Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hotlean.com redirect from google search page [Solved]


  • This topic is locked This topic is locked

#61
megadez

megadez

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-19 09:57:39
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT 8A2EA4B0 ZwAlertResumeThread
SSDT 8A2EED50 ZwAlertThread
SSDT 8A28F0E8 ZwAllocateVirtualMemory
SSDT 8A2BDCB8 ZwConnectPort
SSDT spqa.sys ZwCreateKey [0xBA6A80E0]
SSDT 8A2C7EE8 ZwCreateMutant
SSDT 8A2F7850 ZwCreateThread
SSDT spqa.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spqa.sys ZwEnumerateValueKey [0xBA6C7030]
SSDT 8A0FCEE8 ZwFreeVirtualMemory
SSDT 8A2DFFD0 ZwImpersonateAnonymousToken
SSDT 8A2E40B0 ZwImpersonateThread
SSDT 8A2F93E8 ZwMapViewOfSection
SSDT 8A2DF570 ZwOpenEvent
SSDT spqa.sys ZwOpenKey [0xBA6A80C0]
SSDT 8A2EFE80 ZwOpenProcessToken
SSDT 89F5CA78 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xBAAED6A0]
SSDT spqa.sys ZwQueryKey [0xBA6C7108]
SSDT spqa.sys ZwQueryValueKey [0xBA6C6F88]
SSDT 8A2F4C00 ZwResumeThread
SSDT 8A2EF490 ZwSetContextThread
SSDT 89F5AA78 ZwSetInformationProcess
SSDT 8A29B2A8 ZwSetInformationThread
SSDT spqa.sys ZwSetValueKey [0xBA6C719A]
SSDT 8A2DDA90 ZwSuspendProcess
SSDT 8A2EEE28 ZwSuspendThread
SSDT 8A2F2DF0 ZwTerminateProcess
SSDT 8A2EF3B8 ZwTerminateThread
SSDT 8A2EF568 ZwUnmapViewOfSection
SSDT 89F98A78 ZwWriteVirtualMemory

INT 0x62 ? 8A5DBBF8
INT 0x63 ? 8A648BF8
INT 0x73 ? 8A648BF8
INT 0x73 ? 8A648BF8
INT 0x83 ? 8A648BF8

---- Kernel code sections - GMER 1.0.14 ----

? spqa.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B9E0C8AC 5 Bytes JMP 8A6481D8
.text a5i2oe1d.SYS B9A1C386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]
.text a5i2oe1d.SYS B9A1C3AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text a5i2oe1d.SYS B9A1C3C4 3 Bytes [ 00, 70, 02 ]
.text a5i2oe1d.SYS B9A1C3C9 1 Byte [ 2E ]
.text a5i2oe1d.SYS B9A1C3CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ]
.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\Explorer.EXE[2016] Explorer.EXE 01001985 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\Explorer.EXE[2016] Explorer.EXE 0100198B 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\Explorer.EXE[2016] Explorer.EXE 01001993 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\Explorer.EXE[2016] Explorer.EXE 01001997 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\Explorer.EXE[2016] Explorer.EXE 010019AB 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\SearchIndexer.exe[3428] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4808] WS2_32.dll!send 71AB4C27 5 Bytes JMP 016054C8 C:\WINDOWS\system32\hhctrl32.dll

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spqa.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spqa.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spqa.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spqa.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spqa.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B9048] spqa.sys
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!KfRaiseIrql] 8B000000
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!KfLowerIrql] 56C35DE5
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D92EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D92C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D92C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D92C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00392EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00392C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00392C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00392C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B02EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B02C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B02C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B02C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[1280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00512EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[1280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00512C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[1280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00512C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[1280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00512C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[1548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00382EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[1548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00382C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[1548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00382C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[1548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00382C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02732EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02732C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02732C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02732C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BF2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BF2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BF2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BF2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F52EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F52C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F52C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F52C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Talk\googletalk.exe[2508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01012EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Talk\googletalk.exe[2508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01012C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Talk\googletalk.exe[2508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01012C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Talk\googletalk.exe[2508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01012C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PoivY.com\PoivY\PoivY.exe[2512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [016A2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PoivY.com\PoivY\PoivY.exe[2512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [016A2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PoivY.com\PoivY\PoivY.exe[2512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [016A2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PoivY.com\PoivY\PoivY.exe[2512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [016A2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E62EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E62C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E62C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E62C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00DC2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00DC2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00DC2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00DC2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02252EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02252C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02252C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02252C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Yuriy Horokhivskyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[3076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00392EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Yuriy Horokhivskyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[3076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00392C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Yuriy Horokhivskyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[3076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00392C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Yuriy Horokhivskyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[3076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00392C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A82EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A82C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A82C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A82C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\WLTRAY.exe[3680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\WLTRAY.exe[3680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\WLTRAY.exe[3680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\WLTRAY.exe[3680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE[3712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE[3712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE[3712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE[3712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ABBYY Lingvo x3\LvAgent.exe[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A92EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ABBYY Lingvo x3\LvAgent.exe[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A92C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ABBYY Lingvo x3\LvAgent.exe[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A92C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ABBYY Lingvo x3\LvAgent.exe[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A92C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe[3848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A92EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe[3848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A92C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe[3848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A92C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe[3848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A92C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Yuriy Horokhivskyy\Desktop\gmer.exe[4208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Yuriy Horokhivskyy\Desktop\gmer.exe[4208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Yuriy Horokhivskyy\Desktop\gmer.exe[4208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Yuriy Horokhivskyy\Desktop\gmer.exe[4208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Raxco\PerfectDisk2008\PD91Scanner.exe[4600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Raxco\PerfectDisk2008\PD91Scanner.exe[4600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Raxco\PerfectDisk2008\PD91Scanner.exe[4600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Raxco\PerfectDisk2008\PD91Scanner.exe[4600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AE2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AE2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AE2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AE2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Desktop Search\WindowsSearch.exe[4888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00912EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Desktop Search\WindowsSearch.exe[4888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00912C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Desktop Search\WindowsSearch.exe[4888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00912C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Desktop Search\WindowsSearch.exe[4888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00912C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ABBYY Lingvo x3\Lingvo.exe[5052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [011B2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ABBYY Lingvo x3\Lingvo.exe[5052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [011B2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ABBYY Lingvo x3\Lingvo.exe[5052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [011B2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ABBYY Lingvo x3\Lingvo.exe[5052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [011B2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Raxco\PerfectDisk2008\PerfectDisk.exe[5220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01042EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Raxco\PerfectDisk2008\PerfectDisk.exe[5220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01042C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Raxco\PerfectDisk2008\PerfectDisk.exe[5220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01042C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Raxco\PerfectDisk2008\PerfectDisk.exe[5220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01042C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.14 ----

Device 8A6471F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device 8A2E3438
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 8A374500
Device \Driver\usbuhci \Device\USBPDO-1 8A374500
Device \Driver\usbehci \Device\USBPDO-2 8A373500
Device \Driver\usbuhci \Device\USBPDO-3 8A374500
Device \Driver\PCI_PNP0034 \Device\00000060 spqa.sys
Device \Driver\usbuhci \Device\USBPDO-4 8A374500

AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\USBSTOR \Device\000000a1 88F861F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D8BD3EF1-7B8B-482A-96B8-F7F13CD56028} 88E251F8
Device \Driver\USBSTOR \Device\000000a2 88F861F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6491F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6491F8
Device \Driver\Cdrom \Device\CdRom0 8A23A1F8
Device \Driver\USBSTOR \Device\000000b0 88F861F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9F917EED-07A2-43F2-B2EE-DDD93B0857B7} 88E251F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A6491F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 88E251F8
Device \Driver\NetBT \Device\NetbiosSmb 88E251F8
Device \Driver\sptd \Device\1990298784 spqa.sys

AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 8A374500
Device \Driver\USBSTOR \Device\000000ac
  • 0

Advertisements


#62
megadez

megadez

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
First attempt didn't paste the whole gmer log, disregards previous post!

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-19 10:02:38
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT 8A2EA4B0 ZwAlertResumeThread
SSDT 8A2EED50 ZwAlertThread
SSDT 8A28F0E8 ZwAllocateVirtualMemory
SSDT 8A2BDCB8 ZwConnectPort
SSDT spqa.sys ZwCreateKey [0xBA6A80E0]
SSDT 8A2C7EE8 ZwCreateMutant
SSDT 8A2F7850 ZwCreateThread
SSDT spqa.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spqa.sys ZwEnumerateValueKey [0xBA6C7030]
SSDT 8A0FCEE8 ZwFreeVirtualMemory
SSDT 8A2DFFD0 ZwImpersonateAnonymousToken
SSDT 8A2E40B0 ZwImpersonateThread
SSDT 8A2F93E8 ZwMapViewOfSection
SSDT 8A2DF570 ZwOpenEvent
SSDT spqa.sys ZwOpenKey [0xBA6A80C0]
SSDT 8A2EFE80 ZwOpenProcessToken
SSDT 89F5CA78 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xBAAED6A0]
SSDT spqa.sys ZwQueryKey [0xBA6C7108]
SSDT spqa.sys ZwQueryValueKey [0xBA6C6F88]
SSDT 8A2F4C00 ZwResumeThread
SSDT 8A2EF490 ZwSetContextThread
SSDT 89F5AA78 ZwSetInformationProcess
SSDT 8A29B2A8 ZwSetInformationThread
SSDT spqa.sys ZwSetValueKey [0xBA6C719A]
SSDT 8A2DDA90 ZwSuspendProcess
SSDT 8A2EEE28 ZwSuspendThread
SSDT 8A2F2DF0 ZwTerminateProcess
SSDT 8A2EF3B8 ZwTerminateThread
SSDT 8A2EF568 ZwUnmapViewOfSection
SSDT 89F98A78 ZwWriteVirtualMemory

INT 0x62 ? 8A5DBBF8
INT 0x63 ? 8A648BF8
INT 0x73 ? 8A648BF8
INT 0x73 ? 8A648BF8
INT 0x83 ? 8A648BF8

---- Kernel code sections - GMER 1.0.14 ----

? spqa.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B9E0C8AC 5 Bytes JMP 8A6481D8
.text a5i2oe1d.SYS B9A1C386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]
.text a5i2oe1d.SYS B9A1C3AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text a5i2oe1d.SYS B9A1C3C4 3 Bytes [ 00, 70, 02 ]
.text a5i2oe1d.SYS B9A1C3C9 1 Byte [ 2E ]
.text a5i2oe1d.SYS B9A1C3CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ]
.text ...

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\Explorer.EXE[2016] Explorer.EXE 01001985 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\Explorer.EXE[2016] Explorer.EXE 0100198B 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\WINDOWS\Explorer.EXE[2016] Explorer.EXE 01001993 3 Bytes [ 00, 00, 00 ]
.text C:\WINDOWS\Explorer.EXE[2016] Explorer.EXE 01001997 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\WINDOWS\Explorer.EXE[2016] Explorer.EXE 010019AB 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\WINDOWS\system32\SearchIndexer.exe[3428] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[4808] WS2_32.dll!send 71AB4C27 5 Bytes JMP 016054C8 C:\WINDOWS\system32\hhctrl32.dll

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spqa.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spqa.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spqa.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spqa.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spqa.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B9048] spqa.sys
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!KfRaiseIrql] 8B000000
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!KfLowerIrql] 56C35DE5
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
IAT \SystemRoot\System32\Drivers\a5i2oe1d.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D92EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D92C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D92C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D92C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00392EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00392C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00392C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\hkcmd.exe[780] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00392C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B02EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B02C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B02C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1260] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B02C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[1280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00512EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[1280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00512C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[1280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00512C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[1280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00512C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[1548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00382EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[1548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00382C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[1548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00382C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\igfxpers.exe[1548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00382C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02732EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02732C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02732C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2016] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02732C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BF2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BF2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BF2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jusched.exe[2336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BF2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F52EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F52C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F52C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2460] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F52C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Talk\googletalk.exe[2508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01012EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Talk\googletalk.exe[2508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01012C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Talk\googletalk.exe[2508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01012C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\Google Talk\googletalk.exe[2508] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01012C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PoivY.com\PoivY\PoivY.exe[2512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [016A2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PoivY.com\PoivY\PoivY.exe[2512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [016A2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PoivY.com\PoivY\PoivY.exe[2512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [016A2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\PoivY.com\PoivY\PoivY.exe[2512] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [016A2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E62EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E62C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E62C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2548] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E62C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00DC2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00DC2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00DC2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00DC2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02252EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02252C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02252C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02252C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Yuriy Horokhivskyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[3076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00392EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Yuriy Horokhivskyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[3076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00392C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Yuriy Horokhivskyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[3076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00392C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Yuriy Horokhivskyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe[3076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00392C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A82EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A82C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A82C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3440] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A82C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\WLTRAY.exe[3680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\WLTRAY.exe[3680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\WLTRAY.exe[3680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\WLTRAY.exe[3680] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE[3712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE[3712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE[3712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE[3712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ABBYY Lingvo x3\LvAgent.exe[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A92EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ABBYY Lingvo x3\LvAgent.exe[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A92C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ABBYY Lingvo x3\LvAgent.exe[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A92C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ABBYY Lingvo x3\LvAgent.exe[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A92C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe[3848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A92EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe[3848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A92C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe[3848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A92C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe[3848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A92C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Yuriy Horokhivskyy\Desktop\gmer.exe[4208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Yuriy Horokhivskyy\Desktop\gmer.exe[4208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Yuriy Horokhivskyy\Desktop\gmer.exe[4208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Yuriy Horokhivskyy\Desktop\gmer.exe[4208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Raxco\PerfectDisk2008\PD91Scanner.exe[4600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Raxco\PerfectDisk2008\PD91Scanner.exe[4600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Raxco\PerfectDisk2008\PD91Scanner.exe[4600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Raxco\PerfectDisk2008\PD91Scanner.exe[4600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AE2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AE2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AE2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[4808] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AE2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Desktop Search\WindowsSearch.exe[4888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00912EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Desktop Search\WindowsSearch.exe[4888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00912C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Desktop Search\WindowsSearch.exe[4888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00912C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Desktop Search\WindowsSearch.exe[4888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00912C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ABBYY Lingvo x3\Lingvo.exe[5052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [011B2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ABBYY Lingvo x3\Lingvo.exe[5052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [011B2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ABBYY Lingvo x3\Lingvo.exe[5052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [011B2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ABBYY Lingvo x3\Lingvo.exe[5052] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [011B2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Raxco\PerfectDisk2008\PerfectDisk.exe[5220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01042EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Raxco\PerfectDisk2008\PerfectDisk.exe[5220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01042C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Raxco\PerfectDisk2008\PerfectDisk.exe[5220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01042C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Raxco\PerfectDisk2008\PerfectDisk.exe[5220] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01042C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.14 ----

Device 8A6471F8
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device 8A2E3438
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 8A374500
Device \Driver\usbuhci \Device\USBPDO-1 8A374500
Device \Driver\usbehci \Device\USBPDO-2 8A373500
Device \Driver\usbuhci \Device\USBPDO-3 8A374500
Device \Driver\PCI_PNP0034 \Device\00000060 spqa.sys
Device \Driver\usbuhci \Device\USBPDO-4 8A374500

AttachedDevice \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\USBSTOR \Device\000000a1 88F861F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D8BD3EF1-7B8B-482A-96B8-F7F13CD56028} 88E251F8
Device \Driver\USBSTOR \Device\000000a2 88F861F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6491F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6491F8
Device \Driver\Cdrom \Device\CdRom0 8A23A1F8
Device \Driver\USBSTOR \Device\000000b0 88F861F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{9F917EED-07A2-43F2-B2EE-DDD93B0857B7} 88E251F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A6491F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 88E251F8
Device \Driver\NetBT \Device\NetbiosSmb 88E251F8
Device \Driver\sptd \Device\1990298784 spqa.sys

AttachedDevice \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 8A374500
Device \Driver\USBSTOR \Device\000000ac
  • 0

#63
megadez

megadez

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
and a couple of more lines


Device \Driver\usbuhci \Device\USBFDO-0 8A374500
Device \Driver\USBSTOR \Device\000000ac 88F861F8
Device \Driver\usbuhci \Device\USBFDO-1 8A374500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A2E2310
Device \Driver\usbuhci \Device\USBFDO-2 8A374500
Device \Driver\USBSTOR \Device\000000ae 88F861F8
Device \Driver\usbuhci \Device\USBFDO-3 8A374500
Device \Driver\USBSTOR \Device\000000af 88F861F8
Device \Driver\usbehci \Device\USBFDO-4 8A373500
Device \Driver\Ftdisk \Device\FtControl 8A6491F8
Device \Driver\a5i2oe1d \Device\Scsi\a5i2oe1d1 8A2681F8

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A2FE358

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5D 0xAB 0xB5 0x52 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x2B 0x71 0x77 0x17 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0C 0xC5 0x13 0xE5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5D 0xAB 0xB5 0x52 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x2B 0x71 0x77 0x17 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x0C 0xC5 0x13 0xE5 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E30CE6B20AF6C7D4C9ECB13018A96B31\Usage@PerfectDisk 978555078

---- Files - GMER 1.0.14 ----

File C:\Documents and Settings\Yuriy Horokhivskyy\Local Settings\Temporary Internet Files\Content.IE5\RC1K8WV6\info_48[2] 6993 bytes
File C:\Documents and Settings\Yuriy Horokhivskyy\Local Settings\Temporary Internet Files\Content.IE5\RC1K8WV6\dnserrordiagoff_webOC[3] 6766 bytes
File C:\Documents and Settings\Yuriy Horokhivskyy\Local Settings\Temporary Internet Files\Content.IE5\RC1K8WV6\background_gradient[2] 453 bytes
File C:\Documents and Settings\Yuriy Horokhivskyy\Local Settings\Temporary Internet Files\Content.IE5\RC1K8WV6\ErrorPageTemplate[1] 2168 bytes

---- EOF - GMER 1.0.14 ----
  • 0

#64
megadez

megadez

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
last two post together constitute the whole gmer log

here is OGlsitit2

OTListIt logfile created on: 2/19/2009 10:33:12 AM - Run 3
OTListIt2 by OldTimer - Version 2.0.0.11 Folder = C:\Documents and Settings\Yuriy Horokhivskyy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.64% Memory free
3.84 Gb Paging File | 3.27 Gb Available in Paging File | 85.22% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 2.84 Gb Free Space | 7.28% Space Free | Partition Type: NTFS
Drive D: | 16.82 Gb Total Space | 2.03 Gb Free Space | 12.04% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 116.42 Gb Free Space | 49.99% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 3.84 Gb Total Space | 2.42 Gb Free Space | 63.01% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: STURDY
Current User Name: Yuriy Horokhivskyy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Custom Scans ==========


< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services >

< HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg >

< %systemroot%\Prefetch\*.* /s >
[2009/02/19 00:59:49 | 00,097,580 | ---- | M] () -- C:\WINDOWS\Prefetch\ACROBAT.EXE-1F795718.pf
[2009/02/19 10:21:03 | 00,079,870 | ---- | M] () -- C:\WINDOWS\Prefetch\ACROBATINFO.EXE-35EB20A4.pf
[2009/02/19 10:29:05 | 00,014,256 | ---- | M] () -- C:\WINDOWS\Prefetch\ACROBAT_SL.EXE-058EE1B0.pf
[2009/02/13 17:13:13 | 00,036,520 | ---- | M] () -- C:\WINDOWS\Prefetch\ADOBE_UPDATER.EXE-06B3E975.pf
[2009/02/19 10:29:07 | 00,016,446 | ---- | M] () -- C:\WINDOWS\Prefetch\ALG.EXE-0F138680.pf
[2009/02/09 12:53:55 | 00,017,996 | ---- | M] () -- C:\WINDOWS\Prefetch\BCMWLTRY.EXE-34CCE601.pf
[2009/02/18 22:47:57 | 00,042,732 | ---- | M] () -- C:\WINDOWS\Prefetch\CCAPP.EXE-1207B2A5.pf
[2009/02/11 23:15:16 | 00,040,786 | ---- | M] () -- C:\WINDOWS\Prefetch\CLEANMGR.EXE-1F86EA8E.pf
[2009/02/16 01:57:52 | 00,083,252 | ---- | M] () -- C:\WINDOWS\Prefetch\CLVIEW.EXE-1013077A.pf
[2009/02/16 22:02:18 | 00,013,860 | ---- | M] () -- C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
[2009/02/19 09:52:43 | 00,023,534 | ---- | M] () -- C:\WINDOWS\Prefetch\COH32.EXE-25F8395A.pf
[2009/02/12 20:17:51 | 00,063,658 | ---- | M] () -- C:\WINDOWS\Prefetch\COMBOFIX.EXE-0113D41B.pf
[2009/02/19 02:02:47 | 00,035,740 | ---- | M] () -- C:\WINDOWS\Prefetch\CRASHREPORTER.EXE-29951F6F.pf
[2009/02/19 10:29:05 | 00,016,126 | ---- | M] () -- C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf
[2009/02/18 21:17:25 | 00,065,900 | ---- | M] () -- C:\WINDOWS\Prefetch\CUE_SPLITTER.EXE-0305844C.pf
[2009/02/11 20:36:35 | 00,015,336 | ---- | M] () -- C:\WINDOWS\Prefetch\DISTCALC.EXE-36F28F93.pf
[2009/02/19 10:10:20 | 00,021,314 | ---- | M] () -- C:\WINDOWS\Prefetch\DOSCAN.EXE-08A9AE2C.pf
[2009/02/19 10:29:08 | 00,057,546 | ---- | M] () -- C:\WINDOWS\Prefetch\DOT1XCFG.EXE-087CDE23.pf
[2009/02/17 20:30:41 | 00,071,626 | ---- | M] () -- C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf
[2009/02/17 17:19:26 | 00,197,212 | ---- | M] () -- C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf
[2009/02/18 18:54:04 | 00,034,474 | ---- | M] () -- C:\WINDOWS\Prefetch\DWHWIZRD.EXE-0D8EC168.pf
[2009/02/17 17:19:44 | 00,068,714 | ---- | M] () -- C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf
[2009/02/12 20:35:14 | 00,095,906 | ---- | M] () -- C:\WINDOWS\Prefetch\ERUNT.CFEXE-039977DB.pf
[2009/02/18 20:52:17 | 00,072,012 | ---- | M] () -- C:\WINDOWS\Prefetch\EXCEL.EXE-34CB65E9.pf
[2009/02/19 10:10:20 | 00,099,630 | ---- | M] () -- C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf
[2009/02/09 22:32:22 | 00,066,148 | ---- | M] () -- C:\WINDOWS\Prefetch\EXPORTCONTROLLER.EXE-0303443A.pf
[2009/02/19 10:29:05 | 00,009,804 | ---- | M] () -- C:\WINDOWS\Prefetch\E_FATI9AA.EXE-298692A9.pf
[2009/02/19 10:30:08 | 00,078,916 | ---- | M] () -- C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf
[2009/02/19 01:00:32 | 00,055,154 | ---- | M] () -- C:\WINDOWS\Prefetch\FNPLICENSINGSERVICE.EXE-15CB8EAD.pf
[2009/02/19 10:13:28 | 00,042,410 | ---- | M] () -- C:\WINDOWS\Prefetch\FOOBAR2000.EXE-1007AE10.pf
[2009/02/19 10:29:05 | 00,036,494 | ---- | M] () -- C:\WINDOWS\Prefetch\GOOGLETALK.EXE-17DCCC56.pf
[2009/02/17 17:20:30 | 00,033,436 | ---- | M] () -- C:\WINDOWS\Prefetch\GOOGLETALKPLUGIN.EXE-3437F219.pf
[2009/02/19 10:29:05 | 00,024,254 | ---- | M] () -- C:\WINDOWS\Prefetch\GOOGLETOOLBARNOTIFIER.EXE-3629C61D.pf
[2009/02/11 01:16:10 | 00,054,032 | ---- | M] () -- C:\WINDOWS\Prefetch\GOOGLEUPDATE.EXE-0FAAA0E0.pf
[2009/02/19 10:29:05 | 00,031,864 | ---- | M] () -- C:\WINDOWS\Prefetch\GOOGLEUPDATE.EXE-21F10AD6.pf
[2009/02/18 16:17:11 | 00,015,676 | ---- | M] () -- C:\WINDOWS\Prefetch\GOOGLEUPDATERSERVICE.EXE-3AB369BE.pf
[2009/02/11 01:16:11 | 00,015,100 | ---- | M] () -- C:\WINDOWS\Prefetch\GOOGLEUPDATESETUP.EXE-31EB4BEC.pf
[2009/02/08 21:09:42 | 00,027,704 | ---- | M] () -- C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf
[2009/02/12 11:51:51 | 00,219,304 | ---- | M] () -- C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf
[2009/02/18 23:01:43 | 00,030,550 | ---- | M] () -- C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-34A0FC79.pf
[2009/02/19 10:29:05 | 00,014,606 | ---- | M] () -- C:\WINDOWS\Prefetch\HKCMD.EXE-1D05234B.pf
[2009/02/12 20:17:59 | 00,023,326 | ---- | M] () -- C:\WINDOWS\Prefetch\IEUDINIT.EXE-054FE003.pf
[2009/02/18 20:34:38 | 00,072,398 | ---- | M] () -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf
[2009/02/19 10:10:21 | 00,056,544 | ---- | M] () -- C:\WINDOWS\Prefetch\IFRMEWRK.EXE-0618C85D.pf
[2009/02/19 10:29:05 | 00,015,340 | ---- | M] () -- C:\WINDOWS\Prefetch\IGFXPERS.EXE-2C07C174.pf
[2009/02/19 10:29:05 | 00,016,108 | ---- | M] () -- C:\WINDOWS\Prefetch\IGFXSRVC.EXE-2FB63FE8.pf
[2009/02/19 10:29:05 | 00,017,084 | ---- | M] () -- C:\WINDOWS\Prefetch\IGFXTRAY.EXE-3391579A.pf
[2009/02/19 10:29:07 | 00,027,850 | ---- | M] () -- C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf
[2009/02/19 10:30:13 | 00,008,250 | ---- | M] () -- C:\WINDOWS\Prefetch\JQSNOTIFY.EXE-24AE4A36.pf
[2009/02/12 11:50:41 | 00,493,448 | ---- | M] () -- C:\WINDOWS\Prefetch\Layout.ini
[2009/02/19 01:11:27 | 00,064,442 | ---- | M] () -- C:\WINDOWS\Prefetch\LINGVO.EXE-10B78B33.pf
[2009/02/12 11:45:51 | 00,012,588 | ---- | M] () -- C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf
[2009/02/19 10:25:50 | 00,038,746 | ---- | M] () -- C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf
[2009/02/18 18:51:48 | 00,056,886 | ---- | M] () -- C:\WINDOWS\Prefetch\LUALL.EXE-30AC8E48.pf
[2009/02/18 18:51:47 | 00,096,144 | ---- | M] () -- C:\WINDOWS\Prefetch\LUCALLBACKPROXY.EXE-19ED7806.pf
[2009/02/18 18:51:49 | 00,041,750 | ---- | M] () -- C:\WINDOWS\Prefetch\LUCOMS~1.EXE-02DB5950.pf
[2009/02/19 10:10:21 | 00,014,054 | ---- | M] () -- C:\WINDOWS\Prefetch\LVAGENT.EXE-253C4C05.pf
[2009/02/19 10:10:21 | 00,014,900 | ---- | M] () -- C:\WINDOWS\Prefetch\MAXMENUMGRBASICS.EXE-2C30E4C1.pf
[2009/02/13 02:45:03 | 00,063,704 | ---- | M] () -- C:\WINDOWS\Prefetch\MBAM.EXE-0BEE0439.pf
[2009/02/06 12:26:24 | 00,065,582 | ---- | M] () -- C:\WINDOWS\Prefetch\MOVIETHUMB.EXE-33D84CFA.pf
[2009/02/19 10:10:18 | 00,017,352 | ---- | M] () -- C:\WINDOWS\Prefetch\MPNOTIFY.EXE-3631A846.pf
[2009/02/19 10:31:11 | 00,046,754 | ---- | M] () -- C:\WINDOWS\Prefetch\MSFEEDSSYNC.EXE-25E13438.pf
[2009/02/16 23:46:05 | 00,083,882 | ---- | M] () -- C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf
[2009/02/19 10:32:34 | 00,017,376 | ---- | M] () -- C:\WINDOWS\Prefetch\NOTEPAD.EXE-189578DA.pf
[2009/02/19 09:58:17 | 00,018,522 | ---- | M] () -- C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf
[2009/02/19 10:28:54 | 01,645,462 | ---- | M] () -- C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf
[2009/02/19 02:22:43 | 00,081,552 | ---- | M] () -- C:\WINDOWS\Prefetch\OPERA.EXE-12085680.pf
[2009/02/14 17:49:41 | 00,010,936 | ---- | M] () -- C:\WINDOWS\Prefetch\OSE.EXE-108AC98F.pf
[2009/02/19 10:32:59 | 00,019,650 | ---- | M] () -- C:\WINDOWS\Prefetch\OTLISTIT2.EXE-3009CADC.pf
[2009/02/19 10:29:05 | 00,018,730 | ---- | M] () -- C:\WINDOWS\Prefetch\PD91ENGINE.EXE-345B1F93.pf
[2009/02/10 00:36:01 | 00,076,560 | ---- | M] () -- C:\WINDOWS\Prefetch\PICASA3.EXE-01184D5B.pf
[2009/02/19 10:23:59 | 00,080,278 | ---- | M] () -- C:\WINDOWS\Prefetch\PICASAPHOTOVIEWER.EXE-1247CDA5.pf
[2009/02/19 10:24:02 | 00,030,176 | ---- | M] () -- C:\WINDOWS\Prefetch\PICASAUPDATER.EXE-032BAF6F.pf
[2009/02/19 10:29:05 | 00,043,706 | ---- | M] () -- C:\WINDOWS\Prefetch\POIVY.EXE-042D9569.pf
[2009/02/16 17:34:27 | 00,072,858 | ---- | M] () -- C:\WINDOWS\Prefetch\POWERPNT.EXE-364EC56A.pf
[2009/02/09 22:32:16 | 00,081,654 | ---- | M] () -- C:\WINDOWS\Prefetch\QUICKTIMEPLAYER.EXE-280B4828.pf
[2009/02/19 10:29:05 | 00,016,864 | ---- | M] () -- C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf
[2009/02/12 17:56:05 | 00,021,370 | ---- | M] () -- C:\WINDOWS\Prefetch\RSIT.EXE-2974FCE7.pf
[2009/02/13 23:28:24 | 00,021,370 | ---- | M] () -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-12E27DD0.pf
[2009/02/09 19:42:13 | 00,011,666 | ---- | M] () -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-146E5C97.pf
[2009/02/13 08:26:42 | 00,014,382 | ---- | M] () -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-19B3AED6.pf
[2009/02/11 12:33:19 | 00,030,966 | ---- | M] () -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-1AB1519E.pf
[2009/02/12 10:29:27 | 00,021,966 | ---- | M] () -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-1B2D21FF.pf
[2009/02/06 17:55:01 | 00,030,990 | ---- | M] () -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-1F0C8CE6.pf
[2009/02/06 13:15:47 | 00,031,180 | ---- | M] () -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-1F67079A.pf
[2009/02/09 19:34:57 | 00,014,346 | ---- | M] () -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf
[2009/02/10 18:39:56 | 00,030,936 | ---- | M] () -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-272311ED.pf
[2009/02/17 18:40:23 | 00,063,530 | ---- | M] () -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-2B20730C.pf
[2009/02/12 11:33:05 | 00,025,986 | ---- | M] () -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-30EA5E3E.pf
[2009/02/09 20:52:52 | 00,020,412 | ---- | M] () -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-3106FC7E.pf
[2009/02/12 11:33:18 | 00,023,516 | ---- | M] () -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-32437504.pf
[2009/02/06 01:11:40 | 00,021,520 | ---- | M] () -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-4049CD2D.pf
[2009/02/12 10:30:48 | 00,030,980 | ---- | M] () -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-41F2A96A.pf
[2009/02/19 01:00:01 | 00,014,436 | ---- | M] () -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf
[2009/02/06 14:23:07 | 00,023,528 | ---- | M] () -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-452F4D81.pf
[2009/02/12 10:30:10 | 00,015,542 | ---- | M] () -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-483630D8.pf
[2009/02/06 18:09:14 | 00,031,200 | ---- | M] () -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-4954EE8A.pf
[2009/02/09 12:53:50 | 00,015,080 | ---- | M] () -- C:\WINDOWS\Prefetch\RUNDLL32.EXE-4B77848E.pf
[2009/02/09 23:56:00 | 00,034,920 | ---- | M] () -- C:\WINDOWS\Prefetch\SAVUI.EXE-0A31877F.pf
[2009/02/16 19:52:35 | 00,038,528 | ---- | M] () -- C:\WINDOWS\Prefetch\SDUPDATE.EXE-00420EF0.pf
[2009/02/19 10:32:36 | 00,048,634 | ---- | M] () -- C:\WINDOWS\Prefetch\SEARCHFILTERHOST.EXE-148579FB.pf
[2009/02/12 02:08:03 | 00,019,116 | ---- | M] () -- C:\WINDOWS\Prefetch\SEARCHINDEXER.EXE-1AD3307F.pf
[2009/02/19 10:32:35 | 00,063,660 | ---- | M] () -- C:\WINDOWS\Prefetch\SEARCHPROTOCOLHOST.EXE-34E0253A.pf
[2009/02/18 18:51:42 | 00,056,512 | ---- | M] () -- C:\WINDOWS\Prefetch\SESCLU.EXE-31CF6B2E.pf
[2009/02/11 12:00:43 | 00,016,404 | ---- | M] () -- C:\WINDOWS\Prefetch\SETHC.EXE-0D6CE1BC.pf
[2009/02/19 10:29:05 | 00,055,222 | ---- | M] () -- C:\WINDOWS\Prefetch\SKYPE.EXE-30AE1A60.pf
[2009/02/19 10:25:42 | 00,053,710 | ---- | M] () -- C:\WINDOWS\Prefetch\SMCGUI.EXE-2610413B.pf
[2009/02/16 19:41:24 | 00,097,656 | ---- | M] () -- C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1344276B.pf
[2009/02/19 10:10:21 | 00,023,268 | ---- | M] () -- C:\WINDOWS\Prefetch\STSYSTRA.EXE-2B270561.pf
[2009/02/18 22:47:57 | 00,016,898 | ---- | M] () -- C:\WINDOWS\Prefetch\SYNTPENH.EXE-315D3ABC.pf
[2009/02/19 10:25:46 | 00,019,568 | ---- | M] () -- C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf
[2009/02/19 10:29:05 | 00,027,896 | ---- | M] () -- C:\WINDOWS\Prefetch\TEATIMER.EXE-1F57E47A.pf
[2009/02/12 02:04:43 | 00,074,364 | ---- | M] () -- C:\WINDOWS\Prefetch\UPDATE.EXE-348110B1.pf
[2009/02/12 02:03:06 | 00,072,442 | ---- | M] () -- C:\WINDOWS\Prefetch\UPDATE.EXE-358D071C.pf
[2009/02/19 10:10:20 | 00,033,388 | ---- | M] () -- C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf
[2009/02/19 10:29:05 | 00,017,170 | ---- | M] () -- C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf
[2009/02/09 22:31:39 | 00,067,642 | ---- | M] () -- C:\WINDOWS\Prefetch\VLC.EXE-22DF01AA.pf
[2009/02/09 20:57:58 | 00,012,130 | ---- | M] () -- C:\WINDOWS\Prefetch\WIAACMGR.EXE-212ED878.pf
[2009/02/19 10:29:07 | 00,064,588 | ---- | M] () -- C:\WINDOWS\Prefetch\WINDOWSSEARCH.EXE-20C0F767.pf
[2009/02/19 01:40:03 | 00,095,542 | ---- | M] () -- C:\WINDOWS\Prefetch\WINRAR.EXE-39C6DAD9.pf
[2009/02/18 10:52:51 | 00,084,344 | ---- | M] () -- C:\WINDOWS\Prefetch\WINWORD.EXE-07381162.pf
[2009/02/19 10:10:21 | 00,020,008 | ---- | M] () -- C:\WINDOWS\Prefetch\WLTRAY.EXE-2BF83672.pf
[2009/02/19 10:18:23 | 00,051,598 | ---- | M] () -- C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf
[2009/02/06 01:14:53 | 00,057,356 | ---- | M] () -- C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEF9C.pf
[2009/02/13 08:27:09 | 00,012,702 | ---- | M] () -- C:\WINDOWS\Prefetch\WPDSHEXTAUTOPLAY.EXE-17D83223.pf
[2009/02/16 18:11:04 | 00,014,436 | ---- | M] () -- C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf
[2009/02/19 10:29:08 | 00,020,512 | ---- | M] () -- C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf
[2009/02/13 08:26:45 | 00,034,632 | ---- | M] () -- C:\WINDOWS\Prefetch\WUDFHOST.EXE-215E7549.pf
[2009/02/12 17:56:19 | 00,029,928 | ---- | M] () -- C:\WINDOWS\Prefetch\YURIY HOROKHIVSKYY.EXE-32559BFC.pf
[2009/02/19 10:10:21 | 00,064,678 | ---- | M] () -- C:\WINDOWS\Prefetch\ZCFGSVC.EXE-1A56EA85.pf

< %systemroot%\system32\drivers\*.dat >

< %systemroot%\Temp\bca4e2da.$$$ >

< %systemroot%\Temp\ed47fa.$ >

< %systemroot%\Temp\fa56d7ec.$$$ >

< %systemroot%\Temp\*.$$$ >

< %systemroot%\System32\antiwpa.dll >

< %systemroot%\SYSTEM32\wpa.dll >

< %SYSTEMDRIVE%\*.epk >

< %systemroot%\*.epk >

< %systemroot%\system32\*.epk >

< %systemroot%\system32\bb*.dat >

< %systemroot%\system32\cookie*.dat >

< %systemroot%\system32\kaxs.dat >

< %systemroot%\system32\ps*.dat >

< %systemroot%\system32\*32.sys >

< %systemroot%\*.dr >

< %SYSTEMDRIVE%\*.dr >

< %systemroot%\system32\*.dr >

< %systemroot%\system32\nods32.dll >

< %systemroot%\*.res >

< %SYSTEMDRIVE%\*.res >

< %systemroot%\system32\*.res >

< %systemroot%\system32\sockins32.dll >

< %systemroot%\system32\Spool\*.* >

< %systemroot%\system32\Spool\*.exe >

< %systemroot%\system32\Spool\*.rar /s >

< %systemroot%\system32\Spool\*.zip /s >

< %systemroot%\system32\Spool\*.dat /s >
[2003/11/18 00:00:00 | 00,005,729 | ---- | M] () -- C:\WINDOWS\system32\Spool\drivers\w32x86\EPUPDATE.DAT
[2002/09/30 19:47:58 | 00,000,025 | ---- | M] () -- C:\WINDOWS\system32\Spool\drivers\w32x86\3\EBPSAGT4.DAT
[2003/11/18 00:00:00 | 00,005,729 | ---- | M] () -- C:\WINDOWS\system32\Spool\drivers\w32x86\3\EPUPDATE.DAT
[2004/03/24 03:10:00 | 00,002,692 | ---- | M] () -- C:\WINDOWS\system32\Spool\drivers\w32x86\3\E_FAIF9AA.DAT
[2004/02/05 06:00:00 | 00,000,523 | ---- | M] () -- C:\WINDOWS\system32\Spool\drivers\w32x86\3\E_FBID9AA.DAT
[2002/09/30 19:47:58 | 00,000,025 | ---- | M] () -- C:\WINDOWS\system32\Spool\drivers\w32x86\epsonstylus_cx460035df\EBPSAGT4.DAT
[2003/11/18 00:00:00 | 00,005,729 | ---- | M] () -- C:\WINDOWS\system32\Spool\drivers\w32x86\epsonstylus_cx460035df\EPUPDATE.DAT
[2004/03/24 03:10:00 | 00,002,692 | ---- | M] () -- C:\WINDOWS\system32\Spool\drivers\w32x86\epsonstylus_cx460035df\E_FAIF9AA.DAT
[2004/02/05 06:00:00 | 00,000,523 | ---- | M] () -- C:\WINDOWS\system32\Spool\drivers\w32x86\epsonstylus_cx460035df\E_FBID9AA.DAT

< %ProgramFiles%\MSN Messenger\*.zip >

< %ProgramFiles%\MSN Messenger\*.exe >

< %ProgramFiles%\MSN Messenger\*.rar >

< %PROGRAMFILES%\*crack*. >

< %PROGRAMFILES%\*keygen*. >

< %SYSTEMDRIVE%\*crack*. >

< %SYSTEMDRIVE%\*keygen*. >

< %SYSTEMDRIVE%\*.zip >

< %SYSTEMDRIVE%\*.rar >

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.dll >

< %systemroot%\*.zip >

< %systemroot%\*.rar >

< %systemroot%\system32\*.zip >

< %systemroot%\system32\*.rar >

< %PROGRAMFILES%\*.zip >

< %PROGRAMFILES%\*.rar >

< %PROGRAMFILES%\*.exe >

< %PROGRAMFILES%\*.dll >

Invalid Environment Variable: DESKTOP

Invalid Environment Variable: DESKTOP

Invalid Environment Variable: DESKTOP

Invalid Environment Variable: DESKTOP

Invalid Environment Variable: DESKTOP

< %PROGRAMFILES%\Common Files\*.* >

< %PROGRAMFILES%\Common Files\*bak*. >

< %systemroot%\SYSTEM32\*bak*. >

< %PROGRAMFILES%\*bak*. >

< %systemroot%\ime\imjp8_1\*bak*. >

< %PROGRAMFILES%\QuickTime\*bak*. >

< %PROGRAMFILES%\Viewpoint\Viewpoint Manager\*bak*. >

< %PROGRAMFILES%\Analog Devices\Core\*bak*. >

< %SYSTEMDRIVE%\hp\KBD\*bak*. >

< %PROGRAMFILES%\Adobe\Photoshop Album Starter Edition\3.2\Apps\*bak*. >

< %PROGRAMFILES%\BillP Studios\WinPatrol\*bak*. >

< %PROGRAMFILES%\BroadJump\Client Foundation\*bak*. >

< %PROGRAMFILES%\Common Files\Real\Update_OB\*bak*. >

< %PROGRAMFILES%\Common Files\Sonic\Update Manager\*bak*. >

< %PROGRAMFILES%\\Google\GoogleToolbarNotifier\*bak*. >

< %PROGRAMFILES%\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\*bak*. >

< %PROGRAMFILES%\Yahoo!\Messenger\*bak*. >

< %USERNAME%\*.zip >

< %USERNAME%\*.rar >

< %USERNAME%\*.exe >

< %USERPROFILE%\*.zip >

< %USERPROFILE%\*.rar >

< %USERPROFILE%\*.exe >

< %ALLUSERSPROFILE%\*.zip >

< %ALLUSERSPROFILE%\*.rar >

< %ALLUSERSPROFILE%\*.exe >

< %APPDATA%\*.zip >

< %APPDATA%\*.rar >

< %APPDATA%\*.exe >

Invalid Environment Variable: ALLUSERSSTARTMENU

Invalid Environment Variable: ALLUSERSSTARTMENU

Invalid Environment Variable: ALLUSERSSTARTMENU

Invalid Environment Variable: ALLUSERSSTARTUP

Invalid Environment Variable: ALLUSERSSTARTUP

Invalid Environment Variable: ALLUSERSSTARTUP

Invalid Environment Variable: ALLUSERSPROGRAMS

Invalid Environment Variable: ALLUSERSPROGRAMS

Invalid Environment Variable: ALLUSERSPROGRAMS

Invalid Environment Variable: ALLUSERSAPPDATA

Invalid Environment Variable: ALLUSERSAPPDATA

Invalid Environment Variable: ALLUSERSAPPDATA

< %APPDATA%\*.zip >

< %APPDATA%\*.rar >

< %APPDATA%\*.exe >

< %APPDATA%\*.dat >

< %APPDATA%\*.dll >

Invalid Environment Variable: QUICKLAUNCH

Invalid Environment Variable: QUICKLAUNCH

Invalid Environment Variable: QUICKLAUNCH

Invalid Environment Variable: STARTUP

Invalid Environment Variable: STARTUP

Invalid Environment Variable: STARTUP

Invalid Environment Variable: STARTMENU

Invalid Environment Variable: STARTMENU

Invalid Environment Variable: STARTMENU

Invalid Environment Variable: MYDOCUMENTS

Invalid Environment Variable: MYDOCUMENTS

Invalid Environment Variable: MYDOCUMENTS

Invalid Environment Variable: MYDOCUMENTS

Invalid Environment Variable: MYDOCUMENTS

< %PROGRAMFILES%\Mozilla Firefox\plugins\*.* >
[2009/01/20 00:08:58 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

< %PROGRAMFILES%\Internet Explorer\*.* >
[2007/08/13 18:54:10 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\custsat.dll
[2009/02/06 13:08:13 | 00,000,000 | ---- | M] () -- C:\Program Files\Internet Explorer\h323log.txt
[2007/08/13 18:18:02 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\hmmapi.dll
[2007/08/13 18:44:02 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iedw.exe
[2007/08/13 18:54:10 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll
[2008/12/19 00:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Internet Explorer\PLUGINS\*.* >
[2009/02/16 23:48:52 | 00,004,208 | ---- | M] () -- C:\Program Files\Internet Explorer\PLUGINS\QuickTimePlugin.class

< %PROGRAMFILES%\Mozilla Firefox\*.zip /s >

< %PROGRAMFILES%\Mozilla Firefox\*.rar /s >

< %PROGRAMFILES%\Mozilla Firefox\*.exe /s >
[2009/01/20 00:08:35 | 00,185,848 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2009/01/20 00:08:36 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/01/20 00:08:52 | 00,242,168 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe
[2009/01/20 00:08:32 | 00,509,536 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\uninstall\helper.exe

< %PROGRAMFILES%\Internet Explorer\*.zip /s >

< %PROGRAMFILES%\Internet Explorer\*.rar /s >

< %PROGRAMFILES%\Internet Explorer\*.exe /s >
[2007/08/13 18:44:02 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iedw.exe
[2008/12/19 00:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/04/13 19:12:22 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe
[2008/04/13 19:12:22 | 00,086,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe
[2008/04/13 19:12:22 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe
[2004/08/04 05:00:00 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe
[2008/04/13 19:12:22 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe
[2004/08/04 05:00:00 | 00,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe

< %SYSTEMDRIVE%\*.dat >

< %SYSTEMDRIVE%\*.sys >
[2008/11/25 16:58:59 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/02/19 10:27:22 | 21,385,05216 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/25 16:58:59 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/11/25 16:58:59 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/02/19 10:27:20 | 21,453,86496 | -HS- | M] () -- C:\pagefile.sys

< %SYSTEMROOT%\*.dat >
[2009/02/19 10:27:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/11/25 21:16:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[6 C:\WINDOWS\*.tmp files]

< %SYSTEMROOT%\*.sys >

< %systemroot%\system32\drivers\*.exe /s >

< %systemroot%\system32\drivers\*.zip /s >

< %systemroot%\system32\drivers\*.rar /s >

< %systemroot%\system\*.exe /s >

< %systemroot%\system\*.zip /s >

< %systemroot%\system\*.rar /s >

< %systemroot%\AppPatch\*.exe /s >

< %systemroot%\AppPatch\*.zip /s >

< %systemroot%\AppPatch\*.rar /s >

< %systemroot%\Cache\*.* >

< %systemroot%\Downloaded Program Files\*.* >
[2008/11/25 16:57:48 | 00,000,065 | -H-- | M] () -- C:\WINDOWS\Downloaded Program Files\desktop.ini
[2006/03/20 17:34:42 | 00,024,576 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\dwusplay.dll
[2006/03/20 17:34:42 | 00,196,608 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\dwusplay.exe
[2006/03/20 17:34:52 | 00,484,272 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\isusweb.dll
[2008/07/18 22:13:20 | 00,000,295 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\muweb.inf
[2009/01/17 12:34:48 | 00,001,131 | ---- | M] () -- C:\WINDOWS\Downloaded Program Files\TVUAx.inf

< %systemroot%\Fonts\*.exe /s >

< %systemroot%\Fonts\*.zip /s >

< %systemroot%\Fonts\*.rar /s >

< %systemroot%\Fonts\*.dll /s >

< %systemroot%\Help\*.exe /s >
[2004/08/04 05:00:00 | 03,374,640 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\Help\Tours\mmTour\tour.exe

< %systemroot%\Help\*.zip /s >

< %systemroot%\Help\*.rar /s >

< %systemroot%\Tasks\*.* >
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/02/19 09:46:19 | 00,000,978 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1303643608-1801674531-1004.job
[2009/02/19 10:27:38 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/02/19 10:31:28 | 00,000,448 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{93B4AC6B-79E9-412B-8F86-2DE3E5F14F95}.job

< %APPDATA%\*.sys >

< %APPDATA%\Google\*.* >

< %systemroot%\system32\serauth1.dll >

< %systemroot%\system32\serauth2.dll >

< %systemroot%\system32\sysaudio.sys >

< %systemroot%\system32\wdmaud.sys >

< %PROGRAMFILES%\*TinyProxy*. >

< HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla|extensions /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\\[email protected] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ff [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/02/16 23:43:59 00,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions\\Components -> %ProgramFiles%\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/02/17 17:31:35 00,000,000 | ---D | M]
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins -> %ProgramFiles%\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/02/17 17:31:19 00,000,000 | ---D | M]

< %systemroot%\system32\inf\*.exe /s >

< %systemroot%\system32\inf\*.zip /s >

< %systemroot%\system32\inf\*.rar /s >

< %systemroot%\system32\inf\*.dll /s >

< %PROGRAMFILES%\Bitlord\Downloads\*.zip /s >

< %PROGRAMFILES%\Bitlord\Downloads\*.rar /s >

< %PROGRAMFILES%\Bitlord\Downloads\*.exe /s >

< %PROGRAMFILES%\Bitlord\Downloads\*crack*. >

< %PROGRAMFILES%\Bitlord\Downloads\*keygen*. >

< %PROGRAMFILES%\eMule\Incoming\*.zip /s >

< %PROGRAMFILES%\eMule\Incoming\*.rar /s >

< %PROGRAMFILES%\eMule\Incoming\*.exe /s >

< %PROGRAMFILES%\eMule\Incoming\*crack*. >

< %PROGRAMFILES%\eMule\Incoming\*keygen*. >

< %ProgramFiles%\Bittorent\downloads\*.zip /s >

< %ProgramFiles%\Bittorent\downloads\*.exe /s >

< %ProgramFiles%\Bittorent\downloads\*.rar /s >

< %PROGRAMFILES%\Bittorent\Downloads\*crack*. >

< %PROGRAMFILES%\Bittorent\Downloads\*keygen*. >

< %ProgramFiles%\Bearshare\Shared\*.zip /s >

< %ProgramFiles%\Bearshare\Shared\*.exe /s >

< %ProgramFiles%\Bearshare\Shared\*.rar /s >

< %ProgramFiles%\Bearshare\Shared\*crack*. >

< %ProgramFiles%\Bearshare\Shared\*keygen*. >

< %ProgramFiles%\Morpheus\My Shared Folder\*.zip /s >

< %ProgramFiles%\Morpheus\My Shared Folder\*.exe /s >

< %ProgramFiles%\Morpheus\My Shared Folder\*.rar /s >

< %ProgramFiles%\Morpheus\My Shared Folder\*crack*. >

< %ProgramFiles%\Morpheus\My Shared Folder\*keygen*. >

< %ProgramFiles%\uTorrent\Downloads\*.zip /s >

< %ProgramFiles%\uTorrent\Downloads\*.exe /s >

< %ProgramFiles%\uTorrent\Downloads\*.rar /s >

< %ProgramFiles%\uTorrent\Downloads\*crack*. >

< %ProgramFiles%\uTorrent\Downloads\*keygen*. >

< %ProgramFiles%\Kazaa Lite\My Shared Folder\*.zip /s >

< %ProgramFiles%\Kazaa Lite\My Shared Folder\*.exe /s >

< %ProgramFiles%\Kazaa Lite\My Shared Folder\*.rar /s >

< %ProgramFiles%\Kazaa Lite\My Shared Folder\*crack*. >

< %ProgramFiles%\Kazaa Lite\My Shared Folder\*keygen*. >

< %ProgramFiles%\Kazaa\My Shared Folder\*.zip /s >

< %ProgramFiles%\Kazaa\My Shared Folder\*.exe /s >

< %ProgramFiles%\Kazaa\My Shared Folder\*.rar /s >

< %ProgramFiles%\Kazaa\My Shared Folder\*crack*. >

< %ProgramFiles%\Kazaa\My Shared Folder\*keygen*. >

< %ProgramFiles%\Icq\Shared Files\*.zip /s >

< %ProgramFiles%\Icq\Shared Files\*.exe /s >

< %ProgramFiles%\Icq\Shared Files\*.rar /s >

< %ProgramFiles%\Icq\Shared Files\*crack*. >

< %ProgramFiles%\Icq\Shared Files\*keygen*. >

< %ProgramFiles%\Direct Connect\Received Files\*.zip /s >

< %ProgramFiles%\Direct Connect\Received Files\*.exe /s >

< %ProgramFiles%\Direct Connect\Received Files\*.rar /s >

< %ProgramFiles%\Direct Connect\Received Files\*crack*. >

< %ProgramFiles%\Direct Connect\Received Files\*keygen*. >

< %ALLUSERSPROFILE%\Application Data\AOL Downloads\*.zip >

< %ALLUSERSPROFILE%\Application Data\AOL Downloads\*.rar >

< %ALLUSERSPROFILE%\Application Data\AOL Downloads\*.exe >

< %ALLUSERSPROFILE%\Application Data\AOL Downloads\*crack*. >

< %ALLUSERSPROFILE%\Application Data\AOL Downloads\*keygen*. >

< %APPDATA%\Opera\Opera\profile\widgets\*.* >

< %PROGRAMFILES%\Opera\program\plugins\*.* /s >
[2004/08/04 05:00:00 | 00,022,060 | ---- | M] () -- C:\Program Files\Opera\program\plugins\npds.zip
[2008/04/13 19:12:02 | 00,364,544 | ---- | M] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\Program Files\Opera\program\plugins\npdsplay.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Opera\program\plugins\NPOFF12.DLL
[2008/04/13 19:12:02 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Opera\program\plugins\npwmsdrm.dll
[2009/02/16 23:48:52 | 00,004,208 | ---- | M] () -- C:\Program Files\Opera\program\plugins\QuickTimePlugin.class

< %APPDATA%\Opera\Opera\profile\toolbar\*.* /s >

< %ProgramFiles%\Movie Maker\*.dll >
[2008/04/13 19:12:09 | 00,167,936 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Movie Maker\wmm2ae.dll
[2008/04/13 19:12:09 | 00,004,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Movie Maker\wmm2eres.dll
[2008/04/13 19:12:09 | 00,007,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Movie Maker\wmm2ext.dll
[2008/04/13 19:12:09 | 00,402,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Movie Maker\wmm2filt.dll
[2008/04/13 19:12:09 | 00,502,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Movie Maker\wmm2fxa.dll
[2008/04/13 19:12:09 | 00,325,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Movie Maker\wmm2fxb.dll
[2008/04/13 19:12:09 | 04,256,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Movie Maker\wmm2res.dll
[2008/04/13 19:12:09 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Movie Maker\wmm2res2.dll

Invalid Environment Variable: ALLUSERSAPPDATA

< %SYSTEMROOT%\*.tmp >
[6 C:\WINDOWS\*.tmp files]

< %PROGRAMFILES%\Internet Explorer\*.dll >
[2007/08/13 18:54:10 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\custsat.dll
[2007/08/13 18:18:02 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\hmmapi.dll
[2007/08/13 18:54:10 | 00,287,744 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieproxy.dll

Invalid Environment Variable: DriveLetter
< End of report >
  • 0

#65
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello megadez,

Please delete your version of ComboFix, including the folders C:\Qoobox and C:\Combofix, and download a new version of Combofix.

Download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#66
megadez

megadez

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
ComboFix 09-02-18.01 - Yuriy Horokhivskyy 2009-02-19 18:49:30.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1269 [GMT -5:00]
Running from: c:\documents and settings\Yuriy Horokhivskyy\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated)
FW: Symantec Endpoint Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-19 to 2009-02-19 )))))))))))))))))))))))))))))))
.

2009-02-19 01:40 . 2009-02-19 01:42 250 --a------ c:\windows\gmer.ini
2009-02-17 18:15 . 2009-02-17 19:15 <DIR> d-------- c:\documents and settings\Yuriy Horokhivskyy\.housecall6.6
2009-02-16 23:47 . 2009-02-16 23:48 <DIR> d-------- c:\program files\QuickTime
2009-02-16 23:44 . 2009-02-16 23:43 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-15 15:43 . 2009-02-16 11:16 <DIR> d-------- c:\documents and settings\Yuriy Horokhivskyy\DoctorWeb
2009-02-13 02:45 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-13 02:45 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-12 02:04 . 2009-02-12 02:04 1,374 --a------ c:\windows\imsins.BAK
2009-01-28 19:25 . 2009-01-28 19:25 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-01-27 20:01 . 2009-01-27 20:01 <DIR> d--hs---- c:\documents and settings\Yuriy Horokhivskyy\IECompatCache
2009-01-27 20:00 . 2009-01-27 20:00 <DIR> d--hs---- c:\documents and settings\Yuriy Horokhivskyy\PrivacIE
2009-01-27 19:59 . 2009-01-27 19:59 <DIR> d--hs---- c:\documents and settings\Yuriy Horokhivskyy\IETldCache
2009-01-27 19:19 . 2009-01-27 20:34 <DIR> d-------- c:\windows\ie8updates
2009-01-27 19:14 . 2008-04-13 19:11 81,920 --a------ c:\windows\system32\ieencode.dll
2009-01-27 19:14 . 2007-08-13 18:45 78,336 --a------ c:\windows\system32\dllcache\ieencode.dll
2009-01-27 19:07 . 2009-01-11 00:00 79,360 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-01-25 18:08 . 2008-04-13 19:11 16,896 --a------ c:\windows\system32\hhctrl32.dll
2009-01-20 11:29 . 2009-01-20 11:29 7,680 --ahs---- c:\windows\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-19 23:48 --------- d-----w c:\documents and settings\Yuriy Horokhivskyy\Application Data\foobar2000
2009-02-19 23:31 --------- d-----w c:\documents and settings\Yuriy Horokhivskyy\Application Data\Skype
2009-02-17 04:46 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-17 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-14 18:20 --------- d-----w c:\program files\Opera
2009-02-13 23:50 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-13 23:47 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-13 07:45 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-12 07:07 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-05 06:28 --------- d-----w c:\documents and settings\Yuriy Horokhivskyy\Application Data\uTorrent
2009-01-25 02:02 --------- d-----w c:\program files\TVUPlayer
2009-01-24 01:29 --------- d-----w c:\program files\mp3DirectCut
2009-01-21 01:44 149,760 ----a-w c:\windows\system32\drivers\WpsHelper.sys
2009-01-17 22:00 --------- d-----w c:\program files\Google
2009-01-17 02:21 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-17 02:21 --------- d-----w c:\program files\Common Files\Adobe
2009-01-15 16:51 --------- d-----w c:\program files\Apple Software Update
2009-01-15 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-10 00:26 --------- d-----w c:\program files\EPSON
2009-01-09 07:10 --------- d-----w c:\documents and settings\Yuriy Horokhivskyy\Application Data\Apple Computer
2009-01-07 21:37 --------- d-----w c:\documents and settings\Yuriy Horokhivskyy\Application Data\dvdcss
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2009-01-05 01:31 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01000_Coinstaller_Critical.Wdf
2009-01-05 01:31 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-01-05 01:27 --------- d-----w c:\program files\Synaptics
2009-01-04 18:28 --------- d-----w c:\program files\Java
2009-01-03 18:58 --------- d-----w c:\program files\My Skype Pictures
2009-01-02 01:53 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-02 00:54 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-02 00:53 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-02 00:53 60,800 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-01-02 00:53 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-02 00:53 10,563 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-02 00:53 --------- d-----w c:\program files\Symantec
2008-12-29 18:13 --------- d-----w c:\documents and settings\Yuriy Horokhivskyy\Application Data\Malwarebytes
2008-12-29 18:13 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-28 20:07 --------- d-----w c:\program files\Trend Micro
2008-12-25 18:42 --------- d-----w c:\documents and settings\Yuriy Horokhivskyy\Application Data\U3
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-17 05:12 356,352 ----a-w c:\windows\eSellerateEngine.dll
2008-12-11 04:36 29,480 ----a-w c:\windows\system32\msxml3a.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-25 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"PoivY"="c:\program files\PoivY.com\PoivY\PoivY.exe" [2008-09-26 9102112]
"Google Update"="c:\documents and settings\Yuriy Horokhivskyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-25 133104]
"EPSON Stylus CX4600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" [2004-03-04 98304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"EPSON Stylus CX4600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" [2004-03-04 98304]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"Lingvo Launcher"="c:\program files\ABBYY Lingvo x3\LvAgent.exe" [2008-07-16 1029408]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-16 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PoivY.com\\PoivY\\PoivY.exe"=
"c:\\Documents and Settings\\Yuriy Horokhivskyy\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Yuriy Horokhivskyy\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Standalone.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Yuriy Horokhivskyy\\Desktop\\Soft\\Connection\\utorrent.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12:32 41456]
R2 ABBYY.Licensing.Lingvo.Desktop.14.0;ABBYY Lingvo x3 Licensing Service;c:\program files\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe [2008-07-14 808224]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-01-16 664840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-01 99376]
S1 vdmymjk3;AVZ-BC Kernel Driver;\??\c:\windows\system32\Drivers\vdmymjk3.sys --> c:\windows\system32\Drivers\vdmymjk3.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-01-16 894216]
.
Contents of the 'Scheduled Tasks' folder

2009-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1303643608-1801674531-1004.job
- c:\documents and settings\Yuriy Horokhivskyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-25 22:13]

2009-02-19 c:\windows\Tasks\User_Feed_Synchronization-{93B4AC6B-79E9-412B-8F86-2DE3E5F14F95}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Yuriy Horokhivskyy\Application Data\Mozilla\Firefox\Profiles\1fv4odxm.default\
FF - plugin: c:\documents and settings\Yuriy Horokhivskyy\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 18:54:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2009-02-19 18:58:39
ComboFix-quarantined-files.txt 2009-02-19 23:58:35

Pre-Run: 2,856,431,616 bytes free
Post-Run: 3,081,424,896 bytes free

190 --- E O F --- 2009-02-12 07:14:02
  • 0

#67
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Driver::
a5i2oe1d
spjp.sys

Rootkit::
\SystemRoot\System32\Drivers\a5i2oe1d.SYS

SysRst::

Reboot::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#68
megadez

megadez

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
ComboFix 09-02-18.01 - Yuriy Horokhivskyy 2009-02-19 20:07:12.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1271 [GMT -5:00]
Running from: c:\documents and settings\Yuriy Horokhivskyy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Yuriy Horokhivskyy\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated)
FW: Symantec Endpoint Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-20 to 2009-02-20 )))))))))))))))))))))))))))))))
.

2009-02-19 01:40 . 2009-02-19 01:42 250 --a------ c:\windows\gmer.ini
2009-02-17 18:15 . 2009-02-17 19:15 <DIR> d-------- c:\documents and settings\Yuriy Horokhivskyy\.housecall6.6
2009-02-16 23:47 . 2009-02-16 23:48 <DIR> d-------- c:\program files\QuickTime
2009-02-16 23:44 . 2009-02-16 23:43 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-15 15:43 . 2009-02-16 11:16 <DIR> d-------- c:\documents and settings\Yuriy Horokhivskyy\DoctorWeb
2009-02-13 02:45 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-13 02:45 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-12 02:04 . 2009-02-12 02:04 1,374 --a------ c:\windows\imsins.BAK
2009-01-28 19:25 . 2009-01-28 19:25 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-01-27 20:01 . 2009-01-27 20:01 <DIR> d--hs---- c:\documents and settings\Yuriy Horokhivskyy\IECompatCache
2009-01-27 20:00 . 2009-01-27 20:00 <DIR> d--hs---- c:\documents and settings\Yuriy Horokhivskyy\PrivacIE
2009-01-27 19:59 . 2009-01-27 19:59 <DIR> d--hs---- c:\documents and settings\Yuriy Horokhivskyy\IETldCache
2009-01-27 19:19 . 2009-01-27 20:34 <DIR> d-------- c:\windows\ie8updates
2009-01-27 19:14 . 2008-04-13 19:11 81,920 --a------ c:\windows\system32\ieencode.dll
2009-01-27 19:14 . 2007-08-13 18:45 78,336 --a------ c:\windows\system32\dllcache\ieencode.dll
2009-01-27 19:07 . 2009-01-11 00:00 79,360 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-01-25 18:08 . 2008-04-13 19:11 16,896 --a------ c:\windows\system32\hhctrl32.dll
2009-01-20 11:29 . 2009-01-20 11:29 7,680 --ahs---- c:\windows\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-20 01:15 --------- d-----w c:\documents and settings\Yuriy Horokhivskyy\Application Data\Skype
2009-02-19 23:48 --------- d-----w c:\documents and settings\Yuriy Horokhivskyy\Application Data\foobar2000
2009-02-17 04:46 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-17 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-14 18:20 --------- d-----w c:\program files\Opera
2009-02-13 23:50 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-13 23:47 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-13 07:45 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-12 07:07 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-05 06:28 --------- d-----w c:\documents and settings\Yuriy Horokhivskyy\Application Data\uTorrent
2009-01-25 02:02 --------- d-----w c:\program files\TVUPlayer
2009-01-24 01:29 --------- d-----w c:\program files\mp3DirectCut
2009-01-21 01:44 149,760 ----a-w c:\windows\system32\drivers\WpsHelper.sys
2009-01-17 22:00 --------- d-----w c:\program files\Google
2009-01-17 02:21 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-17 02:21 --------- d-----w c:\program files\Common Files\Adobe
2009-01-15 16:51 --------- d-----w c:\program files\Apple Software Update
2009-01-15 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-10 00:26 --------- d-----w c:\program files\EPSON
2009-01-09 07:10 --------- d-----w c:\documents and settings\Yuriy Horokhivskyy\Application Data\Apple Computer
2009-01-07 21:37 --------- d-----w c:\documents and settings\Yuriy Horokhivskyy\Application Data\dvdcss
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2009-01-05 01:31 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01000_Coinstaller_Critical.Wdf
2009-01-05 01:31 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-01-05 01:27 --------- d-----w c:\program files\Synaptics
2009-01-04 18:28 --------- d-----w c:\program files\Java
2009-01-03 18:58 --------- d-----w c:\program files\My Skype Pictures
2009-01-02 01:53 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-02 00:54 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-02 00:53 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-02 00:53 60,800 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-01-02 00:53 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-02 00:53 10,563 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-02 00:53 --------- d-----w c:\program files\Symantec
2008-12-29 18:13 --------- d-----w c:\documents and settings\Yuriy Horokhivskyy\Application Data\Malwarebytes
2008-12-29 18:13 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-28 20:07 --------- d-----w c:\program files\Trend Micro
2008-12-25 18:42 --------- d-----w c:\documents and settings\Yuriy Horokhivskyy\Application Data\U3
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-17 05:12 356,352 ----a-w c:\windows\eSellerateEngine.dll
2008-12-11 04:36 29,480 ----a-w c:\windows\system32\msxml3a.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-19_18.55.32.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-20 01:12:41 16,384 ----atw c:\windows\temp\Perflib_Perfdata_55c.dat
.
((((((((((((((((((((((((((((((((((((((( System Restore )))))))))))))))))))))))))))))))))))))))))))))))))))
.

2009-02-16 23:46 1910 c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegBHO-Global.reg
2009-02-16 23:42 1550 {96CDD294-A823-4775-896E-BD5A928290D1}\RP49\A0023067.reg
2009-02-16 23:45 1910 {96CDD294-A823-4775-896E-BD5A928290D1}\RP50\A0023074.reg

2009-02-19 18:59 122 c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegDCMD-Yuriy Horokhivskyy.reg
2009-02-16 21:59 107 {96CDD294-A823-4775-896E-BD5A928290D1}\RP51\A0023642.reg

2009-02-16 23:47 4448 c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegDPF-Global.reg
2009-02-16 23:43 2369 {96CDD294-A823-4775-896E-BD5A928290D1}\RP50\A0023098.reg

2009-02-16 23:55 1892 c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS1-Global.reg
2009-02-16 23:44 1892 {96CDD294-A823-4775-896E-BD5A928290D1}\RP50\A0023228.reg
2009-02-16 23:49 1969 {96CDD294-A823-4775-896E-BD5A928290D1}\RP50\A0023261.reg

c:\documents and settings\Yuriy Horokhivskyy\Application Data\Mozilla\Firefox\Profiles\bjbfibwr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-01-22 03:54 43008 {96CDD294-A823-4775-896E-BD5A928290D1}\RP50\A0023290.dll

c:\documents and settings\Yuriy Horokhivskyy\Application Data\Mozilla\Firefox\Profiles\bjbfibwr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-01-22 03:54 43008 {96CDD294-A823-4775-896E-BD5A928290D1}\RP50\A0023291.dll

c:\documents and settings\Yuriy Horokhivskyy\Application Data\Mozilla\Firefox\Profiles\bjbfibwr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-01-22 03:54 352768 {96CDD294-A823-4775-896E-BD5A928290D1}\RP50\A0023293.dll

c:\documents and settings\Yuriy Horokhivskyy\Application Data\Mozilla\Firefox\Profiles\bjbfibwr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-01-22 03:53 358912 {96CDD294-A823-4775-896E-BD5A928290D1}\RP50\A0023294.dll

c:\documents and settings\Yuriy Horokhivskyy\Application Data\Mozilla\Firefox\Profiles\bjbfibwr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-01-22 03:54 235520 {96CDD294-A823-4775-896E-BD5A928290D1}\RP50\A0023295.dll

c:\documents and settings\Yuriy Horokhivskyy\Application Data\Mozilla\Firefox\Profiles\bjbfibwr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-01-22 03:54 235008 {96CDD294-A823-4775-896E-BD5A928290D1}\RP50\A0023296.dll

2009-02-16 23:39 152576 c:\documents and settings\Yuriy Horokhivskyy\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
{96CDD294-A823-4775-896E-BD5A928290D1}\RP47\A0022940.dllc:\windows\system32\java.exe
2008-11-10 05:43 144792 {96CDD294-A823-4775-896E-BD5A928290D1}\RP48\A0022941.exe

c:\program files\Common Files\Symantec Shared\VirusDefs\20090215.022\CCERASER.DLL
2008-12-17 04:00 2393648 {96CDD294-A823-4775-896E-BD5A928290D1}\RP50\A0023383.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20090215.022\ECMSVR32.DLL
2008-12-17 04:00 259368 {96CDD294-A823-4775-896E-BD5A928290D1}\RP50\A0023385.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20090215.022\EECTRL.SYS
2008-12-17 04:00 371248 {96CDD294-A823-4775-896E-BD5A928290D1}\RP50\A0023386.SYS

c:\program files\Common Files\Symantec Shared\VirusDefs\20090215.022\ERASER.SYS
2008-12-17 04:00 99376 {96CDD294-A823-4775-896E-BD5A928290D1}\RP50\A0023388.SYS

c:\program files\Common Files\Symantec Shared\VirusDefs\20090215.022\NAVENG.SYS
2008-12-17 04:00 89104 {96CDD294-A823-4775-896E-BD5A928290D1}\RP50\A0023389.SYS

c:\program files\Common Files\Symantec Shared\VirusDefs\20090215.022\NAVENG32.DLL
2008-12-17 04:00 177520 {96CDD294-A823-4775-896E-BD5A928290D1}\RP50\A0023391.DLL

c:\program files\Common Files\Symantec Shared\VirusDefs\20090
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-25 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"PoivY"="c:\program files\PoivY.com\PoivY\PoivY.exe" [2008-09-26 9102112]
"Google Update"="c:\documents and settings\Yuriy Horokhivskyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-25 133104]
"EPSON Stylus CX4600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" [2004-03-04 98304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"EPSON Stylus CX4600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" [2004-03-04 98304]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"Lingvo Launcher"="c:\program files\ABBYY Lingvo x3\LvAgent.exe" [2008-07-16 1029408]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-16 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PoivY.com\\PoivY\\PoivY.exe"=
"c:\\Documents and Settings\\Yuriy Horokhivskyy\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Yuriy Horokhivskyy\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Standalone.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Yuriy Horokhivskyy\\Desktop\\Soft\\Connection\\utorrent.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12:32 41456]
R2 ABBYY.Licensing.Lingvo.Desktop.14.0;ABBYY Lingvo x3 Licensing Service;c:\program files\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe [2008-07-14 808224]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-01-16 664840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-01 99376]
S1 vdmymjk3;AVZ-BC Kernel Driver;\??\c:\windows\system32\Drivers\vdmymjk3.sys --> c:\windows\system32\Drivers\vdmymjk3.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-01-16 894216]
.
Contents of the 'Scheduled Tasks' folder

2009-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1303643608-1801674531-1004.job
- c:\documents and settings\Yuriy Horokhivskyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-25 22:13]

2009-02-20 c:\windows\Tasks\User_Feed_Synchronization-{93B4AC6B-79E9-412B-8F86-2DE3E5F14F95}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Yuriy Horokhivskyy\Application Data\Mozilla\Firefox\Profiles\1fv4odxm.default\
FF - plugin: c:\documents and settings\Yuriy Horokhivskyy\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 20:13:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(6392)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\ABBYY Lingvo x3\LvHook.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\searchindexer.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Symantec\Symantec Endpoint Protection\SescLU.exe
c:\program files\Symantec\LiveUpdate\LUALL.EXE
c:\windows\system32\searchprotocolhost.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\Symantec\LiveUpdate\LuCallbackProxy.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-02-19 20:22:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-20 01:22:30
ComboFix2.txt 2009-02-19 23:58:46

Pre-Run: 3,048,964,096 bytes free
Post-Run: 3,044,704,256 bytes free

280 --- E O F --- 2009-02-12 07:14:02
  • 0

#69
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hmm...lets try that again but slightly differently.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Driver::
a5i2oe1d.SYS

File::
c:\windows\Drivers\a5i2oe1d.SYS

Rootkit::
c:\windows\Drivers\a5i2oe1d.SYS

Reboot::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#70
megadez

megadez

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
ComboFix 09-02-18.01 - Yuriy Horokhivskyy 2009-02-19 20:50:08.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1356 [GMT -5:00]
Running from: c:\documents and settings\Yuriy Horokhivskyy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Yuriy Horokhivskyy\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated)
FW: Symantec Endpoint Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-20 to 2009-02-20 )))))))))))))))))))))))))))))))
.

2009-02-19 01:40 . 2009-02-19 01:42 250 --a------ c:\windows\gmer.ini
2009-02-17 18:15 . 2009-02-17 19:15 <DIR> d-------- c:\documents and settings\Yuriy Horokhivskyy\.housecall6.6
2009-02-16 23:47 . 2009-02-16 23:48 <DIR> d-------- c:\program files\QuickTime
2009-02-16 23:44 . 2009-02-16 23:43 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-15 15:43 . 2009-02-16 11:16 <DIR> d-------- c:\documents and settings\Yuriy Horokhivskyy\DoctorWeb
2009-02-13 02:45 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-13 02:45 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-12 02:04 . 2009-02-12 02:04 1,374 --a------ c:\windows\imsins.BAK
2009-01-28 19:25 . 2009-01-28 19:25 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-01-27 20:01 . 2009-01-27 20:01 <DIR> d--hs---- c:\documents and settings\Yuriy Horokhivskyy\IECompatCache
2009-01-27 20:00 . 2009-01-27 20:00 <DIR> d--hs---- c:\documents and settings\Yuriy Horokhivskyy\PrivacIE
2009-01-27 19:59 . 2009-01-27 19:59 <DIR> d--hs---- c:\documents and settings\Yuriy Horokhivskyy\IETldCache
2009-01-27 19:19 . 2009-01-27 20:34 <DIR> d-------- c:\windows\ie8updates
2009-01-27 19:14 . 2008-04-13 19:11 81,920 --a------ c:\windows\system32\ieencode.dll
2009-01-27 19:14 . 2007-08-13 18:45 78,336 --a------ c:\windows\system32\dllcache\ieencode.dll
2009-01-27 19:07 . 2009-01-11 00:00 79,360 -----c--- c:\windows\system32\dllcache\iecompat.dll
2009-01-25 18:08 . 2008-04-13 19:11 16,896 --a------ c:\windows\system32\hhctrl32.dll
2009-01-20 11:29 . 2009-01-20 11:29 7,680 --ahs---- c:\windows\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-20 01:53 --------- d-----w c:\documents and settings\Yuriy Horokhivskyy\Application Data\Skype
2009-02-19 23:48 --------- d-----w c:\documents and settings\Yuriy Horokhivskyy\Application Data\foobar2000
2009-02-17 04:46 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-02-17 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-14 18:20 --------- d-----w c:\program files\Opera
2009-02-13 23:50 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-13 23:47 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-13 07:45 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-02-12 07:07 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-05 06:28 --------- d-----w c:\documents and settings\Yuriy Horokhivskyy\Application Data\uTorrent
2009-01-25 02:02 --------- d-----w c:\program files\TVUPlayer
2009-01-24 01:29 --------- d-----w c:\program files\mp3DirectCut
2009-01-21 01:44 149,760 ----a-w c:\windows\system32\drivers\WpsHelper.sys
2009-01-17 22:00 --------- d-----w c:\program files\Google
2009-01-17 02:21 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-17 02:21 --------- d-----w c:\program files\Common Files\Adobe
2009-01-15 16:51 --------- d-----w c:\program files\Apple Software Update
2009-01-15 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-10 00:26 --------- d-----w c:\program files\EPSON
2009-01-09 07:10 --------- d-----w c:\documents and settings\Yuriy Horokhivskyy\Application Data\Apple Computer
2009-01-07 21:37 --------- d-----w c:\documents and settings\Yuriy Horokhivskyy\Application Data\dvdcss
2009-01-05 22:33 3,751,995 ----a-w c:\windows\system32\GPhotos.scr
2009-01-05 01:31 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01000_Coinstaller_Critical.Wdf
2009-01-05 01:31 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-01-05 01:27 --------- d-----w c:\program files\Synaptics
2009-01-04 18:28 --------- d-----w c:\program files\Java
2009-01-03 18:58 --------- d-----w c:\program files\My Skype Pictures
2009-01-02 01:53 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-02 00:54 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-02 00:53 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-02 00:53 60,800 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-01-02 00:53 123,952 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-02 00:53 10,563 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-02 00:53 --------- d-----w c:\program files\Symantec
2008-12-29 18:13 --------- d-----w c:\documents and settings\Yuriy Horokhivskyy\Application Data\Malwarebytes
2008-12-29 18:13 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-28 20:07 --------- d-----w c:\program files\Trend Micro
2008-12-25 18:42 --------- d-----w c:\documents and settings\Yuriy Horokhivskyy\Application Data\U3
2008-12-20 23:15 826,368 ----a-w c:\windows\system32\wininet.dll
2008-12-17 05:12 356,352 ----a-w c:\windows\eSellerateEngine.dll
2008-12-11 04:36 29,480 ----a-w c:\windows\system32\msxml3a.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-02-19_18.55.32.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-20 01:12:41 16,384 ----atw c:\windows\temp\Perflib_Perfdata_55c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-25 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"PoivY"="c:\program files\PoivY.com\PoivY\PoivY.exe" [2008-09-26 9102112]
"Google Update"="c:\documents and settings\Yuriy Horokhivskyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-25 133104]
"EPSON Stylus CX4600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" [2004-03-04 98304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"EPSON Stylus CX4600 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" [2004-03-04 98304]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"Lingvo Launcher"="c:\program files\ABBYY Lingvo x3\LvAgent.exe" [2008-07-16 1029408]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-16 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PoivY.com\\PoivY\\PoivY.exe"=
"c:\\Documents and Settings\\Yuriy Horokhivskyy\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Yuriy Horokhivskyy\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Standalone.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Yuriy Horokhivskyy\\Desktop\\Soft\\Connection\\utorrent.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2007-11-03 00:12:32 41456]
R2 ABBYY.Licensing.Lingvo.Desktop.14.0;ABBYY Lingvo x3 Licensing Service;c:\program files\Common Files\ABBYY\Lingvo\14.0\Licensing\NetworkLicenseServer.exe [2008-07-14 808224]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [2008-01-16 664840]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-01 99376]
S1 vdmymjk3;AVZ-BC Kernel Driver;\??\c:\windows\system32\Drivers\vdmymjk3.sys --> c:\windows\system32\Drivers\vdmymjk3.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [2008-01-16 894216]
.
Contents of the 'Scheduled Tasks' folder

2009-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1645522239-1303643608-1801674531-1004.job
- c:\documents and settings\Yuriy Horokhivskyy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-25 22:13]

2009-02-20 c:\windows\Tasks\User_Feed_Synchronization-{93B4AC6B-79E9-412B-8F86-2DE3E5F14F95}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Yuriy Horokhivskyy\Application Data\Mozilla\Firefox\Profiles\1fv4odxm.default\
FF - plugin: c:\documents and settings\Yuriy Horokhivskyy\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-19 20:53:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2009-02-19 20:57:49
ComboFix-quarantined-files.txt 2009-02-20 01:57:44
ComboFix2.txt 2009-02-20 01:22:54
ComboFix3.txt 2009-02-19 23:58:46

Pre-Run: 3,006,722,048 bytes free
Post-Run: 2,992,586,752 bytes free

197 --- E O F --- 2009-02-12 07:14:02
  • 0

Advertisements


#71
megadez

megadez

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
and it's definitely not ok yet
  • 0

#72
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Not having much luck. Lets try this one. It will give us a very wide look at things.

Download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop.
  • Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program.
  • Under Additional Scans check the boxes beside Reg - App Paths, Reg - Desktop Components, Reg - Disabled MS Config Items, and File - Purity Scan.
  • Under Files Created Within and Files Modified Within change it to 90 days.
  • Under Rootkit Search change it to Yes
  • Check the box at the top-left beside Scan All Users
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way

PS: To attach a file, do the following:

* Click Add Reply
* Under the reply panel is the Attachments Panel
* Browse to find the attachment file you want to upload, highlight the file by clicking once on it, then click the green Upload button
* Once it has uploaded, click the Manage Current Attachments drop down box
* On the left you will see a icon like a letter with a little green cross on it. Please click on that and it should upload to the thread.
  • 0

#73
megadez

megadez

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Attached File  OTScanIt.zip   54.33KB   149 downloads

during the scan my symantec displayed notification about two trojan horses which were quarantined, location was in temp folder

something like \localsettings\temp\itdglgee.dll
  • 0

#74
megadez

megadez

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
symanter quarantined bloodhound.pdf.7

risk type heuristics

location applicationdata\mozilla\firefox\profiles\1fv4odxm.default\cache\
  • 0

#75
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Please read this post completely, it may make it easier if you copy and paste this post to a new text document or print it for reference later. This will especially help you when your computer is off line.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP