Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

C:\winnt\system32\svchost.exe problems

Started by Barkat , Jul 04 2010 08:56 AM

  • Please log in to reply

#1
Barkat
Posted 04 July 2010 - 08:56 AM

Barkat

    New Member

  • Member
  • Pip
  • 9 posts
Hi everybody. First time here so go easy on me. I was on the pc last night and the sound went dead. No sound at all from anything, music, videos, youtube, anything. So the first thing I did ws try the ole restart fix. It didnt fix anything. And when it got restarted, there was two black boxes that said C:\winnt\system32\svchost.exe at the top of them. Just black boxes with a blinking cursor in them. and still have no sound. Then I started getting worried. I ran the already installed AntiVir and Malwarebytes' Anti-Malware neither one found anything. So now Im getting even more worried. Dont know what to do first or where to go. Any ideas? I also just found out that my msconfig wont work.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4281

Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106

7/6/2010 11:19:07 AM
mbam-log-2010-07-06 (11-19-07).txt

Scan type: Quick scan
Objects scanned: 145132
Time elapsed: 11 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Avira AntiVir Personal
Report file date: Tuesday, July 06, 2010 11:26

Scanning for 2287529 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 2000
Windows version : (Service Pack 4) [5.0.2195]
Boot mode : Normally booted
Username : SYSTEM
Computer name : BARKAT

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/19/2010 15:01:34
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/19/2010 15:01:34
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:50
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 19:59:12
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 19:59:12
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:09:46
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:09:48
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 23:31:40
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 23:07:06
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 11:00:46
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 11:00:46
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 11:00:46
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 11:00:46
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 11:00:46
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 11:00:46
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 11:00:46
VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 15:24:42
VBASE014.VDF : 7.10.8.69 138752 Bytes 6/14/2010 23:55:30
VBASE015.VDF : 7.10.8.102 130560 Bytes 6/16/2010 23:53:40
VBASE016.VDF : 7.10.8.135 152064 Bytes 6/21/2010 21:39:50
VBASE017.VDF : 7.10.8.163 432128 Bytes 6/23/2010 21:52:04
VBASE018.VDF : 7.10.8.194 133632 Bytes 6/27/2010 18:46:02
VBASE019.VDF : 7.10.8.220 134656 Bytes 6/29/2010 18:41:52
VBASE020.VDF : 7.10.8.221 2048 Bytes 6/29/2010 18:41:52
VBASE021.VDF : 7.10.8.222 2048 Bytes 6/29/2010 18:41:52
VBASE022.VDF : 7.10.8.223 2048 Bytes 6/29/2010 18:41:52
VBASE023.VDF : 7.10.8.224 2048 Bytes 6/29/2010 18:41:52
VBASE024.VDF : 7.10.8.225 2048 Bytes 6/29/2010 18:41:52
VBASE025.VDF : 7.10.8.226 2048 Bytes 6/29/2010 18:41:54
VBASE026.VDF : 7.10.8.227 2048 Bytes 6/29/2010 18:41:54
VBASE027.VDF : 7.10.8.228 2048 Bytes 6/29/2010 18:41:54
VBASE028.VDF : 7.10.8.229 2048 Bytes 6/29/2010 18:41:54
VBASE029.VDF : 7.10.8.230 2048 Bytes 6/29/2010 18:41:54
VBASE030.VDF : 7.10.8.231 2048 Bytes 6/29/2010 18:41:54
VBASE031.VDF : 7.10.8.247 115712 Bytes 7/2/2010 18:41:56
Engineversion : 8.2.4.2
AEVDF.DLL : 8.1.2.0 106868 Bytes 4/26/2010 18:20:50
AESCRIPT.DLL : 8.1.3.33 1356155 Bytes 6/23/2010 21:52:20
AESCN.DLL : 8.1.6.1 127347 Bytes 5/13/2010 19:16:08
AESBX.DLL : 8.1.3.1 254324 Bytes 4/26/2010 18:20:52
AERDL.DLL : 8.1.4.6 541043 Bytes 4/16/2010 23:07:20
AEPACK.DLL : 8.2.2.5 430453 Bytes 6/23/2010 21:52:18
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 5/13/2010 19:16:08
AEHEUR.DLL : 8.1.1.38 2724214 Bytes 6/23/2010 21:52:16
AEHELP.DLL : 8.1.11.6 242038 Bytes 6/23/2010 21:52:10
AEGEN.DLL : 8.1.3.12 377204 Bytes 6/23/2010 21:52:08
AEEMU.DLL : 8.1.2.0 393588 Bytes 4/26/2010 18:20:44
AECORE.DLL : 8.1.15.3 192886 Bytes 5/13/2010 19:16:08
AEBB.DLL : 8.1.1.0 53618 Bytes 4/26/2010 18:20:44
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:40
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:36
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:42
AVREG.DLL : 10.0.3.0 53096 Bytes 4/19/2010 15:01:34
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/19/2010 15:01:34
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/19/2010 15:01:34
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:32
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:58:00
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:58
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:02
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:22
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/19/2010 15:01:34

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +SPR,

Start of the scan: Tuesday, July 06, 2010 11:26

Starting search for hidden objects.
Error in ARK library

The scan of running processes will be started
Scan process 'avscan.exe' - '63' Module(s) have been scanned
Scan process 'avcenter.exe' - '86' Module(s) have been scanned
Scan process 'opera.exe' - '88' Module(s) have been scanned
Scan process 'ICWCONN1.EXE' - '37' Module(s) have been scanned
Scan process 'iPodService.exe' - '27' Module(s) have been scanned
Scan process 'SMSystemAnalyzer.exe' - '31' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '31' Module(s) have been scanned
Scan process 'em_exec.exe' - '37' Module(s) have been scanned
Scan process 'McciTrayApp.exe' - '43' Module(s) have been scanned
Scan process 'SystemGuardAlerter.exe' - '26' Module(s) have been scanned
Scan process 'hkcmd.exe' - '41' Module(s) have been scanned
Scan process 'Explorer.EXE' - '91' Module(s) have been scanned
Scan process 'svchost.exe' - '69' Module(s) have been scanned
Scan process 'mspmspsv.exe' - '31' Module(s) have been scanned
Scan process 'WinMgmt.exe' - '24' Module(s) have been scanned
Scan process 'stisvc.exe' - '22' Module(s) have been scanned
Scan process 'MSTask.exe' - '51' Module(s) have been scanned
Scan process 'FWService.exe' - '32' Module(s) have been scanned
Scan process 'McciCMService.exe' - '28' Module(s) have been scanned
Scan process 'jqs.exe' - '30' Module(s) have been scanned
Scan process 'IoloSGCtrl.exe' - '19' Module(s) have been scanned
Scan process 'spoolsv.exe' - '60' Module(s) have been scanned
Scan process 'svchost.exe' - '89' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'lsass.exe' - '61' Module(s) have been scanned
Scan process 'services.exe' - '66' Module(s) have been scanned
Scan process 'winlogon.exe' - '69' Module(s) have been scanned
Scan process 'csrss.exe' - '21' Module(s) have been scanned
Scan process 'smss.exe' - '3' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '2316' files ).


Starting the file scan:

Begin scan in 'C:\'


End of the scan: Tuesday, July 06, 2010 11:53
Used time: 27:30 Minute(s)

The scan has been done completely.

5668 Scanned directories
176088 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
176088 Files not concerned
3063 Archives were scanned
0 Warnings
0 Notes
35318 Objects were scanned with rootkit scan
1 Hidden objects were found


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-03 22:02:03
Windows 5.0.2195 Service Pack 4
Running: gmer.exe; Driver: C:\DOCUME~1\Barry\LOCALS~1\Temp\ugtdqpoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xB7979370]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwConnectPort [0xB7977420]
SSDT 82687AE6 ZwCreateKey
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xB79790A0]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xB7979E70]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xB7979940]
SSDT 82687ADC ZwCreateThread
SSDT 82687AEB ZwDeleteKey
SSDT 82687AF5 ZwDeleteValueKey
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xB7979510]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateKey [0xB796A9B0]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateValueKey [0xB796AA60]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwFlushKey [0xB796AB10]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwInitializeRegistry [0xB796AB90]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xB7976FD0]
SSDT 82687AFA ZwLoadKey
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey2 [0xB796ABB0]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwNotifyChangeKey [0xB796AC80]
SSDT kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ZwOpenFile [0xBFED1030]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenKey [0xB796AD60]
SSDT 82687AC8 ZwOpenProcess
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xB7979CA0]
SSDT 82687ACD ZwOpenThread
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryKey [0xB796AE30]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryMultipleValueKey [0xB796AEE0]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xB797A460]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryValueKey [0xB796AF90]
SSDT 82687B04 ZwReplaceKey
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRequestWaitReplyPort [0xB7977A00]
SSDT 82687AFF ZwRestoreKey
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xB797A760]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSaveKey [0xB796B2D0]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xB797B0A0]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationKey [0xB796B360]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xB7975C20]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSystemInformation [0xB7979B20]
SSDT 82687AF0 ZwSetValueKey
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xB797A710]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xB79772E0]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwTerminateProcess [0xB797A300]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwUnloadKey [0xB796B550]
SSDT \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xB79793D0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IoIsOperationSynchronous 8041E996 7 Bytes JMP B797BA80 \??\C:\WINNT\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
? C:\WINNT\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINNT\system32\winlogon.exe[248] ADVAPI32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\system32\winlogon.exe[248] ADVAPI32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\WINNT\system32\winlogon.exe[248] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\WINNT\system32\winlogon.exe[248] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\WINNT\system32\winlogon.exe[248] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\WINNT\system32\winlogon.exe[248] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\WINNT\system32\winlogon.exe[248] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\WINNT\system32\winlogon.exe[248] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\WINNT\system32\winlogon.exe[248] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
? C:\WINNT\system32\csrss.exe[252] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\WINNT\system32\csrss.exe[252] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\WINNT\system32\csrss.exe[252] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\WINNT\system32\csrss.exe[252] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\WINNT\system32\csrss.exe[252] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\WINNT\system32\csrss.exe[252] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\WINNT\system32\csrss.exe[252] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\WINNT\system32\csrss.exe[252] advapi32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\system32\csrss.exe[252] advapi32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
.text C:\WINNT\system32\services.exe[300] ADVAPI32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\system32\services.exe[300] ADVAPI32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\WINNT\system32\services.exe[300] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\WINNT\system32\services.exe[300] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\WINNT\system32\services.exe[300] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\WINNT\system32\services.exe[300] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\WINNT\system32\services.exe[300] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\WINNT\system32\services.exe[300] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\WINNT\system32\services.exe[300] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
? C:\WINNT\system32\lsass.exe[312] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\WINNT\system32\lsass.exe[312] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\WINNT\system32\lsass.exe[312] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\WINNT\system32\lsass.exe[312] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\WINNT\system32\lsass.exe[312] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\WINNT\system32\lsass.exe[312] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\WINNT\system32\lsass.exe[312] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\WINNT\system32\lsass.exe[312] ADVAPI32.DLL!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\system32\lsass.exe[312] ADVAPI32.DLL!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
.text C:\WINNT\system32\svchost.exe[396] ADVAPI32.DLL!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\system32\svchost.exe[396] ADVAPI32.DLL!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\WINNT\system32\svchost.exe[396] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\WINNT\system32\svchost.exe[396] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
? C:\PROGRA~1\WINZIP\winzip32.exe[428] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\PROGRA~1\WINZIP\winzip32.exe[428] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\WINZIP\winzip32.exe[428] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\WINZIP\winzip32.exe[428] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\WINZIP\winzip32.exe[428] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes CALL 7170003D
.text C:\PROGRA~1\WINZIP\winzip32.exe[428] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\PROGRA~1\WINZIP\winzip32.exe[428] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\PROGRA~1\WINZIP\winzip32.exe[428] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\PROGRA~1\WINZIP\winzip32.exe[428] ADVAPI32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\WINZIP\winzip32.exe[428] ADVAPI32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\PROGRA~1\WINZIP\winzip32.exe[428] C:\WINNT\system32\SHELL32.DLL time/date stamp mismatch; unknown module: COMCTL32.dll
.text C:\WINNT\system32\svchost.exe[496] ADVAPI32.DLL!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\system32\svchost.exe[496] ADVAPI32.DLL!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\WINNT\system32\svchost.exe[496] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\WINNT\system32\svchost.exe[496] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\WINNT\system32\svchost.exe[496] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\WINNT\system32\svchost.exe[496] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\WINNT\system32\svchost.exe[496] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\WINNT\system32\svchost.exe[496] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\WINNT\system32\svchost.exe[496] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\WINNT\system32\svchost.exe[520] ADVAPI32.DLL!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\system32\svchost.exe[520] ADVAPI32.DLL!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\WINNT\system32\svchost.exe[520] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\WINNT\system32\svchost.exe[520] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\WINNT\system32\svchost.exe[520] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\WINNT\system32\svchost.exe[520] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\WINNT\system32\svchost.exe[520] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\WINNT\system32\svchost.exe[520] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\WINNT\system32\svchost.exe[520] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\WINNT\System32\svchost.exe[568] ADVAPI32.DLL!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\System32\svchost.exe[568] ADVAPI32.DLL!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\WINNT\System32\svchost.exe[568] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\WINNT\System32\svchost.exe[568] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\WINNT\System32\svchost.exe[568] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\WINNT\System32\svchost.exe[568] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\WINNT\System32\svchost.exe[568] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\WINNT\System32\svchost.exe[568] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\WINNT\System32\svchost.exe[568] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
? C:\WINNT\system32\spoolsv.exe[620] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\WINNT\system32\spoolsv.exe[620] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\WINNT\system32\spoolsv.exe[620] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\WINNT\system32\spoolsv.exe[620] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\WINNT\system32\spoolsv.exe[620] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\WINNT\system32\spoolsv.exe[620] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\WINNT\system32\spoolsv.exe[620] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\WINNT\system32\spoolsv.exe[620] ADVAPI32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\system32\spoolsv.exe[620] ADVAPI32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\Program Files\Avira\AntiVir Desktop\sched.exe[644] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
? C:\Program Files\Avira\AntiVir Desktop\avguard.exe[656] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[656] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[656] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[656] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[656] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[656] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[656] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[656] ADVAPI32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[656] ADVAPI32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe[712] C:\WINNT\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe[712] kernel32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe[712] kernel32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe[712] kernel32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe[712] kernel32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe[712] kernel32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe[712] kernel32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe[712] advapi32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe[712] advapi32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\Program Files\Java\jre6\bin\jqs.exe[752] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\Program Files\Java\jre6\bin\jqs.exe[752] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[752] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[752] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[752] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[752] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[752] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[752] ADVAPI32.DLL!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[752] ADVAPI32.DLL!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\Program Files\Common Files\Motive\McciCMService.exe[768] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\Program Files\Common Files\Motive\McciCMService.exe[768] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Motive\McciCMService.exe[768] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Motive\McciCMService.exe[768] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Motive\McciCMService.exe[768] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes CALL 7170003D
.text C:\Program Files\Common Files\Motive\McciCMService.exe[768] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Motive\McciCMService.exe[768] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Motive\McciCMService.exe[768] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Motive\McciCMService.exe[768] ADVAPI32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Motive\McciCMService.exe[768] ADVAPI32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[876] ADVAPI32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[876] ADVAPI32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\Program Files\PC Tools Firewall Plus\FWService.exe[876] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[876] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[876] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[876] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[876] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes CALL 7170003D
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[876] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[876] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[876] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
? C:\WINNT\system32\MSTask.exe[932] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\WINNT\system32\MSTask.exe[932] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\WINNT\system32\MSTask.exe[932] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\WINNT\system32\MSTask.exe[932] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\WINNT\system32\MSTask.exe[932] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes CALL 7170003D
.text C:\WINNT\system32\MSTask.exe[932] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\WINNT\system32\MSTask.exe[932] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\WINNT\system32\MSTask.exe[932] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\WINNT\system32\MSTask.exe[932] ADVAPI32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\system32\MSTask.exe[932] ADVAPI32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\WINNT\system32\stisvc.exe[964] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\WINNT\system32\stisvc.exe[964] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\WINNT\system32\stisvc.exe[964] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\WINNT\system32\stisvc.exe[964] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\WINNT\system32\stisvc.exe[964] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes CALL 7170003D
.text C:\WINNT\system32\stisvc.exe[964] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\WINNT\system32\stisvc.exe[964] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\WINNT\system32\stisvc.exe[964] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\WINNT\system32\stisvc.exe[964] ADVAPI32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\system32\stisvc.exe[964] ADVAPI32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\unzipped\gmer\gmer.exe[968] C:\WINNT\system32\KERNEL32.DLL time/date stamp mismatch;
.text C:\unzipped\gmer\gmer.exe[968] KERNEL32.DLL!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\unzipped\gmer\gmer.exe[968] KERNEL32.DLL!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\unzipped\gmer\gmer.exe[968] KERNEL32.DLL!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\unzipped\gmer\gmer.exe[968] KERNEL32.DLL!FreeLibrary + 37 7C5908CE 4 Bytes CALL 7170003D
.text C:\unzipped\gmer\gmer.exe[968] KERNEL32.DLL!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\unzipped\gmer\gmer.exe[968] KERNEL32.DLL!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\unzipped\gmer\gmer.exe[968] KERNEL32.DLL!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\unzipped\gmer\gmer.exe[968] advapi32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\unzipped\gmer\gmer.exe[968] advapi32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\unzipped\gmer\gmer.exe[968] C:\WINNT\system32\shell32.dll time/date stamp mismatch; unknown module: COMCTL32.dll
? C:\WINNT\System32\WBEM\WinMgmt.exe[1036] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\WINNT\System32\WBEM\WinMgmt.exe[1036] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\WINNT\System32\WBEM\WinMgmt.exe[1036] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\WINNT\System32\WBEM\WinMgmt.exe[1036] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\WINNT\System32\WBEM\WinMgmt.exe[1036] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes CALL 7170003D
.text C:\WINNT\System32\WBEM\WinMgmt.exe[1036] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\WINNT\System32\WBEM\WinMgmt.exe[1036] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\WINNT\System32\WBEM\WinMgmt.exe[1036] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\WINNT\System32\WBEM\WinMgmt.exe[1036] ADVAPI32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\System32\WBEM\WinMgmt.exe[1036] ADVAPI32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
.text C:\WINNT\system32\mspmspsv.exe[1056] ADVAPI32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\system32\mspmspsv.exe[1056] ADVAPI32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\WINNT\system32\mspmspsv.exe[1056] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\WINNT\system32\mspmspsv.exe[1056] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\WINNT\system32\mspmspsv.exe[1056] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\WINNT\system32\mspmspsv.exe[1056] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\WINNT\system32\mspmspsv.exe[1056] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes CALL 7170003D
.text C:\WINNT\system32\mspmspsv.exe[1056] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\WINNT\system32\mspmspsv.exe[1056] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\WINNT\system32\mspmspsv.exe[1056] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\WINNT\system32\svchost.exe[1068] ADVAPI32.DLL!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\system32\svchost.exe[1068] ADVAPI32.DLL!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\WINNT\system32\svchost.exe[1068] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\WINNT\system32\svchost.exe[1068] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\WINNT\system32\svchost.exe[1068] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\WINNT\system32\svchost.exe[1068] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\WINNT\system32\svchost.exe[1068] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes CALL 7170003D
.text C:\WINNT\system32\svchost.exe[1068] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\WINNT\system32\svchost.exe[1068] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\WINNT\system32\svchost.exe[1068] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\WINNT\Explorer.EXE[1260] ADVAPI32.DLL!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\Explorer.EXE[1260] ADVAPI32.DLL!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\WINNT\Explorer.EXE[1260] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\WINNT\Explorer.EXE[1260] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\WINNT\Explorer.EXE[1260] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\WINNT\Explorer.EXE[1260] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\WINNT\Explorer.EXE[1260] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes CALL 7170003D
.text C:\WINNT\Explorer.EXE[1260] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\WINNT\Explorer.EXE[1260] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\WINNT\Explorer.EXE[1260] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
? C:\WINNT\Explorer.EXE[1260] C:\WINNT\system32\shell32.dll time/date stamp mismatch; unknown module: COMCTL32.dll
? C:\WINNT\system32\hkcmd.exe[1400] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\WINNT\system32\hkcmd.exe[1400] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\WINNT\system32\hkcmd.exe[1400] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\WINNT\system32\hkcmd.exe[1400] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\WINNT\system32\hkcmd.exe[1400] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes CALL 7170003D
.text C:\WINNT\system32\hkcmd.exe[1400] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\WINNT\system32\hkcmd.exe[1400] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\WINNT\system32\hkcmd.exe[1400] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\WINNT\system32\hkcmd.exe[1400] ADVAPI32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\WINNT\system32\hkcmd.exe[1400] ADVAPI32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\WINNT\system32\hkcmd.exe[1400] C:\WINNT\system32\shell32.dll time/date stamp mismatch; unknown module: COMCTL32.dll
? C:\Program Files\iTunes\iTunesHelper.exe[1412] C:\WINNT\system32\KERNEL32.DLL time/date stamp mismatch;
.text C:\Program Files\iTunes\iTunesHelper.exe[1412] KERNEL32.DLL!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1412] KERNEL32.DLL!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1412] KERNEL32.DLL!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1412] KERNEL32.DLL!FreeLibrary + 37 7C5908CE 4 Bytes CALL 7170003D
.text C:\Program Files\iTunes\iTunesHelper.exe[1412] KERNEL32.DLL!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1412] KERNEL32.DLL!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1412] KERNEL32.DLL!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1412] ADVAPI32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1412] ADVAPI32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\Program Files\iTunes\iTunesHelper.exe[1412] C:\WINNT\system32\shell32.dll time/date stamp mismatch; unknown module: COMCTL32.dll
? C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe[1432] C:\WINNT\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe[1432] kernel32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe[1432] kernel32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe[1432] kernel32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe[1432] kernel32.dll!FreeLibrary + 37 7C5908CE 4 Bytes CALL 7170003D
.text C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe[1432] kernel32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe[1432] kernel32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe[1432] kernel32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe[1432] advapi32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe[1432] advapi32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1468] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1468] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1468] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1468] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1468] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes CALL 7170003D
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1468] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1468] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1468] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1468] ADVAPI32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1468] ADVAPI32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1468] C:\WINNT\system32\SHELL32.dll time/date stamp mismatch; unknown module: COMCTL32.dll
? C:\Program Files\ATT-SST\McciTrayApp.exe[1480] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\Program Files\ATT-SST\McciTrayApp.exe[1480] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\ATT-SST\McciTrayApp.exe[1480] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\Program Files\ATT-SST\McciTrayApp.exe[1480] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\Program Files\ATT-SST\McciTrayApp.exe[1480] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes CALL 7170003D
.text C:\Program Files\ATT-SST\McciTrayApp.exe[1480] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\Program Files\ATT-SST\McciTrayApp.exe[1480] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\Program Files\ATT-SST\McciTrayApp.exe[1480] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\Program Files\ATT-SST\McciTrayApp.exe[1480] ADVAPI32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\ATT-SST\McciTrayApp.exe[1480] ADVAPI32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\Program Files\ATT-SST\McciTrayApp.exe[1480] C:\WINNT\system32\SHELL32.dll time/date stamp mismatch; unknown module: COMCTL32.dll
? C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1500] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1500] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1500] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1500] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1500] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes CALL 7170003D
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1500] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1500] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1500] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1500] ADVAPI32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1500] ADVAPI32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1500] C:\WINNT\system32\SHELL32.dll time/date stamp mismatch; unknown module: COMCTL32.dll
? C:\Program Files\Opera\opera.exe[1508] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\Program Files\Opera\opera.exe[1508] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Opera\opera.exe[1508] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\Program Files\Opera\opera.exe[1508] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\Program Files\Opera\opera.exe[1508] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes CALL 7170003D
.text C:\Program Files\Opera\opera.exe[1508] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\Program Files\Opera\opera.exe[1508] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\Program Files\Opera\opera.exe[1508] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\Program Files\Opera\opera.exe[1508] ADVAPI32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Opera\opera.exe[1508] ADVAPI32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\Program Files\Opera\opera.exe[1508] C:\WINNT\system32\shell32.dll time/date stamp mismatch; unknown module: COMCTL32.dll
? C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe[1536] C:\WINNT\system32\kernel32.dll time/date stamp mismatch;
.text C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe[1536] kernel32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe[1536] kernel32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe[1536] kernel32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe[1536] kernel32.dll!FreeLibrary + 37 7C5908CE 4 Bytes CALL 7170003D
.text C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe[1536] kernel32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe[1536] kernel32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe[1536] kernel32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe[1536] advapi32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe[1536] advapi32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\Program Files\iPod\bin\iPodService.exe[1720] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\Program Files\iPod\bin\iPodService.exe[1720] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1720] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1720] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1720] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes CALL 7170003D
.text C:\Program Files\iPod\bin\iPodService.exe[1720] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1720] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1720] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1720] ADVAPI32.DLL!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1720] ADVAPI32.DLL!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A
? C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE[1928] C:\WINNT\system32\KERNEL32.dll time/date stamp mismatch;
.text C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE[1928] KERNEL32.dll!CreateFileA 7C58C243 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE[1928] KERNEL32.dll!CreateFileW 7C58C275 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE[1928] KERNEL32.dll!LoadLibraryExW 7C590595 6 Bytes JMP 5F070F5A
.text C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE[1928] KERNEL32.dll!FreeLibrary + 37 7C5908CE 4 Bytes CALL 7170003D
.text C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE[1928] KERNEL32.dll!CreateProcessA 7C595040 6 Bytes JMP 5F130F5A
.text C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE[1928] KERNEL32.dll!CreateProcessW 7C596981 6 Bytes JMP 5F160F5A
.text C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE[1928] KERNEL32.dll!WinExec 7C59752A 6 Bytes JMP 5F190F5A
.text C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE[1928] ADVAPI32.dll!RegSetValueA 7C2D3EC6 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE[1928] ADVAPI32.dll!RegSetValueExA 7C2EE841 6 Bytes JMP 5F040F5A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [8:116] 82641000
Thread System [8:120] 82641000
Thread System [8:124] 8260E7E0
Thread System [8:128] 8260E7E0
Thread System [8:136] 826107D0
Thread System [8:140] 826107D0
Thread System [8:144] 8260E7E0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected] 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected]
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected] 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected] 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected]
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected] 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected]

---- EOF - GMER 1.0.15 ----

OTL logfile created on: 7/6/2010 12:00:14 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Barry\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 420.00 Mb Available Physical Memory | 55.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 19.13 Gb Total Space | 7.44 Gb Free Space | 38.89% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BARKAT
Current User Name: Barry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/06 11:58:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barry\Desktop\OTL.exe
PRC - [2010/06/30 14:52:22 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010/04/19 09:01:34 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:32 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:10 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/10/22 00:23:14 | 001,577,984 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2009/10/06 17:19:56 | 000,818,432 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2006/12/20 17:47:56 | 000,557,056 | ---- | M] () -- C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
PRC - [2006/12/20 17:47:50 | 000,243,712 | ---- | M] () -- C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
PRC - [2006/12/20 17:47:48 | 000,386,048 | ---- | M] () -- C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
PRC - [2004/09/07 09:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe
PRC - [2003/11/14 09:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
PRC - [2003/07/03 15:51:52 | 000,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\winmgmt.exe
PRC - [2003/07/03 15:49:02 | 000,061,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\stisvc.exe
PRC - [2003/07/03 15:36:48 | 000,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003/07/03 09:37:52 | 000,186,640 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe


========== Modules (SafeList) ==========

MOD - [2010/07/06 11:58:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barry\Desktop\OTL.exe
MOD - [2009/10/22 00:23:16 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll
MOD - [2008/02/08 18:37:48 | 000,088,592 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll
MOD - [2008/02/08 18:37:42 | 000,048,656 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll
MOD - [2008/02/08 18:37:30 | 000,084,496 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll
MOD - [2008/02/08 18:26:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\msvcr80.dll
MOD - [2006/12/20 17:48:12 | 000,281,600 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\sguard.dll
MOD - [2003/11/14 09:50:00 | 000,024,064 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL
MOD - [2003/11/14 09:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\MouseWare\system\LgWndHk.dll
MOD - [2003/07/03 15:52:48 | 000,021,776 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wsock32.dll
MOD - [2003/07/03 15:44:14 | 000,011,536 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netrap.dll
MOD - [2003/07/03 15:43:04 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\msscript.ocx
MOD - [2003/07/03 15:40:16 | 000,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll
MOD - [2000/08/29 05:19:16 | 000,401,462 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\MSVCP60.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (KodakCCS)
SRV - [2010/04/19 09:01:34 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:10 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/10/06 17:19:56 | 000,818,432 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2008/02/08 18:36:14 | 000,227,856 | ---- | M] (Kaspersky Lab) [On_Demand | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -- (AVP)
SRV - [2006/12/20 17:47:50 | 000,243,712 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe -- (IOLO_SRV)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/07 09:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mstask.exe -- (Schedule)
SRV - [2003/07/03 15:51:52 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wbem\winmgmt.exe -- (WinMgmt)
SRV - [2003/07/03 15:50:18 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2003/07/03 15:49:02 | 000,061,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\stisvc.exe -- (StiSvc)
SRV - [2003/07/03 15:46:50 | 000,068,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)
SRV - [2003/07/03 15:36:54 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\faxsvc.exe -- (Fax)
SRV - [2003/07/03 15:36:04 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2003/03/09 14:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINNT\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - [2010/04/19 09:01:34 | 000,122,768 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINNT\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/12 12:26:22 | 000,071,768 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINNT\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/10/30 11:11:00 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINNT\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2009/10/22 00:23:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/22 00:23:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/10/16 16:55:00 | 000,115,216 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2009/10/06 16:31:30 | 000,087,784 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2009/05/11 11:49:20 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINNT\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/12/28 02:31:22 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\kl1.sys -- (kl1)
DRV - [2007/12/28 19:51:04 | 000,195,344 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\klif.sys -- (TSP)
DRV - [2007/12/28 19:51:04 | 000,195,344 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINNT\system32\drivers\klif.sys -- (klif)
DRV - [2007/12/13 13:28:40 | 000,024,592 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\klim5.sys -- (klim5)
DRV - [2007/06/20 20:10:24 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/08/27 11:56:12 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/01/18 06:33:00 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINNT\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2005/12/01 19:43:16 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/11/27 09:00:38 | 000,043,672 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINNT\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2005/11/24 13:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/11/22 21:29:58 | 000,108,800 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2005/11/15 22:36:20 | 000,036,736 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/11/15 22:15:06 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2005/11/11 15:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/11/03 03:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/11/03 03:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINNT\System32\drivers\cdr4_2k.sys -- (Cdr4_2K)
DRV - [2005/09/15 18:06:08 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/08/01 16:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINNT\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 18:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/01/06 13:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/12/17 17:14:44 | 000,013,952 | ---- | M] () [Kernel | System | Stopped] -- C:\WINNT\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/07/09 02:58:10 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/11/07 03:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 03:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\L8042PR2.SYS -- (L8042PR2)
DRV - [2003/11/07 03:50:00 | 000,025,502 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/07/03 15:48:38 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel)
DRV - [2003/07/03 15:43:48 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [2003/07/03 15:36:36 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINNT\System32\drivers\efs.sys -- (EFS)
DRV - [2003/07/03 15:36:24 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)
DRV - [2003/07/03 15:36:08 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmio.sys -- (dmio)
DRV - [2003/07/03 15:36:08 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmload.sys -- (dmload)
DRV - [2003/07/03 15:36:06 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2003/07/03 15:36:02 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\diskperf.sys -- (Diskperf)
DRV - [2003/06/19 12:05:04 | 000,049,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20)
DRV - [2003/06/19 12:05:04 | 000,032,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\uhcd.sys -- (uhcd)
DRV - [2003/01/10 10:56:34 | 000,030,921 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\sqcaptur.sys -- (DCamUSBSQTECH) Dual-Mode DSC(2770)
DRV - [2002/11/12 09:56:58 | 000,104,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\e1000nt5.sys -- (E1000) Intel®
DRV - [1999/09/10 06:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINNT\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapp.../search/ie.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/07 18:53:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/07 18:53:44 | 000,000,000 | ---D | M]

[2009/02/08 06:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\Mozilla\Extensions
[2009/05/02 09:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\Mozilla\Extensions\[email protected]
[2008/01/01 09:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\Mozilla\Firefox\Profiles\4jvr0j67.default\extensions
[2009/06/07 18:53:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2003/07/03 15:37:38 | 000,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (UberButton Class) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O2 - BHO: (YahooTaggedBM Class) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll (Yahoo! Inc.)
O2 - BHO: (SidebarAutoLaunch Class) - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,[email protected],&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe File not found
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic Professional 6\Delay.exe ()
O4 - HKLM..\Run: [Logitech Utility] C:\WINNT\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe ()
O4 - HKCU..\Run: [SMSystemAnalyzer] C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe ()
O4 - HKLM..\RunOnceEx: [] File not found
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo!)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\rnr20.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: 0.0.0.0 ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.micr...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://terileann1721...ad/MsnPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1278382499734 (WUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Groove Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} http://bmm.imgag.com.../crusher-us.cab (Creative Toolbox Plug-in)
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} http://a532.g.akamai...0/installer.exe (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://a532.g.akamai...l/installer.exe (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
O18 - Protocol\Filter\application/octet-stream - No CLSID value found
O18 - Protocol\Filter\application/x-complus - No CLSID value found
O18 - Protocol\Filter\application/x-msdownload - No CLSID value found
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINNT\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINNT\system32\klogon.dll - C:\WINNT\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Barry\Application Data\Opera\Opera8\profile\Skin\IMG_2803.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Barry\Application Data\Opera\Opera8\profile\Skin\IMG_2803.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/15 22:14:38 | 000,000,050 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (smrgdf C:\Program Files\iolo\System Mechanic Professional 6\) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Nwsapagent - File not found

Drivers32: aux - C:\WINNT\System32\mmdrv.dll (Microsoft Corporation)
Drivers32: aux1 - File not found
Drivers32: aux2 - File not found
Drivers32: aux3 - File not found
Drivers32: aux4 - File not found
Drivers32: aux5 - File not found
Drivers32: aux6 - File not found
Drivers32: aux7 - File not found
Drivers32: aux8 - File not found
Drivers32: aux9 - File not found
Drivers32: midi - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - File not found
Drivers32: midi3 - File not found
Drivers32: midi4 - File not found
Drivers32: midi5 - File not found
Drivers32: midi6 - File not found
Drivers32: midi7 - File not found
Drivers32: midi8 - File not found
Drivers32: midi9 - File not found
Drivers32: midimapper - C:\WINNT\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - File not found
Drivers32: mixer3 - File not found
Drivers32: mixer4 - File not found
Drivers32: mixer5 - File not found
Drivers32: mixer6 - File not found
Drivers32: mixer7 - File not found
Drivers32: mixer8 - File not found
Drivers32: mixer9 - File not found
Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINNT\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINNT\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\WINNT\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINNT\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINNT\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINNT\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINNT\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINNT\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINNT\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINNT\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.M261 - C:\WINNT\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINNT\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINNT\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINNT\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINNT\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINNT\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINNT\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINNT\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - File not found
Drivers32: wave3 - File not found
Drivers32: wave4 - File not found
Drivers32: wave5 - File not found
Drivers32: wave6 - File not found
Drivers32: wave7 - File not found
Drivers32: wave8 - File not found
Drivers32: wave9 - File not found
Drivers32: wavemapper - C:\WINNT\System32\msacm32.drv (Microsoft Corporation)
Drivers32: wdmaud.drv - C:\WINNT\System32\wdmaud.drv (Microsoft Corporation)
SystemRestore not available.

========== Files/Folders - Created Within 90 Days ==========

[2010/07/06 11:58:55 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Barry\Desktop\OTL.exe
[2010/07/06 11:04:49 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/06 11:03:17 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Barry\Desktop\erunt_setup.exe
[2010/07/06 10:34:49 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Barry\My Documents\TFC.exe
[2010/07/05 20:06:44 | 000,000,000 | ---D | C] -- C:\WINNT\ServicePackFiles
[2010/07/05 20:06:44 | 000,000,000 | ---D | C] -- C:\WINNT\System32\CertSrv
[2010/05/16 06:50:10 | 000,000,000 | ---D | C] -- C:\FOUND.022
[2010/05/09 09:57:04 | 000,000,000 | ---D | C] -- C:\FOUND.021
[2010/05/07 09:55:48 | 000,000,000 | ---D | C] -- C:\FOUND.020
[2010/04/12 08:54:36 | 000,000,000 | ---D | C] -- C:\FOUND.019
[2010/04/12 08:37:47 | 000,000,000 | ---D | C] -- C:\WINNT\PCHEALTH
[2010/04/12 08:32:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\agi
[2010/04/09 13:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

========== Files - Modified Within 90 Days ==========

[2010/07/06 11:59:12 | 002,187,264 | -H-- | M] () -- C:\Documents and Settings\Barry\NTUSER.DAT
[2010/07/06 11:58:56 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barry\Desktop\OTL.exe
[2010/07/06 11:58:44 | 000,000,032 | -HS- | M] () -- C:\WINNT\System32\drivers\fidbox.idx
[2010/07/06 11:58:44 | 000,000,032 | -HS- | M] () -- C:\WINNT\System32\drivers\fidbox.dat
[2010/07/06 11:03:18 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Barry\Desktop\erunt_setup.exe
[2010/07/06 10:55:28 | 000,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/07/06 10:55:20 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2f0.dat
[2010/07/06 10:54:24 | 000,000,032 | -HS- | M] () -- C:\WINNT\System32\drivers\fidbox2.idx
[2010/07/06 10:54:24 | 000,000,032 | -HS- | M] () -- C:\WINNT\System32\drivers\fidbox2.dat
[2010/07/06 10:34:50 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barry\My Documents\TFC.exe
[2010/07/06 08:23:54 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Barry\ntuser.ini
[2010/07/05 21:24:38 | 001,008,808 | -H-- | M] () -- C:\WINNT\ShellIconCache
[2010/07/05 20:12:06 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\Barry\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Outlook Express.lnk
[2010/07/05 15:57:52 | 000,000,646 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\[email protected]
[2010/07/05 15:10:10 | 000,001,403 | ---- | M] () -- C:\Documents and Settings\Barry\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/05 13:48:24 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\Barry\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/07/03 21:45:56 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\gmer.zip
[2010/07/03 21:39:38 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\dds.scr
[2010/07/03 21:32:58 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_150.dat
[2010/07/03 19:26:14 | 000,054,156 | -H-- | M] () -- C:\WINNT\QTFont.qfn
[2010/06/11 02:56:50 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_14c.dat
[2010/06/10 14:45:54 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2010/05/12 12:07:02 | 000,000,903 | ---- | M] () -- C:\WINNT\win.ini
[2010/05/11 20:05:08 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_530.dat
[2010/04/30 15:57:12 | 000,001,756 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:24 | 000,019,288 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010/04/24 16:29:36 | 000,001,347 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\CCleaner.lnk
[2010/04/19 20:04:14 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_3c0.dat
[2010/04/19 09:01:34 | 000,122,768 | ---- | M] (Avira GmbH) -- C:\WINNT\System32\drivers\avipbb.sys
[2010/04/17 05:00:12 | 002,187,630 | ---- | M] () -- C:\Documents and Settings\Barry\Desktop\Butt Trumpet - I ve Been So Mad Lately.mp3

========== Files Created - No Company Name ==========

[2010/07/06 10:55:18 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2f0.dat
[2010/07/05 20:05:43 | 000,004,296 | ---- | C] () -- C:\WINNT\System32\odbcconf.rsp
[2010/07/05 20:04:19 | 000,618,889 | ---- | C] () -- C:\WINNT\System32\instcat.sql
[2010/07/05 15:57:51 | 000,000,646 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\[email protected]
[2010/07/05 15:09:27 | 000,002,097 | ---- | C] () -- C:\Documents and Settings\Barry\My Documents\Launch Outlook Express.lnk
[2010/07/03 21:45:54 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\gmer.zip
[2010/07/03 21:39:37 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\dds.scr
[2010/07/03 21:32:56 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_150.dat
[2010/06/11 02:56:49 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_14c.dat
[2010/05/31 20:17:41 | 000,012,088 | ---- | C] () -- C:\Documents and Settings\Barry\hs_err_pid2724.log
[2010/05/11 20:05:07 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_530.dat
[2010/04/19 20:04:13 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3c0.dat
[2010/04/17 05:00:09 | 002,187,630 | ---- | C] () -- C:\Documents and Settings\Barry\Desktop\Butt Trumpet - I ve Been So Mad Lately.mp3
[2010/04/03 18:48:24 | 000,000,164 | ---- | C] () -- C:\WINNT\youtube2mp3.ini
[2008/01/23 19:42:11 | 000,000,031 | ---- | C] () -- C:\WINNT\warhead.ini
[2008/01/11 12:05:53 | 000,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2007/05/06 21:00:37 | 000,000,044 | ---- | C] () -- C:\WINNT\liveup.ini
[2007/01/10 18:54:26 | 000,561,152 | R--- | C] () -- C:\WINNT\System32\hpotscl.dll
[2007/01/04 18:54:47 | 000,001,694 | ---- | C] () -- C:\WINNT\SysMech6.INI
[2007/01/04 17:35:21 | 001,212,416 | ---- | C] () -- C:\WINNT\System32\Incinerator.dll
[2006/12/15 08:23:00 | 000,001,511 | ---- | C] () -- C:\WINNT\WinInit.ini
[2006/11/18 21:31:50 | 000,000,097 | ---- | C] () -- C:\WINNT\WirelessFTP.INI
[2006/11/18 21:09:51 | 000,000,000 | ---- | C] () -- C:\WINNT\tosOBEX.INI
[2006/07/15 15:51:15 | 000,012,288 | ---- | C] () -- C:\WINNT\impborl.dll
[2006/07/01 16:23:18 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\YCRWin32.dll
[2006/06/13 11:52:13 | 000,000,000 | ---- | C] () -- C:\WINNT\hpqEmlsz.INI
[2006/04/02 17:02:20 | 001,181,018 | ---- | C] () -- C:\WINNT\disney.ini
[2006/01/04 20:08:02 | 000,001,015 | ---- | C] () -- C:\WINNT\YAHELITE_IGNORE.INI
[2006/01/04 20:02:34 | 000,002,379 | ---- | C] () -- C:\WINNT\YAHELITE.INI
[2005/11/27 15:33:12 | 000,056,265 | ---- | C] () -- C:\WINNT\cdplayer.ini
[2005/11/26 21:19:00 | 000,000,313 | ---- | C] () -- C:\WINNT\ODBC.INI
[2005/11/26 20:42:06 | 000,000,783 | ---- | C] () -- C:\WINNT\NTIWVEDT.INI
[2005/11/26 20:41:53 | 000,000,000 | ---- | C] () -- C:\WINNT\Jcmkr32.INI
[2005/11/26 19:40:58 | 000,000,029 | ---- | C] () -- C:\WINNT\CDMKR32.INI
[2005/11/15 22:16:06 | 000,001,024 | RH-- | C] () -- C:\WINNT\System32\NTIDBD32.dll
[2005/11/15 22:15:05 | 000,001,024 | RH-- | C] () -- C:\WINNT\System32\NTIBUN4.dll
[2005/11/15 22:13:15 | 000,001,024 | RH-- | C] () -- C:\WINNT\System32\NTIMPEG2.dll
[2005/11/15 22:13:15 | 000,001,024 | RH-- | C] () -- C:\WINNT\System32\NTIFCD3.dll
[2005/11/15 22:13:15 | 000,001,024 | RH-- | C] () -- C:\WINNT\System32\NTICDMK7.dll
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINNT\System32\drivers\UBHelper.sys
[2004/03/19 15:57:22 | 000,000,244 | ---- | C] () -- C:\WINNT\System32\nirpc.ini
[2003/07/03 15:51:30 | 000,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
[2003/07/03 15:46:25 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[2003/07/03 15:37:47 | 000,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[2003/07/03 15:36:52 | 000,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[2003/07/03 15:36:36 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINNT\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINNT\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINNT\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINNT\System32\HMPV2_ENC_MMX.dll
[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINNT\System32\KodakOneTouch.dll
[1999/09/25 10:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 10:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys

========== LOP Check ==========

[2006/04/01 20:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2006/11/19 10:26:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2006/12/28 11:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2007/03/10 11:29:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/05/10 19:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2007/10/01 19:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/02/21 10:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kiwee Toolbar2
[2009/05/06 13:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2010/04/12 08:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\agi
[2006/04/02 09:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\Opera
[2006/04/02 11:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\Webshots
[2006/04/02 15:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\LimeWire
[2006/04/03 14:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\Leadertech
[2006/11/18 21:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\Toshiba
[2007/01/26 18:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\Uniblue
[2007/05/10 19:11:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\iolo
[2008/01/11 17:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\Fisher-Price
[2008/06/01 10:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\FUJIFILM
[2009/04/19 13:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\IObit
[2009/05/06 20:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\AT&T
[2009/05/28 12:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\GrabPro
[2009/11/11 09:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\PhotoParade
[2010/02/18 18:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barry\Application Data\Error Fix
[2007/05/13 19:05:28 | 000,000,342 | ---- | M] () -- C:\WINNT\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1168477273.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2003/07/03 15:32:28 | 000,150,528 | RHS- | M] () -- C:\arcldr.exe
[2003/07/03 15:32:28 | 000,163,840 | RHS- | M] () -- C:\arcsetup.exe
[2003/07/03 15:45:02 | 000,214,432 | RHS- | M] () -- C:\ntldr
[2003/07/03 15:44:50 | 000,034,724 | RHS- | M] () -- C:\NTDETECT.COM
[2005/12/25 08:43:34 | 000,000,191 | -HS- | M] () -- C:\boot.ini
[2007/01/07 21:13:10 | 000,001,109 | ---- | M] () -- C:\rapport.txt
[2005/11/15 18:20:02 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2005/11/15 22:14:38 | 000,000,050 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2005/11/15 18:20:02 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/11/15 18:20:02 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/06 10:55:02 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2009/08/01 16:29:32 | 000,008,102 | ---- | M] () -- C:\devicetable.log
[2006/04/01 19:29:34 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
[2005/10/31 09:56:02 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2007/01/04 10:56:20 | 000,007,872 | ---- | M] () -- C:\caavsetup.log
[2009/04/28 17:45:50 | 000,000,230 | ---- | M] () -- C:\regfile.txt
[2009/04/28 17:46:58 | 000,000,212 | ---- | M] () -- C:\regfile2.txt
[2008/01/05 08:15:16 | 000,993,494 | ---- | M] () -- C:\sysinfo.txt
[2009/04/28 17:48:28 | 000,000,183 | ---- | M] () -- C:\Shortcut to Local Disk ©.lnk
[2010/01/30 13:03:50 | 007,875,816 | ---- | M] () -- C:\EasyShare.dmp
[2010/07/04 14:19:30 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/06/10 14:45:54 | 000,429,516 | ---- | M] () -- C:\hpfr3425.log
[2010/06/10 14:45:54 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2005/12/17 06:28:02 | 000,020,480 | ---- | M] () -- C:\00007E00-FC91FC91
[2005/12/16 21:34:02 | 000,020,480 | ---- | M] () -- C:\00007E00-FC91FC91_Backup
[2005/12/18 20:15:26 | 000,001,839 | -H-- | M] () -- C:\hpothb07.tif
[2005/12/18 20:15:34 | 000,001,024 | -H-- | M] () -- C:\hpothb07.dat

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/11/15 18:19:42 | 000,000,067 | -HS- | M] () -- C:\WINNT\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2003/07/03 15:47:42 | 000,006,928 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\sfmpsprt.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2003/07/03 15:41:38 | 000,012,048 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\mmdrv.dll
[2003/07/03 15:44:14 | 000,011,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\netrap.dll
[2003/07/03 15:47:06 | 000,044,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\rtutils.dll
[2003/07/03 15:40:16 | 000,010,000 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\lz32.dll
[2005/04/08 05:54:32 | 000,200,464 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\RASAPI32.DLL
[2005/04/08 05:54:32 | 000,058,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\RASMAN.DLL
[2003/07/03 15:47:26 | 000,007,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\sensapi.dll
[2003/07/03 15:49:26 | 000,126,736 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\tapi32.dll
[2003/07/03 15:52:48 | 000,021,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\wsock32.dll
[2007/04/05 01:17:40 | 002,854,400 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\msi.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/11/15 18:02:38 | 000,356,352 | ---- | M] () -- C:\WINNT\system32\config\system.sav
[2005/11/15 18:02:38 | 000,536,576 | ---- | M] () -- C:\WINNT\system32\config\software.sav
[2005/11/15 18:02:38 | 000,081,920 | ---- | M] () -- C:\WINNT\system32\config\default.sav

< %systemroot%\system32\user32.dll /md5 >
[2007/03/06 05:17:48 | 000,381,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\USER32.DLL

< %systemroot%\system32\ws2_32.dll /md5 >
[2003/07/03 15:52:42 | 000,069,904 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2003/07/03 15:52:42 | 000,018,192 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINNT\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2007-12-21 23:05:02

========== Files - Unicode (All) ==========
[2007/05/26 14:54:10 | 000,002,922 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\￿
[2007/04/08 09:17:38 | 000,000,146 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\፨
[2007/04/08 09:17:36 | 000,000,146 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\፨
[2007/03/04 17:39:32 | 000,002,157 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\䕍
[2007/02/24 11:38:22 | 000,000,272 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\
[2007/02/11 13:54:25 | 000,002,157 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\䕍
[2007/01/25 13:46:58 | 000,002,303 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\ခ
[2007/01/23 15:15:49 | 000,000,272 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\
[2007/01/21 22:02:28 | 000,000,146 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\�
[2007/01/21 22:02:26 | 000,000,146 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\�
[2006/12/06 14:21:34 | 000,000,988 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\퐰
[2006/12/06 14:21:33 | 000,000,988 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\퐰
[2006/10/27 19:03:36 | 000,002,376 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\∠
[2006/10/27 19:03:36 | 000,000,030 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\਀
[2006/09/22 20:43:48 | 000,001,694 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\̘
[2006/09/22 20:43:48 | 000,000,030 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\̜
[2006/09/22 20:43:46 | 000,001,694 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\̘
[2006/09/22 20:43:46 | 000,000,030 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\̜
[2006/08/11 19:02:30 | 000,002,376 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\∠
[2006/08/11 19:02:30 | 000,000,030 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\਀
[2006/08/04 19:26:32 | 000,000,146 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\濈
[2006/08/04 19:26:30 | 000,000,146 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\濈
[2006/08/01 16:56:44 | 000,000,030 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\∦
[2006/08/01 16:56:42 | 000,000,030 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\∦
[2006/07/12 18:39:30 | 000,000,146 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\獜
[2006/07/12 18:39:29 | 000,000,146 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\獜
[2006/06/25 10:20:54 | 000,002,416 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\㥀
[2006/05/13 19:18:10 | 000,002,416 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\㥀
[2006/04/27 12:27:52 | 000,001,694 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\㩀
[2006/04/27 12:27:51 | 000,001,694 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\㩀
[2006/04/01 20:06:04 | 000,000,000 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\὚
[2006/04/01 20:06:02 | 000,000,000 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\὚
[2006/04/01 20:01:48 | 000,000,000 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\僾
[2006/04/01 20:01:47 | 000,000,000 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\僾
[2006/02/02 22:29:43 | 000,002,303 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\ခ
[2006/01/31 19:13:22 | 000,000,146 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\ŀ
[2006/01/31 19:13:21 | 000,000,146 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\ŀ
[2006/01/12 23:15:45 | 000,002,922 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\￿
[2006/01/09 21:33:34 | 000,000,146 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\㝼
[2006/01/09 21:33:33 | 000,000,146 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\㝼
< End of report >

Edited by Barkat, 06 July 2010 - 11:18 AM.

  • 0

Advertisements

#2
myrti
Posted 08 July 2010 - 02:14 PM

myrti

    Expert

  • Expert
  • 2,580 posts
Hello and welcome to GeekstoGo.

Sorry for the delay, you weren't overlooked on purpose.


Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
    Note: There is a blanke between mbr.exe and -t.
  • press Enter.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\). The file will not open automatically, you need to go to C:\mbr.log yourself and open it.
  • Copy and paste the results of the mbr.log in your next reply.

regards myrti
  • 0

#3
Barkat
Posted 08 July 2010 - 06:34 PM

Barkat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Dont worry about the delay. I understand that I am not the only one that needs help, and you have your own life too. But thanks for helping me now. Here is the file you requested, I hope I did it right.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
  • 0

#4
myrti
Posted 09 July 2010 - 01:18 PM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

do you still have the problems you described?

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avira or Kaspersky.

Please also run this tool:
Download Bootkit Remover to your desktop.
Note: This is a rar file if you do not have a program to open it then download and install Peazip
  • Extract Remover.exe to your desktop
  • Double click Remover.exe to run it.
  • It will show a Black screen with some data on it
  • Right click on the screen and select > Select All
  • Press Control + C <--- This will copy the contents of the screen to your clipboard.
  • Go to Start > Run > Notepad.exe (followed by enter) and press Control + V to paste the contents of your clipboard into the notepad window.
  • Post the resultant log here please.

regards myrti

Edited by myrti, 09 July 2010 - 04:51 PM.

  • 0

#5
Barkat
Posted 09 July 2010 - 05:28 PM

Barkat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi and thanks for the reply. I did remove Kaspersky. I also downloaded the peazip program and the bootkit remover. All I could get it to so was bring up the black screen for about half a second, then it went away. No where near long enough to click in it or anything. And yes, still having the same problems. No sound and the same two boxes that say C:\WINNT\system32\svchost.exe
  • 0

#6
myrti
Posted 10 July 2010 - 05:26 AM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

please try the following:
(the file remover.exe needs to be located on the desktop for this)

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:
    cd Desktop
  • Then type:
    remover.exe
  • Does this display a log in the window? If so please post it in your next reply
If you do not have the run-command in your Start menu:
Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.

regards myrti
  • 0

#7
Barkat
Posted 10 July 2010 - 06:13 AM

Barkat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Well, I think I may have gotten that to work, kinda. I couldnt figure out how to copy and paste it. Luckly it wasnt that much so I will just type it in here. Hope thats ok?

Microsoft Windows 200[Version 5.00.2195]
<C> Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Barry>cd Desktop

C:\Documents and Settings\Barry\Desktop>remover.exe
Bootkit Remover version 1.0.0.1
<c> 2009 eSage Lab
www.esagelab.com

\\.\C: -> \\.\PhysicalDrive0
ProcessPhysicalDisc<>: DeviceIoControl<> ERROR1
ERROR: No physical disks found

C:\Documents and Settings\Barry\Desktop>
  • 0

#8
myrti
Posted 10 July 2010 - 11:12 AM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

the tool apparently didn't work, thanks for typing out the report.

Let's try this instead:
Please download MBRCheck.exe to your desktop.

  • Double click to run it
  • It will prompt you with some text
  • Left click on title bar (where program name and path is written)
  • From menu chose Edit -> Select All
  • Now just click Enter key on keyboard to copy selected text
  • Now paste that text here for me.


regards myrti
  • 0

#9
Barkat
Posted 10 July 2010 - 04:50 PM

Barkat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
No problem about the other test. I will run anything you tell me to at this point! I did notice that it said I was out of memory. But it also said that I as using a "unsupported" version of windows. Could the unsupported version make MBR "think" I was out of memory?





MBRCheck, version 1.0.3
© 2010, AD

WARNING: Unsupported Windows version! Results may not be accurate!
\\.\C: --> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
0 GB \\.\PhysicalDrive0 Out of memory!


Done! Press ENTER to exit...

Edited by Barkat, 10 July 2010 - 09:30 PM.

  • 0

#10
myrti
Posted 11 July 2010 - 01:55 AM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

yes there was a reasonable chance, that the program would work on Windows 2000 even if it isn't officially supported and there was no risk of it changing anything, so I wanted to try it.
The result is not what I was expecting though.


Could you please provide a log from DDS, we might see more with that:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
    DDS.scr
    DDS.pif
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Could you please also try to run MBRCheck in safe mode and let me know if the output is any different from what we have now.

regards myrti

Edited by myrti, 11 July 2010 - 02:19 AM.

  • 0

Advertisements

#11
Barkat
Posted 11 July 2010 - 06:14 AM

Barkat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
DDS (Ver_10-03-17.01) - FAT32x86
Run by Barry at 7:16:40.60 on Sun 07/11/2010
Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_13
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.766.412 [GMT -6:00]


============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\iolo\System Mechanic Professional 6\IoloSGCtrl.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\iolo\System Mechanic Professional 6\SystemGuardAlerter.exe
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iolo\System Mechanic Professional 6\SMSystemAnalyzer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\Connection Wizard\ICWCONN1.EXE
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Barry\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = 127.0.0.1
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SidebarAutoLaunch Class: {f2aa9440-6328-4933-b7c9-a6ccdf9cbf6d} - c:\program files\yahoo!\browser\YSidebarIEBHO.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dll
uRun: [SMSystemAnalyzer] "c:\program files\iolo\system mechanic professional 6\SMSystemAnalyzer.exe"
mRun: [HotKeysCmds] c:\winnt\system32\hkcmd.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [ioloDelayModule] c:\program files\iolo\system mechanic professional 6\delay.exe
mRun: [SystemGuardAlerter] "c:\program files\iolo\system mechanic professional 6\SystemGuardAlerter.exe"
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: 0.0.0.0
Trusted Zone: motive.com\patttbc.att
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://terileann1721aquarius.spaces.live.com//PhotoUpload/MsnPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1278382499734
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} - hxxp://bmm.imgag.com/imgag/cp/install/crusher-us.cab
DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.0/installer.exe
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\common\lib\URLSTO~1.DLL
Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\common\lib\URLSTO~1.DLL
Notify: igfxcui - igfxsrvc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\barry\applic~1\mozilla\firefox\profiles\4jvr0j67.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-26 11608]
R1 pctgntdi;pctgntdi;c:\winnt\system32\drivers\pctgntdi.sys [2009-11-14 233136]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-26 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-26 267432]
R2 avgntflt;avgntflt;c:\winnt\system32\drivers\avgntflt.sys [2009-10-26 71768]
R2 PCTAppEvent;PCTAppEvent Driver;c:\winnt\system32\drivers\PCTAppEvent.sys [2009-11-14 87784]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2009-11-14 818432]
R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2005-11-15 49776]
S3 pctplfw;pctplfw;c:\winnt\system32\drivers\pctplfw.sys [2009-11-14 115216]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-07-11 13:16:42 16384 ----a-w- c:\winnt\system32\Perflib_Perfdata_3e8.dat
2010-07-11 13:12:44 16384 ----a-w- c:\winnt\system32\Perflib_Perfdata_2cc.dat
2010-07-10 00:21:51 0 d-----w- c:\docume~1\barry\applic~1\PeaZip
2010-07-10 00:21:09 0 d-----w- c:\program files\PeaZip
2010-07-09 14:54:48 54156 ---ha-w- c:\winnt\QTFont.qfn
2010-07-09 14:54:48 1409 ----a-w- c:\winnt\QTFont.for
2010-07-09 01:32:45 77312 ----a-w- C:\mbr.exe
2010-07-07 21:04:57 4 ----a-w- c:\program files\37058406.dat
2010-07-06 02:15:58 15064 ----a-w- c:\winnt\system32\wuapi.dll.mui
2010-07-06 02:06:44 0 d-----w- c:\winnt\system32\CertSrv
2010-07-06 02:06:44 0 d-----w- c:\winnt\ServicePackFiles
2010-07-06 02:06:11 30749 ----a-w- c:\winnt\system32\vbajet32.dll
2010-07-06 02:06:10 24848 ----a-w- c:\winnt\system32\spdwnw2k.exe
2010-07-06 02:06:10 21776 ------w- c:\winnt\system32\spupdw2k.exe
2010-07-06 02:04:19 618889 ----a-w- c:\winnt\system32\instcat.sql
2010-07-06 02:04:16 6416 ------w- c:\winnt\system32\hccoin.dll
2010-07-06 02:04:15 77584 ------w- c:\winnt\system32\gpresult.exe
2010-07-06 02:04:12 380957 ----a-w- c:\winnt\system32\expsrv.dll
2010-07-06 02:04:02 90384 ----a-w- c:\winnt\system32\CRYPTDLG.DLL
2010-07-04 03:32:56 16384 ----a-w- c:\winnt\system32\Perflib_Perfdata_150.dat

==================== Find3M ====================

2010-06-11 08:56:50 16384 ----a-w- c:\winnt\system32\Perflib_Perfdata_14c.dat
2010-05-12 02:05:08 16384 ----a-w- c:\winnt\system32\Perflib_Perfdata_530.dat
2010-04-20 02:04:14 16384 ----a-w- c:\winnt\system32\Perflib_Perfdata_3c0.dat
2006-02-05 18:12:14 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-02-02 00:49:00 0 ----a-w- c:\program files\SysUtility.dat
2005-12-19 02:15:38 0 ---ha-w- c:\program files\hpothb07.tif
2005-12-19 02:15:38 0 ---ha-w- c:\program files\hpothb07.dat
2005-11-16 00:19:32 271 ---h--w- c:\program files\desktop.ini
2005-11-16 00:19:32 21952 ---h--w- c:\program files\folder.htt
2003-07-03 21:36:24 32528 ----a-w- c:\winnt\inf\wbfirdma.sys

============= FINISH: 7:17:39.23 ===============


Also, I tried to run the MBR in safe mode. Didn't work. I couldn't even get the computer to start up in safe mode. Each time I tried it kept bringing up an application error box that said The application failed to initialize properly (0xc0000005). Then it would shut itself down and restart again. Also form what I have read online about this problem it is a problem with the registry? I have a porgram called "system mechanic" installed on this pc. That program contains a program that "fixes" the registry. Would it be a good idea to run that program? I have no idea about that, thats why I was asking you. Your the boss! I will do what ever you think is best. Thanks agian for all your help so far.

Edited by Barkat, 11 July 2010 - 11:41 AM.

  • 0

#12
myrti
Posted 14 July 2010 - 01:10 PM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

we are reaching the limit of the doable here, since windows 2000 is already very old. In addition, Microsoft has stopped all support for W2K, meaning that you will no longer get updates even if there are critical vulnerabilities.

I will propose a step to you, that may fix the issue. Let me know if you want to do it or not.

I suspect that you have an infection which has its roots in your MBR. The MBR is the very first thing that is loaded from your hard drive and which goes on to decide which operating system should be booted. It is fairly advanced and also a pretty new type of infection (The first infections of these kinds surfaced in 2007) which means that most of the tools that can identify or remove the infection are not compatible with windows 2000.

There is a pretty simple way to overwrite the MBR from within windows and thereby deleting the infection, however a) I have not been able to make sure the infection is actually in your MBR and b) the procedure has it's risks.
As of right now, the only way to determine whether you have been infected by the bootkit is to overwrite the MBR and see if you get your sound back.

So much for the issue.
The risks you are running are, at worst, a complete data loss, at best none. Hence I would definitely ask you to back up all important information before you do this.

More precisely what can go wrong is that while overwriting the MBR, the partition table is also accidentally overwritten. This is very rare and I've never seen it happen. However the risk exists.
A couple of far more frequent issue come from the fact, that we can only overwrite the MBR with the default Windows MBR, this means that if you had a specialised MBR features may be lost.
This ranges from loosing access to the recovery partition, especially on pre-installed Dell or Acer PCs, to no access to your partition, in case you had your partitions encrypted.
Finally if you have a multiboot environnement with non-microsoft operation systems, you may loose access to those, but this can be easily fixed. It is only a temporary constraint until the dedicated bootloader is reinstalled.

Windows will warn you when you try to overwrite a customized MBR, so you can't destroy it without knowing it. But basically if you have a self installed PC, with no encryption or multiple operating systems, you should be (pretty) safe.

To overwrite the MBR we will need your Windows CD. So if you're willing to proceed let me know if you have your windows 2000 CD. If you find the risk to high, just say no and I'll see what else we can try.

regards myrti

Edited by myrti, 14 July 2010 - 01:14 PM.

  • 0

#13
Barkat
Posted 14 July 2010 - 04:58 PM

Barkat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Well, I'm not sure what to do now as I have a new problem! I cant open links. It all started after I did the combofix yesterday for Tom. NOT saying that the combo fix did it, just that thats when it started. I got the email notice that you replied to this post. Clicked on the link to bring me here, and nothing. So I tried on some more random emails, nothing.
  • 0

#14
myrti
Posted 14 July 2010 - 05:10 PM

myrti

    Expert

  • Expert
  • 2,580 posts
Hi,

can you please provide a link to that other topic with tom.

regards myrti
  • 0

#15
Barkat
Posted 15 July 2010 - 04:28 PM

Barkat

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi, ummm about that link... When I first got the problem I posted it on another site, that I had used before. When I got no response from that site, I found this one. Which I must say I like better anyway. Tom was from the other site, and I didn't realize it until it was to late. So the advise to run combo fix was from the other site. When I got the email notice I just figured it was from here, since they weren't responding to me anyway.I know I messed up, I know that it makes it that much harder to fix one problem when there is two different people trying to fix it. Like I said I didn't realize it. And don't worry, I will pay more attention and not do anything they say to try.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP