 59.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RYAN-PC
Current User Name: Ryan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/05 19:41:28 | 00,513,536 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2009/12/30 14:55:18 | 00,235,344 | ---- | M] (Malwarebytes Corporation) -- D:\Programs\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2009/12/17 16:11:44 | 00,908,248 | ---- | M] (Mozilla Corporation) -- D:\Programs\Mozilla Firefox\firefox.exe
PRC - [2009/12/01 13:55:10 | 00,389,120 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2009/12/01 13:55:10 | 00,066,560 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009/11/24 23:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 23:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 23:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 23:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 23:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/10/30 11:57:08 | 00,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/10/30 11:57:00 | 00,229,936 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLiteShellHlp.exe
PRC - [2009/09/15 10:17:16 | 00,061,760 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\ASTSRV.EXE
PRC - [2009/08/28 15:42:10 | 01,109,000 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/08/18 02:36:36 | 00,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/08/18 02:36:08 | 00,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/08/03 05:49:47 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/14 01:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/06/04 16:01:08 | 00,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/04/08 15:37:12 | 04,319,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\OSPPSVC.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/05 19:41:28 | 00,513,536 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
MOD - [2009/07/14 01:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/14 01:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/14 01:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/14 01:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/14 01:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/14 01:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/14 01:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/14 01:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/14 01:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/14 01:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/14 01:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/30 14:55:18 | 00,235,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Programs\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/12/05 00:05:06 | 00,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/12/01 13:55:10 | 00,066,560 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2009/11/24 23:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 23:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 23:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 23:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/09/15 10:17:16 | 00,061,760 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\ASTSRV.EXE -- (astcc)
SRV - [2009/08/18 02:36:08 | 00,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/14 01:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/14 01:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/14 01:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/14 01:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/14 01:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/14 01:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 01:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/14 01:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/14 01:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/14 01:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/14 01:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 01:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/14 01:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/14 01:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/14 01:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/14 01:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/14 01:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/14 01:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/14 01:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/04 16:01:08 | 00,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/04/25 18:18:48 | 33,480,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/04/08 15:37:12 | 04,319,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/04/08 15:31:36 | 00,163,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 16 AD 32 F2 3D 8E CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c9626}:1.6


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: D:\Programs\Mozilla Firefox\components [2009/12/17 16:11:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: D:\Programs\Mozilla Firefox\plugins [2009/12/17 16:11:45 | 00,000,000 | ---D | M]

[2009/12/04 23:32:34 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions
[2010/01/04 22:06:01 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\m6bwfsls.default\extensions
[2009/12/13 03:21:02 | 00,000,000 | ---D | M] (ANTHEM) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\m6bwfsls.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
[2009/12/13 03:19:12 | 00,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\m6bwfsls.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/17 23:02:21 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\m6bwfsls.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/03 13:57:09 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\m6bwfsls.default\extensions\[email protected]
[2009/12/28 11:58:32 | 00,002,055 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\m6bwfsls.default\searchplugins\daemon-search.xml

O1 HOSTS File: (789 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 79.106.2.131 localhost
O1 - Hosts: 79.106.2.131 facebook.com
O1 - Hosts: 79.106.2.131 www.facebook.com
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] D:\Programs\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: S&end to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Linked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{8ecea4d1-f3a8-11de-b834-00a0d1a571dc}\Shell - "" = AutoRun
O33 - MountPoints2\{8ecea4d1-f3a8-11de-b834-00a0d1a571dc}\Shell\AutoRun\command - "" = F:\RunGame.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/14 02:37:08 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[2010/01/05 14:08:08 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\Z-Bot Alpha v5.3
[2009/12/31 17:02:18 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\DECAFv200
[2009/12/31 16:23:57 | 00,000,000 | ---D | C] -- C:\Users\Ryan\Desktop\BIOS_ACER_v1.14_WIN_AS6920
[2009/12/31 11:59:07 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\ImgBurn
[2009/12/31 11:39:43 | 00,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2009/12/28 12:15:35 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\NFS Underground 2
[2009/12/28 11:58:32 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2009/12/27 01:47:24 | 00,000,000 | ---D | C] -- D:\Documents\VirtualDJ
[2009/12/27 01:47:24 | 00,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2009/12/24 23:01:42 | 00,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2009/12/23 17:35:27 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/12/23 16:18:23 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\temp
[2009/12/23 11:41:41 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Connectify
[2009/12/22 23:18:21 | 00,000,000 | ---D | C] -- C:\Program Files\Connectify
[2009/12/22 21:24:31 | 00,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\URSoft

========== Files - Modified Within 14 Days ==========

[2010/01/05 19:44:57 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/05 19:44:50 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/05 19:44:46 | 24,146,82112 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/05 19:43:34 | 01,835,008 | -HS- | M] () -- C:\Users\Ryan\ntuser.dat
[2010/01/05 14:14:27 | 00,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/05 14:14:27 | 00,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/05 13:54:21 | 02,887,750 | -H-- | M] () -- C:\Users\Ryan\AppData\Local\IconCache.db
[2010/01/05 00:49:47 | 00,001,768 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010/01/03 00:25:32 | 00,717,892 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/03 00:25:32 | 00,622,546 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/03 00:25:32 | 00,108,636 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/28 12:12:13 | 00,000,699 | ---- | M] () -- C:\Users\Public\Desktop\Need for Speed Underground 2.lnk
[2009/12/28 11:58:07 | 00,001,900 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2009/12/28 11:57:50 | 00,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2009/12/27 02:02:45 | 00,109,592 | ---- | M] () -- C:\Users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/27 02:01:57 | 00,409,152 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/25 19:31:03 | 00,524,288 | -HS- | M] () -- C:\Users\Ryan\ntuser.dat{222e5203-f189-11de-9d11-001de0c398af}.TMContainer00000000000000000002.regtrans-ms
[2009/12/25 19:31:03 | 00,524,288 | -HS- | M] () -- C:\Users\Ryan\ntuser.dat{222e5203-f189-11de-9d11-001de0c398af}.TMContainer00000000000000000001.regtrans-ms
[2009/12/25 19:31:03 | 00,065,536 | -HS- | M] () -- C:\Users\Ryan\ntuser.dat{222e5203-f189-11de-9d11-001de0c398af}.TM.blf
[2009/12/23 22:29:06 | 00,000,375 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2009/12/23 17:34:10 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/12/23 11:27:25 | 00,021,584 | ---- | M] () -- C:\Windows\System32\drivers\atapi.tsk

========== Files Created - No Company Name ==========

[2009/12/28 12:12:13 | 00,000,699 | ---- | C] () -- C:\Users\Public\Desktop\Need for Speed Underground 2.lnk
[2009/12/28 11:58:07 | 00,001,900 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
[2009/12/25 19:10:39 | 00,524,288 | -HS- | C] () -- C:\Users\Ryan\ntuser.dat{222e5203-f189-11de-9d11-001de0c398af}.TMContainer00000000000000000002.regtrans-ms
[2009/12/25 19:10:39 | 00,524,288 | -HS- | C] () -- C:\Users\Ryan\ntuser.dat{222e5203-f189-11de-9d11-001de0c398af}.TMContainer00000000000000000001.regtrans-ms
[2009/12/25 19:10:39 | 00,065,536 | -HS- | C] () -- C:\Users\Ryan\ntuser.dat{222e5203-f189-11de-9d11-001de0c398af}.TM.blf
[2009/12/23 11:27:25 | 00,021,584 | ---- | C] () -- C:\Windows\System32\drivers\atapi.tsk
[2009/12/16 20:30:14 | 00,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009/12/13 02:23:34 | 00,335,872 | ---- | C] () -- C:\Windows\System32\m4atag.dll
[2009/12/10 22:49:37 | 00,007,625 | ---- | C] () -- C:\Users\Ryan\AppData\Local\Resmon.ResmonCfg
[2009/12/10 01:59:30 | 00,013,952 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2009/12/08 00:58:21 | 00,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/12/06 12:12:40 | 00,001,768 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2009/07/13 23:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 23:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/17 10:13:30 | 00,508,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll

========== LOP Check ==========

[2009/12/14 00:24:41 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\DAEMON Tools Lite
[2009/12/05 00:22:05 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Downloaded Installations
[2009/12/31 12:22:11 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\ImgBurn
[2009/12/16 20:30:59 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\MAGIX
[2009/12/05 00:33:20 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Nitro PDF
[2009/12/14 00:58:58 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\Sports Interactive
[2009/12/05 00:42:43 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\TuneUp Software
[2009/12/06 19:07:34 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\uniblue
[2009/12/22 21:24:31 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\URSoft
[2010/01/05 18:12:41 | 00,000,000 | ---D | M] -- C:\Users\Ryan\AppData\Roaming\uTorrent
[2009/07/14 04:53:46 | 00,022,932 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/14 01:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009/07/14 01:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 01:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 01:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 01:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/14 01:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 01:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 01:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 01:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009/07/14 01:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 01:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/14 01:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/14 01:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 01:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 01:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/07/14 01:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/14 01:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/14 01:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/14 01:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 01:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 01:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/07/14 01:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/14 01:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 01:15:13 | 00,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/14 01:15:13 | 00,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >



OTL Extras logfile created on: 05/01/2010 19:46:16 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = D:\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31.91 Gb Total Space | 13.03 Gb Free Space | 40.83% Space Free | Partition Type: NTFS
Drive D: | 200.88 Gb Total Space | 119.34 Gb Free Space | 59.41% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RYAN-PC
Current User Name: Ryan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programs\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Open with mp3Tag] -- "D:\Programs\mp3Tag 5\mp3tag.exe" "%0" (ManiacTools)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C7BCCCA-F9F3-82A6-FE6A-1160F7E14745}" = CCC Help Italian
"{0D707A04-9C3B-D735-1169-2C36A02EC1FD}" = Catalyst Control Center Core Implementation
"{0E0AA7EF-A847-3C08-ABF9-EDA7936DAFC5}" = Catalyst Control Center Graphics Full New
"{10140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 14
"{10140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 14
"{10140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 14
"{10140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 14
"{10140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 14
"{10140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 14
"{10140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 14
"{10140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 14
"{10140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 14
"{10140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 14
"{10140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 14
"{10140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 14
"{10140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 14
"{10140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 14
"{10140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 14
"{10140000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 14
"{10140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 14
"{228B5714-9E6F-B9AE-6B6D-E8FF31C2A6D0}" = CCC Help German
"{25D90A06-E086-614F-203C-9ADB3A83709C}" = CCC Help French
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{28843119-6179-4E87-9274-B53F90BFDF8C}" = PowerArchiver 2010
"{2CDC3BD6-CA3D-F3FE-9700-FCBDB7CFA4C0}" = ccc-core-static
"{36281CC3-FA8D-3008-4D50-53F7DF2DD9FB}" = ccc-utility
"{3A6631D2-7523-5046-ACF3-EC6FAD28FBA5}" = CCC Help Portuguese
"{3E0D4FC1-AF9E-BB44-2E17-872B462646FF}" = ATI Catalyst Install Manager
"{40DE7141-333D-8D31-97FF-5C0ED5F3B552}" = CCC Help Polish
"{4E7101FC-D19E-717B-F5F1-05DFAE4DC7CE}" = CCC Help Dutch
"{668B9FC5-9FA8-5C47-4AB5-E59D6D6E2123}" = CCC Help Greek
"{6A154072-2009-7396-1B4F-1BBBEADD4895}" = CCC Help Swedish
"{6E0D5213-BD75-A091-4162-C6311745C23B}" = Catalyst Control Center Graphics Previews Common
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{84194016-CDFE-FD7D-017E-6FDDDEBF9888}" = CCC Help Danish
"{844BD550-45F4-AD73-412F-CF40CFAFA5E9}" = Catalyst Control Center InstallProxy
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{942FB97A-B829-0371-5C91-74DAEAFF6900}" = CCC Help Turkish
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A9841591-47F4-7E49-0F1E-7E2ED014E248}" = CCC Help English
"{AB82ED30-1B6F-8B9A-2835-E4141A88BB6F}" = CCC Help Norwegian
"{B3D12C7E-6E25-D407-074D-931D66023EAE}" = CCC Help Czech
"{B8ED984C-54AF-5705-EF5C-2739262F113F}" = CCC Help Japanese
"{C121C592-D8AB-8F29-309B-EA85483D6C51}" = CCC Help Chinese Standard
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D028B96F-8C9F-63DA-83EB-0F00D87700DA}" = CCC Help Finnish
"{D311066E-6530-CEA2-7BCF-A665416AF11C}" = CCC Help Thai
"{D7B31233-EE2B-4911-AA3F-2A8C28843D3B}" = SkyPlayer for Windows Media Center
"{D8E0E80A-E5CA-9F64-2E46-CE694830507B}" = Catalyst Control Center Localization All
"{DC24D41C-022A-29DC-E4D4-F9C871F76DD4}" = CCC Help Russian
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{E0631725-6F53-0BFB-5C02-CA8DEF14C7B2}" = Catalyst Control Center Graphics Full Existing
"{E5470B21-CA46-8BDD-247F-8717536DCFEB}" = CCC Help Chinese Traditional
"{EB47C52F-CE56-1066-5FB4-0B7663410A7C}" = Catalyst Control Center HydraVision Full
"{EFC47A05-3212-F334-EDA5-C5D2907419FE}" = CCC Help Hungarian
"{F09DA254-8879-1E7F-C14D-FFE8626F804B}" = Catalyst Control Center Graphics Previews Vista
"{F404F36C-8FEF-5EA8-6D92-8B64F186D2C0}" = CCC Help Korean
"{FBFBDF43-D184-2AC4-A566-3DDF155979D3}" = CCC Help Spanish
"{FE8F944C-5209-8EEB-604D-0BAB9B2A4540}" = Catalyst Control Center Graphics Light
"A310 DeviceStage" = A310 DeviceStage 1.0.0.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"CCleaner" = CCleaner
"Collectorz.com Movie Collector" = Collectorz.com Movie Collector
"Connectify" = Connectify
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Fraps" = Fraps (remove only)
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"mp3Tag Update trial to full_is1" = mp3Tag 5.9.0.406
"mp3Tag_is1" = mp3Tag 5.9
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010 (Technical Preview)
"RocketDock_is1" = RocketDock 1.3.5
"Sandboxie" = Sandboxie 3.42
"uTorrent" = µTorrent
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"World of Warcraft" = World of Warcraft
"YU2010_is1" = Your Uninstaller! 2010

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/12/2009 15:06:01 | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: winlogon.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc51c Faulting module name: UxTheme.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdb38 Exception code: 0xc0000005 Fault offset: 0x0001b357 Faulting
process id: 0xf60 Faulting application start time: 0x01ca85953ffa67ac Faulting application
path: C:\Windows\system32\winlogon.exe Faulting module path: C:\Windows\system32\UxTheme.dll
Report
Id: 8a34743e-f188-11de-a2c1-00a0d1a571dc

Error - 25/12/2009 15:06:10 | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: winlogon.exe, version: 6.1.7600.16385,
time stamp: 0x4a5bc51c Faulting module name: UxTheme.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdb38 Exception code: 0xc0000005 Fault offset: 0x0001b357 Faulting
process id: 0x4f0 Faulting application start time: 0x01ca85954d0d366d Faulting application
path: C:\Windows\system32\winlogon.exe Faulting module path: C:\Windows\system32\UxTheme.dll
Report
Id: 8f671577-f188-11de-a2c1-00a0d1a571dc

Error - 26/12/2009 16:11:48 | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: explorer.exe, version: 6.1.7600.20500,
time stamp: 0x4a765069 Faulting module name: ntdll.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0002fc47 Faulting
process id: 0x240c Faulting application start time: 0x01ca8667847a86ed Faulting application
path: C:\Windows\explorer.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: e513a33b-f25a-11de-b44e-00a0d1a571dc

Error - 28/12/2009 07:57:37 | Computer Name = Ryan-PC | Source = VSS | ID = 8194
Description =

Error - 28/12/2009 16:00:33 | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vmware-workstation-full-7.0.0-203739.exe,
version: 6.0.3790.0, time stamp: 0x3e800062 Faulting module name: AcGenral.DLL,
version: 6.1.7600.16385, time stamp: 0x4a5bd97a Exception code: 0xc00000fd Fault offset:
0x000222f8 Faulting process id: 0x1794 Faulting application start time: 0x01ca87f8607e3e2e
Faulting
application path: D:\Downloads\apps\VMware.Workstation.v7.0.0.203739.Incl.Keymaker-EMBRACE\vmware-workstation-full-7.0.0-203739.exe
Faulting
module path: C:\Windows\AppPatch\AcGenral.DLL Report Id: a7be9268-f3eb-11de-b834-00a0d1a571dc

Error - 28/12/2009 16:01:37 | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vmware-workstation-full-7.0.0-203739.exe,
version: 6.0.3790.0, time stamp: 0x3e800062 Faulting module name: AcGenral.DLL,
version: 6.1.7600.16385, time stamp: 0x4a5bd97a Exception code: 0xc00000fd Fault offset:
0x000222f8 Faulting process id: 0xd1c Faulting application start time: 0x01ca87f88ecee463
Faulting
application path: D:\Downloads\apps\VMware.Workstation.v7.0.0.203739.Incl.Keymaker-EMBRACE\vmware-workstation-full-7.0.0-203739.exe
Faulting
module path: C:\Windows\AppPatch\AcGenral.DLL Report Id: cdff6f8f-f3eb-11de-b834-00a0d1a571dc

Error - 28/12/2009 16:16:23 | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vmware-workstation-full-7.0.0-203739.exe,
version: 6.0.3790.0, time stamp: 0x3e800062 Faulting module name: AcGenral.DLL,
version: 6.1.7600.16385, time stamp: 0x4a5bd97a Exception code: 0xc00000fd Fault offset:
0x000222f8 Faulting process id: 0xe24 Faulting application start time: 0x01ca87fa9e67c3fe
Faulting
application path: D:\Downloads\apps\VMware.Workstation.v7.0.0.203739.Incl.Keymaker-EMBRACE\vmware-workstation-full-7.0.0-203739.exe
Faulting
module path: C:\Windows\AppPatch\AcGenral.DLL Report Id: ddeb9f54-f3ed-11de-b834-00a0d1a571dc

Error - 28/12/2009 16:17:10 | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vmware-workstation-full-7.0.0-203739.exe,
version: 6.0.3790.0, time stamp: 0x3e800062 Faulting module name: AcGenral.DLL,
version: 6.1.7600.16385, time stamp: 0x4a5bd97a Exception code: 0xc00000fd Fault offset:
0x000222f0 Faulting process id: 0x5fc Faulting application start time: 0x01ca87fabb02811f
Faulting
application path: D:\Downloads\apps\VMware.Workstation.v7.0.0.203739.Incl.Keymaker-EMBRACE\vmware-workstation-full-7.0.0-203739.exe
Faulting
module path: C:\Windows\AppPatch\AcGenral.DLL Report Id: f9e6e044-f3ed-11de-b834-00a0d1a571dc

Error - 31/12/2009 18:10:49 | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: vmware-workstation-full-7.0.0-203739.exe,
version: 6.0.3790.0, time stamp: 0x3e800062 Faulting module name: AcGenral.DLL,
version: 6.1.7600.16385, time stamp: 0x4a5bd97a Exception code: 0xc00000fd Fault offset:
0x000222f0 Faulting process id: 0x14cc Faulting application start time: 0x01ca8a6612c9fcc9
Faulting
application path: D:\Downloads\apps\VMware.Workstation.v7.0.0.203739.Incl.Keymaker-EMBRACE\vmware-workstation-full-7.0.0-203739.exe
Faulting
module path: C:\Windows\AppPatch\AcGenral.DLL Report Id: 59bbc39b-f659-11de-b205-00a0d1a571dc

Error - 03/01/2010 22:12:10 | Computer Name = Ryan-PC | Source = Microsoft Office 14 | ID = 2001
Description = Microsoft Office Outlook: Rejected Safe Mode action : Outlook failed
to start correctly last time. Starting Outlook in safe mode will help you correct
or isolate a startup problem in order to successfully start the program. Some
functionality may be disabled in this mode. Do you want to start Outlook in safe
mode?.

[ System Events ]
Error - 05/01/2010 15:07:12 | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7034
Description = The Office Software Protection Platform service terminated unexpectedly.
It has done this 1 time(s).

Error - 05/01/2010 15:07:16 | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 05/01/2010 15:07:21 | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 05/01/2010 15:07:29 | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7034
Description = The AST Service service terminated unexpectedly. It has done this
1 time(s).

Error - 05/01/2010 15:07:33 | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7034
Description = The AMD External Events Utility service terminated unexpectedly.
It has done this 1 time(s).

Error - 05/01/2010 15:09:16 | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 30000 milliseconds:
Restart the service.

Error - 05/01/2010 15:09:19 | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 05/01/2010 15:32:52 | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7034
Description = The Windows Search service terminated unexpectedly. It has done this
3 time(s).

Error - 05/01/2010 15:44:51 | Computer Name = Ryan-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 05/01/2010 15:44:51 | Computer Name = Ryan-PC | Source = atikmdag | ID = 43029
Description = Display is not active


< End of report >






GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-05 19:58:21
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Ryan\AppData\Local\Temp\kxldrpog.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E41AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E41104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E413F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2A2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E29898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E411DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E41958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E416F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E41F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E421A8

Code 88BF5B0C ZwTraceEvent
Code 88BF5B0B NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!NtTraceEvent 82A49E34 5 Bytes JMP 88BF5B10
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A5A579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A7EF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 2 82C8C0A5 5 Bytes JMP 88BF5CF0
PAGE ntkrnlpa.exe!NtRequestWaitReplyPort + 2 82C8DACD 5 Bytes JMP 88BF5C50
PAGE ntkrnlpa.exe!NtRequestPort + 2 82CA1D33 5 Bytes JMP 88BF5BB0
? System32\Drivers\spsg.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90804000, 0x2D5378, 0xE8000020]
.text USBPORT.SYS!DllUnload 90EBECA0 5 Bytes JMP 862D81D8
.text amtpyrxo.SYS 960B7000 12 Bytes [44, C8, E2, 82, EE, C6, E2, ...]
.text amtpyrxo.SYS 960B700D 9 Bytes [A7, E2, 82, 48, CB, E2, 82, ...] {CMPSD ; LOOP 0xffffffffffffff85; DEC EAX; RETF ; LOOP 0xffffffffffffff89; ADD [EAX], AL}
.text amtpyrxo.SYS 960B7017 170 Bytes [00, DE, A7, F9, 8A, E6, A5, ...]
.text amtpyrxo.SYS 960B70C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text amtpyrxo.SYS 960B70CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text win32k.sys!XFORMOBJ_iGetXform + 331A 979B4C57 5 Bytes JMP 88BF5610
.text win32k.sys!PATHOBJ_bEnum + 7A2F 979D782E 5 Bytes JMP 88BF56B0
.text win32k.sys!PATHOBJ_bEnum + 8714 979D8513 5 Bytes JMP 88BF5890
.text win32k.sys!EngCreateSemaphore + CB9F 979F638F 5 Bytes JMP 88BF5930
.text win32k.sys!EngCreateSemaphore + CEDB 979F66CB 5 Bytes JMP 88BF5570
.text win32k.sys!EngCopyBits + 1F22 979F89B4 5 Bytes JMP 88BF54D0
.text win32k.sys!EngBitBlt + 23D2 97A0179D 5 Bytes JMP 88BF5430
.text win32k.sys!EngLpkInstalled + 6119 97A17842 5 Bytes JMP 88BF59D0
.text win32k.sys!PATHOBJ_vGetBounds + EB7 97A95C81 5 Bytes JMP 88BF57F0
.text win32k.sys!EngCTGetCurrentGamma + 1C7A 97A99C9C 5 Bytes JMP 88BF5750
.text win32k.sys!CLIPOBJ_cEnumStart + 6CE0 97AA55A5 5 Bytes JMP 88BF5A70
.text peauth.sys 9C814C9D 28 Bytes [D5, 0D, 64, D6, EC, CD, 3F, ...]
.text peauth.sys 9C814CC1 28 Bytes [D5, 0D, 64, D6, EC, CD, 3F, ...]
PAGE peauth.sys 9C81AB9B 21 Bytes [C9, AD, F5, 47, D2, 67, 96, ...]
PAGE peauth.sys 9C81ABBB 40 Bytes [F1, DD, 15, C3, 8A, C6, 04, ...]
PAGE peauth.sys 9C81ABEC 111 Bytes [19, 40, 3C, 21, 43, 08, 15, ...]
PAGE ...

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8AE9E042] \SystemRoot\System32\Drivers\spsg.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8AE9E6D6] \SystemRoot\System32\Drivers\spsg.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8AE9E800] \SystemRoot\System32\Drivers\spsg.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8AE9E13E] \SystemRoot\System32\Drivers\spsg.sys
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\amtpyrxo.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\rundll32.exe[2756] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [754B5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2756] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [754B5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2756] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [754B5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2756] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [754B5D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8517F1F8
Device \Driver\volmgr \Device\VolMgrControl 8517A1F8
Device \Driver\usbuhci \Device\USBPDO-0 863191F8
Device \Driver\usbuhci \Device\USBPDO-1 863191F8
Device \Driver\usbehci \Device\USBPDO-2 862A8500
Device \Driver\usbuhci \Device\USBPDO-3 863191F8
Device \Driver\usbuhci \Device\USBPDO-4 863191F8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-5 863191F8
Device \Driver\usbehci \Device\USBPDO-6 862A8500
Device \Driver\volmgr \Device\HarddiskVolume1 8517A1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 8517A1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{5F3C02C5-ACD0-47D5-BBAE-3D2187537F7E} 8623C1F8
Device \Driver\cdrom \Device\CdRom0 861541F8
Device \Driver\volmgr \Device\HarddiskVolume3 8517A1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 861541F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8517C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 8517C1F8
Device \Driver\atapi \Device\Ide\IdePort0 8517C1F8
Device \Driver\atapi \Device\Ide\IdePort1 8517C1F8
Device \Driver\atapi \Device\Ide\IdePort2 8517C1F8
Device \Driver\atapi \Device\Ide\IdePort3 8517C1F8
Device \Driver\atapi \Device\Ide\IdePort4 8517C1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 8517D1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel1 8517D1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 8517D1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8623C1F8
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\PCI_PNP3759 \Device\0000005b spsg.sys
Device \Driver\sptd \Device\2215359761 spsg.sys

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBFDO-0 863191F8
Device \Driver\usbuhci \Device\USBFDO-1 863191F8
Device \Driver\usbehci \Device\USBFDO-2 862A8500
Device \Driver\usbuhci \Device\USBFDO-3 863191F8
Device \Driver\usbuhci \Device\USBFDO-4 863191F8
Device \Driver\usbuhci \Device\USBFDO-5 863191F8
Device \Driver\usbehci \Device\USBFDO-6 862A8500
Device \Driver\NetBT \Device\NetBT_Tcpip_{6EAFB182-C9B9-4057-BCBC-E3A92C3750F5} 8623C1F8
Device \Driver\amtpyrxo \Device\Scsi\amtpyrxo1 862A2500
Device \Driver\amtpyrxo \Device\Scsi\amtpyrxo1Port5Path0Target1Lun0 862A2500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1fcf4b8
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1fcf4b8@60d0a9bfbc45 0xA5 0xCC 0x74 0x49 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001fe1fcf4b8@002109d6b610 0x74 0x73 0x52 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6C 0x28 0xEF 0x8A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF9 0xDB 0xB5 0x78 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x47 0xE9 0x3F 0x21 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xED 0x14 0x99 0xE9 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1fcf4b8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1fcf4b8@60d0a9bfbc45 0xA5 0xCC 0x74 0x49 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001fe1fcf4b8@002109d6b610 0x74 0x73 0x52 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6C 0x28 0xEF 0x8A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF9 0xDB 0xB5 0x78 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x47 0xE9 0x3F 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xED 0x14 0x99 0xE9 ...

---- EOF - GMER 1.0.15 ----
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP