Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan Infection

Started by YellowRubberDuck , Nov 08 2011 10:18 AM

  • Please log in to reply

#1
YellowRubberDuck
Posted 08 November 2011 - 10:18 AM

YellowRubberDuck

    Member

  • Member
  • PipPipPip
  • 109 posts
Hi. Had trojan infection. Every time I scan with antivirus, it prompts various type of trojan even after I chose to delete it. Please help! Thank you.

OTL logfile created on: 11/8/2011 11:06:11 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User.USER-146E9E34C8\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.48 Mb Total Physical Memory | 405.31 Mb Available Physical Memory | 39.91% Memory free
2.39 Gb Paging File | 1.80 Gb Available in Paging File | 75.35% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 38.61 Gb Free Space | 69.08% Space Free | Partition Type: NTFS
Drive D: | 93.14 Gb Total Space | 47.59 Gb Free Space | 51.09% Space Free | Partition Type: FAT32

Computer Name: USER-146E9E34C8 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/08 23:04:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User.USER-146E9E34C8\My Documents\Downloads\OTL.exe
PRC - [2011/10/29 19:15:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- D:\PF\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/10/03 22:21:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/09/16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/11/14 22:37:14 | 000,394,616 | ---- | M] (BitTorrent, Inc.) -- D:\PF\uTorrent\uTorrent.exe
PRC - [2009/05/26 22:57:08 | 000,411,108 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\billy.exe
PRC - [2009/05/26 22:54:10 | 000,549,400 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\oldmcdonald.exe
PRC - [2008/12/11 20:04:14 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2008/09/13 00:45:48 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/20 15:35:40 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/09/20 15:35:10 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007/07/11 15:57:42 | 000,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- D:\PF\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2007/06/13 08:16:02 | 000,528,384 | R--- | M] () -- D:\PF\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2007/03/16 03:23:20 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2003/01/13 13:30:22 | 000,929,861 | ---- | M] () -- C:\Program Files\ADSL\ADSL USB MODEM\DSLMON.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/29 18:58:56 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/03 22:21:36 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/09/16 02:05:58 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008/09/13 00:45:48 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2007/06/13 08:16:02 | 000,528,384 | R--- | M] () -- D:\PF\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
MOD - [2007/05/23 08:23:34 | 004,591,616 | R--- | M] () -- D:\PF\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll
MOD - [2007/05/22 16:09:18 | 000,023,552 | R--- | M] () -- D:\PF\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll
MOD - [2006/03/09 18:45:36 | 000,081,920 | R--- | M] () -- C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll
MOD - [2003/01/13 13:30:22 | 000,929,861 | ---- | M] () -- C:\Program Files\ADSL\ADSL USB MODEM\DSLMON.exe
MOD - [2002/09/27 15:05:56 | 000,069,632 | ---- | M] () -- C:\Program Files\ADSL\ADSL USB MODEM\languages\English.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/29 19:15:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- D:\PF\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/08/01 00:59:04 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/12/11 20:04:14 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)


========== Driver Services (SafeList) ==========

DRV - [2011/10/29 19:14:46 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\PF\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/22 18:16:18 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- D:\PF\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/03/24 18:59:19 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/12/11 20:04:15 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2008/10/29 07:46:02 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/02/14 17:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/03 22:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/06/19 09:51:20 | 000,107,304 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdm.sys -- (s816mdm)
DRV - [2007/06/19 09:51:18 | 000,099,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM)
DRV - [2007/06/19 09:51:18 | 000,097,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM)
DRV - [2007/06/19 09:51:18 | 000,097,320 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816obex.sys -- (s816obex)
DRV - [2007/06/19 09:51:18 | 000,021,928 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS)
DRV - [2007/06/19 09:51:18 | 000,013,864 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdfl.sys -- (s816mdfl)
DRV - [2007/06/19 09:51:16 | 000,081,832 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM)
DRV - [2007/04/23 15:54:50 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 15:54:50 | 000,098,568 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 15:54:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 15:54:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 15:54:46 | 000,083,208 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2003/05/22 15:21:46 | 000,127,561 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2003/03/25 19:02:12 | 000,046,455 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/iat/us_my.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 18 BF 84 F0 E2 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/03 22:21:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/30 00:14:14 | 000,000,000 | ---D | M]

[2008/11/05 22:52:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\Mozilla\Extensions
[2011/11/06 22:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\Mozilla\Firefox\Profiles\utrmluts.default\extensions
[2010/04/30 19:52:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\Mozilla\Firefox\Profiles\utrmluts.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/23 22:25:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/08 19:08:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/10 21:49:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/05 22:19:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/03/24 23:41:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/22 21:50:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/23 22:25:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER.USER-146E9E34C8\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UTRMLUTS.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2008/11/02 02:46:51 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/03 22:21:37 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/12/21 21:56:38 | 001,140,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPFxViewer.dll
[2011/10/03 22:21:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2001/08/23 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\PF\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] D:\PF\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk = C:\Program Files\ADSL\ADSL USB MODEM\DSLMON.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: internet ([]about in Internet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73706D3E-1618-469F-BB24-2D6FA28228A1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (D:\PF\SUPERAntiSpyware\SASWINLO.dll) - D:\PF\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\User.USER-146E9E34C8\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User.USER-146E9E34C8\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\PF\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 17:58:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/06 20:34:17 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/05/06 20:34:18 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 21:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
[2011/11/04 22:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2011/11/04 22:10:45 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2011/11/04 22:10:45 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2011/11/04 22:10:44 | 000,630,784 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2011/11/04 20:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\Avira
[2011/11/04 20:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/11/04 20:49:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/11/04 20:49:29 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/11/04 20:49:29 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/11/04 20:49:29 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/11/04 20:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/11/04 20:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/11/04 20:47:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User.USER-146E9E34C8\Recent
[2011/11/04 20:43:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2011/10/29 22:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/27 23:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2011/10/27 23:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\NCH Software
[2011/10/27 23:54:27 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

========== Files - Modified Within 30 Days ==========

[2011/11/08 22:56:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/11/08 22:54:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/08 22:54:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/08 00:44:58 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/08 00:44:28 | 000,084,992 | ---- | M] () -- C:\Documents and Settings\User.USER-146E9E34C8\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/07 22:15:20 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\expressripShakeIcon.job
[2011/11/07 22:00:06 | 000,000,385 | ---- | M] () -- C:\WINDOWS\NJCOM.INI
[2011/11/07 21:40:28 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\expressripSevenDays.job
[2011/11/07 21:40:25 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Express Rip.lnk
[2011/11/04 22:10:51 | 000,000,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2011/11/04 20:49:48 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 22:56:43 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/28 16:00:00 | 000,074,752 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/10/22 22:02:25 | 000,260,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/18 00:41:09 | 000,433,108 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/18 00:41:09 | 000,067,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/11/07 22:15:20 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\expressripShakeIcon.job
[2011/11/07 21:40:28 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\expressripSevenDays.job
[2011/11/07 21:40:25 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Express Rip.lnk
[2011/11/07 21:40:25 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Express Rip.lnk
[2011/11/04 22:10:51 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2011/11/04 22:10:45 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2011/11/04 22:10:44 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/11/04 22:10:44 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/11/04 22:10:43 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/11/04 20:49:48 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 22:56:43 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/04/15 22:14:52 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2010/04/15 22:11:07 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2010/03/27 00:22:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/12 20:43:57 | 000,000,105 | ---- | C] () -- C:\WINDOWS\mapiuid.ini
[2009/11/29 21:47:57 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/09/07 22:12:55 | 000,164,641 | ---- | C] () -- C:\WINDOWS\hphins25.dat
[2009/09/07 22:12:55 | 000,000,795 | ---- | C] () -- C:\WINDOWS\hphmdl25.dat
[2009/06/08 18:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dsltest.INI
[2008/12/21 21:56:43 | 000,000,063 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ts_infos.ini
[2008/11/26 22:36:56 | 000,000,022 | ---- | C] () -- C:\WINDOWS\memory.ini
[2008/11/09 22:55:24 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/09 01:17:07 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/11/09 00:58:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/11/07 23:45:56 | 000,000,110 | ---- | C] () -- C:\WINDOWS\OrdPus.ini
[2008/11/07 21:59:37 | 000,001,024 | ---- | C] () -- C:\WINDOWS\jericho_game_ra.dat
[2008/11/07 19:23:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/05 23:43:15 | 000,000,385 | ---- | C] () -- C:\WINDOWS\NJCOM.INI
[2008/11/05 22:52:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/05 22:21:59 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/11/05 22:21:36 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/11/04 00:03:20 | 000,084,992 | ---- | C] () -- C:\Documents and Settings\User.USER-146E9E34C8\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/29 19:00:00 | 000,000,245 | ---- | C] () -- C:\WINDOWS\kk.ini
[2008/10/29 08:48:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/29 08:45:25 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/29 08:01:43 | 000,000,053 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/10/29 07:54:51 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2008/10/29 07:54:43 | 000,127,456 | ---- | C] () -- C:\WINDOWS\System32\IPDETECT.EXE
[2008/10/29 07:54:43 | 000,002,141 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2008/10/29 07:54:42 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\ADADIX16.DLL
[2008/10/29 07:54:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\autoclk.exe
[2008/10/29 07:54:40 | 000,022,395 | ---- | C] () -- C:\WINDOWS\System32\drivers\fpga.bin
[2008/10/29 07:44:47 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/10/29 01:03:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/29 00:58:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/08/07 14:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2001/08/23 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 20:00:00 | 000,433,108 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 20:00:00 | 000,067,938 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 20:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/07/27 01:13:02 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1998/04/27 23:23:00 | 006,150,961 | ---- | C] () -- C:\WINDOWS\System32\jre116.exe
[1994/07/26 00:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 23:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini

========== LOP Check ==========

[2009/08/01 00:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/03/24 21:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2009/03/24 19:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/04/15 22:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008/11/04 19:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2008/11/05 22:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2011/11/07 21:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/11/16 21:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2011/10/29 22:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/08 00:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\AnvSoft
[2009/08/01 00:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\Autodesk
[2010/08/10 21:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\CheckPoint
[2009/03/24 19:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\DAEMON Tools
[2011/10/29 22:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\DAEMON Tools Lite
[2009/03/24 19:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\DAEMON Tools Pro
[2011/11/07 23:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\Free Download Manager
[2009/01/01 23:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\NCH Swift Sound
[2008/11/20 21:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\Teleca
[2011/11/08 23:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\uTorrent
[2011/11/07 21:40:28 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\expressripSevenDays.job
[2011/11/07 22:15:20 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\expressripShakeIcon.job
[2011/11/08 22:56:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/03/26 20:25:21 | 000,000,485 | ---- | M] ()(C:\Documents and Settings\User.USER-146E9E34C8\Desktop\????.lnk) -- C:\Documents and Settings\User.USER-146E9E34C8\Desktop\三國志Ⅹ.lnk
[2009/03/26 20:25:21 | 000,000,485 | ---- | C] ()(C:\Documents and Settings\User.USER-146E9E34C8\Desktop\????.lnk) -- C:\Documents and Settings\User.USER-146E9E34C8\Desktop\三國志Ⅹ.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

Advertisements

#2
Blottedisk
Posted 17 November 2011 - 07:52 PM

Blottedisk

    Trusted Helper

  • Malware Removal
  • 124 posts
Hi YellowRubberDuck,

Sorry for the delayed reply. It seems like the forums have a lot of activity at the moment :)

Appart from the antivirus programs detecting trojans, are you experiencing any outstanding infection symptoms (like slowness, browser redirections, etc.)?

I'm gonna ask you for a new fresh OTL log. A lot of things could have changed in your PC since the 9th of November, and I need to work with current information. After the OTL log, please follow these instructions to run a scan with GMER and paste the log:

----------------------------------------------------------------------------------------------------------------------------------------

Please download GMER from one of the following locations and save it to your desktop:

Main Mirror - This version will download a randomly named file (Recommended)
Zipped Mirror - This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

--------------------------------------------------------------------

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.

Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

Posted Image

  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Make sure all options are checked except:
  • IAT/EAT
  • Drives/Partition other than Systemdrive, which is typically C:\
  • Show All (This is important, so do not miss it.)

Posted Image
Click the image to enlarge it

  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
  • 0

#3
YellowRubberDuck
Posted 22 November 2011 - 10:09 AM

YellowRubberDuck

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Slowness, yes, plus frequent "freeze" when I'm using the computer, like when I'm typing, it suddenly freezes for like 10-15 seconds before it's ok again. The virus are mostly like this, A(random number).exe, keeps on resurfacing even though I deleted it.

Here's the logs.

OTL logfile created on: 11/20/2011 11:33:03 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\User.USER-146E9E34C8\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.48 Mb Total Physical Memory | 415.25 Mb Available Physical Memory | 40.89% Memory free
2.39 Gb Paging File | 1.81 Gb Available in Paging File | 75.98% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 34.24 Gb Free Space | 61.27% Space Free | Partition Type: NTFS
Drive D: | 93.14 Gb Total Space | 47.59 Gb Free Space | 51.10% Space Free | Partition Type: FAT32

Computer Name: USER-146E9E34C8 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/11 22:13:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/08 23:04:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User.USER-146E9E34C8\Desktop\OTL.exe
PRC - [2011/10/29 19:15:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- D:\PF\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/09/16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/11/14 22:37:14 | 000,394,616 | ---- | M] (BitTorrent, Inc.) -- D:\PF\uTorrent\uTorrent.exe
PRC - [2009/05/26 22:57:08 | 000,411,108 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\billy.exe
PRC - [2009/05/26 22:54:10 | 000,549,400 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\oldmcdonald.exe
PRC - [2008/12/11 20:04:14 | 000,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2008/09/13 00:45:48 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/20 15:35:40 | 001,410,344 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007/09/20 15:35:10 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
PRC - [2007/07/11 15:57:42 | 000,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- D:\PF\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2007/06/13 08:16:02 | 000,528,384 | R--- | M] () -- D:\PF\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2007/03/16 03:23:20 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2003/01/13 13:30:22 | 000,929,861 | ---- | M] () -- C:\Program Files\ADSL\ADSL USB MODEM\DSLMON.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/11 23:52:57 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/11 22:12:59 | 001,989,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/10/28 16:00:00 | 003,578,880 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2011/09/16 02:05:58 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/02/06 02:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/09/13 00:45:48 | 000,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
MOD - [2008/04/14 08:12:03 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/14 08:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 08:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/06/13 08:16:02 | 000,528,384 | R--- | M] () -- D:\PF\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
MOD - [2007/05/23 08:23:34 | 004,591,616 | R--- | M] () -- D:\PF\Sony Ericsson\Mobile2\Application Launcher\Application LauncherBmp.dll
MOD - [2007/05/22 16:09:18 | 000,023,552 | R--- | M] () -- D:\PF\Sony Ericsson\Mobile2\Application Launcher\Application LauncherLg.dll
MOD - [2006/03/09 18:45:36 | 000,081,920 | R--- | M] () -- C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll
MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2003/01/13 13:30:22 | 000,929,861 | ---- | M] () -- C:\Program Files\ADSL\ADSL USB MODEM\DSLMON.exe
MOD - [2002/09/27 15:05:56 | 000,069,632 | ---- | M] () -- C:\Program Files\ADSL\ADSL USB MODEM\languages\English.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/29 19:15:26 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- D:\PF\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/08/01 00:59:04 | 000,077,944 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/12/11 20:04:14 | 000,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)


========== Driver Services (SafeList) ==========

DRV - [2011/10/29 19:14:46 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\PF\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/02/22 18:16:18 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- D:\PF\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/03/24 18:59:19 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/12/11 20:04:15 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2008/10/29 07:46:02 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008/02/14 17:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/03 22:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/06/19 09:51:20 | 000,107,304 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdm.sys -- (s816mdm)
DRV - [2007/06/19 09:51:18 | 000,099,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mgmt.sys -- (s816mgmt) Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM)
DRV - [2007/06/19 09:51:18 | 000,097,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816unic.sys -- (s816unic) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM)
DRV - [2007/06/19 09:51:18 | 000,097,320 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816obex.sys -- (s816obex)
DRV - [2007/06/19 09:51:18 | 000,021,928 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816nd5.sys -- (s816nd5) Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS)
DRV - [2007/06/19 09:51:18 | 000,013,864 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816mdfl.sys -- (s816mdfl)
DRV - [2007/06/19 09:51:16 | 000,081,832 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM)
DRV - [2007/04/23 15:54:50 | 000,100,488 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/23 15:54:50 | 000,098,568 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115obex.sys -- (s115obex)
DRV - [2007/04/23 15:54:48 | 000,108,680 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007/04/23 15:54:48 | 000,015,112 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007/04/23 15:54:46 | 000,083,208 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2003/05/22 15:21:46 | 000,127,561 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2003/03/25 19:02:12 | 000,046,455 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://malaysia.msn.com/iat/us_my.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 18 BF 84 F0 E2 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 22:13:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/30 00:14:14 | 000,000,000 | ---D | M]

[2008/11/05 22:52:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\Mozilla\Extensions
[2011/11/06 22:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\Mozilla\Firefox\Profiles\utrmluts.default\extensions
[2010/04/30 19:52:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\Mozilla\Firefox\Profiles\utrmluts.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/11 23:49:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/23 22:25:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\USER.USER-146E9E34C8\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\UTRMLUTS.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2011/11/11 22:13:03 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2008/12/21 21:56:38 | 001,140,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPFxViewer.dll
[2011/11/11 22:12:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/11 22:12:54 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2001/08/23 20:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\PF\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_1.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] D:\PF\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk = C:\Program Files\ADSL\ADSL USB MODEM\DSLMON.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: internet ([]about in Internet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{73706D3E-1618-469F-BB24-2D6FA28228A1}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (D:\PF\SUPERAntiSpyware\SASWINLO.dll) - D:\PF\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\User.USER-146E9E34C8\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User.USER-146E9E34C8\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\PF\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 17:58:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/06 20:34:17 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/05/06 20:34:18 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/11 23:53:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User.USER-146E9E34C8\Recent
[2011/11/08 23:04:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User.USER-146E9E34C8\Desktop\OTL.exe
[2011/11/07 21:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
[2011/11/04 22:10:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2011/11/04 22:10:45 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2011/11/04 22:10:45 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2011/11/04 22:10:44 | 000,630,784 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2011/11/04 20:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\Avira
[2011/11/04 20:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/11/04 20:49:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/11/04 20:49:29 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/11/04 20:49:29 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/11/04 20:49:29 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/11/04 20:49:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/11/04 20:49:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/11/04 20:43:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2011/10/29 22:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/27 23:59:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2011/10/27 23:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\NCH Software
[2011/10/27 23:54:27 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

========== Files - Modified Within 30 Days ==========

[2011/11/20 23:30:26 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\User.USER-146E9E34C8\Desktop\in13h780.exe
[2011/11/20 23:27:46 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/20 23:27:45 | 000,097,280 | ---- | M] () -- C:\Documents and Settings\User.USER-146E9E34C8\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/19 23:08:33 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/11/19 23:07:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/19 23:07:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/10 22:15:01 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\expressripShakeIcon.job
[2011/11/08 23:04:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User.USER-146E9E34C8\Desktop\OTL.exe
[2011/11/07 22:00:06 | 000,000,385 | ---- | M] () -- C:\WINDOWS\NJCOM.INI
[2011/11/07 21:40:28 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\expressripSevenDays.job
[2011/11/07 21:40:25 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Express Rip.lnk
[2011/11/04 22:10:51 | 000,000,926 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2011/11/04 20:49:48 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 22:56:43 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/28 16:00:00 | 000,074,752 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/10/22 22:02:25 | 000,260,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/11/20 23:30:20 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\User.USER-146E9E34C8\Desktop\in13h780.exe
[2011/11/07 22:15:20 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\expressripShakeIcon.job
[2011/11/07 21:40:28 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\expressripSevenDays.job
[2011/11/07 21:40:25 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Express Rip.lnk
[2011/11/07 21:40:25 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Express Rip.lnk
[2011/11/04 22:10:51 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
[2011/11/04 22:10:45 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2011/11/04 22:10:44 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/11/04 22:10:44 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/11/04 22:10:43 | 000,074,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/11/04 20:49:48 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 22:56:43 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/04/15 22:14:52 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2010/04/15 22:11:07 | 000,081,984 | ---- | C] () -- C:\WINDOWS\System32\bdod.bin
[2010/03/27 00:22:12 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/12 20:43:57 | 000,000,105 | ---- | C] () -- C:\WINDOWS\mapiuid.ini
[2009/11/29 21:47:57 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/09/07 22:12:55 | 000,164,641 | ---- | C] () -- C:\WINDOWS\hphins25.dat
[2009/09/07 22:12:55 | 000,000,795 | ---- | C] () -- C:\WINDOWS\hphmdl25.dat
[2009/06/08 18:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dsltest.INI
[2008/12/21 21:56:43 | 000,000,063 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ts_infos.ini
[2008/11/26 22:36:56 | 000,000,022 | ---- | C] () -- C:\WINDOWS\memory.ini
[2008/11/09 22:55:24 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/09 01:17:07 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/11/09 00:58:30 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/11/07 23:45:56 | 000,000,110 | ---- | C] () -- C:\WINDOWS\OrdPus.ini
[2008/11/07 21:59:37 | 000,001,024 | ---- | C] () -- C:\WINDOWS\jericho_game_ra.dat
[2008/11/07 19:23:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/05 23:43:15 | 000,000,385 | ---- | C] () -- C:\WINDOWS\NJCOM.INI
[2008/11/05 22:52:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/05 22:21:59 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/11/05 22:21:36 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/11/04 00:03:20 | 000,097,280 | ---- | C] () -- C:\Documents and Settings\User.USER-146E9E34C8\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/29 19:00:00 | 000,000,245 | ---- | C] () -- C:\WINDOWS\kk.ini
[2008/10/29 08:48:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/29 08:45:25 | 000,260,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/29 08:01:43 | 000,000,053 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/10/29 07:54:51 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2008/10/29 07:54:43 | 000,127,456 | ---- | C] () -- C:\WINDOWS\System32\IPDETECT.EXE
[2008/10/29 07:54:43 | 000,002,141 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2008/10/29 07:54:42 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\ADADIX16.DLL
[2008/10/29 07:54:40 | 000,147,456 | ---- | C] () -- C:\WINDOWS\autoclk.exe
[2008/10/29 07:54:40 | 000,022,395 | ---- | C] () -- C:\WINDOWS\System32\drivers\fpga.bin
[2008/10/29 07:44:47 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/10/29 01:03:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/29 00:58:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 01:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/08/07 14:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2001/08/23 20:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 20:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 20:00:00 | 000,433,108 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 20:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 20:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 20:00:00 | 000,067,938 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 20:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 20:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 20:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 20:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/07/27 01:13:02 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[1998/04/27 23:23:00 | 006,150,961 | ---- | C] () -- C:\WINDOWS\System32\jre116.exe
[1994/07/26 00:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 23:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini

========== LOP Check ==========

[2009/08/01 00:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/03/24 21:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2009/03/24 19:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/04/15 22:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2008/11/04 19:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2008/11/05 22:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2011/11/07 21:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/11/16 21:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2011/10/29 22:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/08 00:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\AnvSoft
[2009/08/01 00:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\Autodesk
[2010/08/10 21:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\CheckPoint
[2009/03/24 19:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\DAEMON Tools
[2011/10/29 22:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\DAEMON Tools Lite
[2009/03/24 19:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\DAEMON Tools Pro
[2011/11/09 01:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\Free Download Manager
[2009/01/01 23:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\NCH Swift Sound
[2008/11/20 21:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\Teleca
[2011/11/20 23:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User.USER-146E9E34C8\Application Data\uTorrent
[2011/11/07 21:40:28 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\expressripSevenDays.job
[2011/11/10 22:15:01 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\expressripShakeIcon.job
[2011/11/19 23:08:33 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/03/26 20:25:21 | 000,000,485 | ---- | M] ()(C:\Documents and Settings\User.USER-146E9E34C8\Desktop\????.lnk) -- C:\Documents and Settings\User.USER-146E9E34C8\Desktop\三國志Ⅹ.lnk
[2009/03/26 20:25:21 | 000,000,485 | ---- | C] ()(C:\Documents and Settings\User.USER-146E9E34C8\Desktop\????.lnk) -- C:\Documents and Settings\User.USER-146E9E34C8\Desktop\三國志Ⅹ.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-23 00:00:40
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 MAXTOR_STM3160215AS rev.4.AAB
Running: in13h780.exe; Driver: C:\DOCUME~1\USER~2.USE\LOCALS~1\Temp\pggdqkoc.sys


---- System - GMER 1.0.15 ----

SSDT F7CE7DFC ZwClose
SSDT F7CE7DB6 ZwCreateKey
SSDT F7CE7E06 ZwCreateSection
SSDT F7CE7DAC ZwCreateThread
SSDT F7CE7DBB ZwDeleteKey
SSDT F7CE7DC5 ZwDeleteValueKey
SSDT F7CE7DF7 ZwDuplicateObject
SSDT F7CE7DCA ZwLoadKey
SSDT F7CE7D98 ZwOpenProcess
SSDT F7CE7D9D ZwOpenThread
SSDT F7CE7E1F ZwQueryValueKey
SSDT F7CE7DD4 ZwReplaceKey
SSDT F7CE7E10 ZwRequestWaitReplyPort
SSDT F7CE7DCF ZwRestoreKey
SSDT F7CE7E0B ZwSetContextThread
SSDT F7CE7E15 ZwSetSecurityObject
SSDT F7CE7DC0 ZwSetValueKey
SSDT F7CE7E1A ZwSystemDebugControl
SSDT F7CE7DA7 ZwTerminateProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC9 0x5D 0x2B 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB1 0xE7 0xA5 0xDB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2D 0xD7 0xC8 0x6F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xCB 0x16 0x75 0xD1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC9 0x5D 0x2B 0x08 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB1 0xE7 0xA5 0xDB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2D 0xD7 0xC8 0x6F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xCB 0x16 0x75 0xD1 ...

---- EOF - GMER 1.0.15 ----
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP