Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help Please?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help Please?

Unread postby paradox » April 12th, 2010, 8:47 pm

Hello there. Kind of getting desperate here.

For the past few days, everytime i do a search on Firefox using Google on the search bar, or even using the site itself, NOD32 blocks a couple of pages from opening. I went to the NOD32 logs and this is what i get:

13-04-2010 0:10:08 HTTP filter file TROJAN URL a variant of Win32/Oficla.FX trojan connection terminated - quarantined NT AUTHORITY\SYSTEM Threat was detected upon access to web by the application: C:\WINDOWS\system32\svchost.exe.

Well, i made a scan and deleted one or 2 things, including what appeared to be a Win32/Kryptik.DPU trojan variant.

The thing is, the problem persists, and even after using other tools (Malwarebytes, or even Spybot in safe mode which were unable to find anything) i can't seem to end this problem. Makes me think that i have some kind of malware that interacts with my browser, namely when i search stuff on google.

Would really use some help here. Here go the logs of Hijack and Uninstall List:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:24, on 13-04-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AveDesk13\AVEDESK.EXE
C:\PROGRA~1\TrafNet\TrafNet.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\yz_dock\YzDock.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\eXtreme\mirc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [AVEDESK] "C:\Program Files\AveDesk13\AVEDESK.EXE"
O4 - HKCU\..\Run: [TrafNet] C:\PROGRA~1\TrafNet\TrafNet.exe /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\prick\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: YzDock.lnk = C:\Program Files\yz_dock\YzDock.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 5508447781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8573713578
O17 - HKLM\System\CCS\Services\Tcpip\..\{7193BC82-F184-4B05-8905-AA77776E24BA}: NameServer = 212.55.154.174
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 7871 bytes



µTorrent
AC3Filter 1.63b
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
CCleaner
Counter-Strike: Source
Day of Defeat: Source
ffdshow [rev 3128] [2009-11-08]
Haali Media Splitter
HijackThis 2.0.2
HLSW v1.3.2.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Foto e Imagem 2.0 - All-in-One
HP Foto e Imagem 2.0 - All-in-One Drivers
HP Foto e Imagem 2.0 - hp psc 1200 series
hp psc 1200 series
IconPackager
IconPackager
iTunes
Java(TM) 6 Update 15
JDownloader
LogMeIn
Logon Loader 3.0
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Medieval CUE Splitter
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PTG
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PTG
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Language Pack - ptg
Microsoft .NET Framework 3.5 Language Pack - PTG
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIRC
Mozilla Firefox (3.5.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
neroxml
NVIDIA Drivers
NVIDIA PhysX
PFPortChecker 1.0.32
PokerStars
QuickTime
Razer DeathAdder(TM) Mouse
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Sereby's Updatepack - IE8 Addon Version 1.0.7
SoundMAX
Steam
Team Fortress 2
TeamSpeak 2 RC2
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
TrafNet 2.0.9
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Veetle TV 0.9.16
VexcastPlayer2.0
Winamp
Windows Driver Package - Apple Inc. Apple Keyboard (07/18/2007 2.0.0.7)
Windows Driver Package - Cypress (CyUsb) USB
Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
WinSCP 4.1.9
WinZip
XML Paper Specification Shared Components Language Pack 1.0
paradox
Active Member
 
Posts: 5
Joined: April 12th, 2010, 8:17 pm
Advertisement
Register to Remove

Re: Help Please?

Unread postby xixo_12 » April 18th, 2010, 12:15 am

Hello and Welcome to Malware Removal Forums.
  • My name is xixo_12 and I will guide you.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • You may wish to print them off or copy the instruction into Notepad.
  • If you have any question please don't hesitate to ask.
  • The instructions that I will give to you are specific to your current problem and shouldn't be used on other systems.
  • If you are receiving help or have received help on this problem elsewhere, please let us know.
  • Keep interact with me until your computer is clean.

Please make sure you have done your reading on this topic : How to get help at this forum
Please! If you need more time to do all the instructions, let me know before 72hours is done. Otherwise, your thread will be closed

First,
P2P software.
IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
µTorrent

  • It's not a good idea to have them.
  • You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  • Go to Control Panel > Add/Remove Programs and uninstall the P2P program(s) listed above.
  • If you do not wish to remove your P2P programs, don't proceed with the next instruction and please tell me to close this topic.

Next,
CKScanner.
Please download from HERE and save to the desktop.
  • Double click on CKScanner.exe to run it and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Next,
Checklist.
Please post.
  • Content of CKFiles.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Help Please?

Unread postby paradox » April 18th, 2010, 11:34 am

CKScanner - Additional Security Risks - These are not necessarily bad
c:\casino\betfair casino\data\slots_safecracker\3d\reel0.slt
c:\casino\betfair casino\data\slots_safecracker\3d\reel1.slt
c:\casino\betfair casino\data\slots_safecracker\3d\reel2.slt
c:\msn downloads\audioburst powerfx 2.10 crack.ace
scanner sequence 3.CA.11
----- EOF -----
paradox
Active Member
 
Posts: 5
Joined: April 12th, 2010, 8:17 pm

Re: Help Please?

Unread postby xixo_12 » April 18th, 2010, 11:37 am

Hi,
Let's proceed.

First,,
Reboot into the usual account.

Next,
RSIT by random/random.
Please download from HERE and save to the desktop.
  • Double-click on RSIT.exe to run the tool.
  • Click Continue at the disclaimer screen.
  • Once it finishes, two logs will open.
    • log.txt will be opened maximized
    • info.txt will be opened minimized
  • Please post the contents of both logs in your next post.
***You can find manually the log at C:\rsit

Next,
GMER.
Please download from HERE and save to the desktop.
  • Unzip/extract the file to its own folder.
  • Disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan,click NO.
  • Click on >>> symbol and choose on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

Next,
Checklist.
Please post.
  • Content of log.txt and info.txt (Find both in c:\rsit)
  • Content of GMER.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Help Please?

Unread postby xixo_12 » April 20th, 2010, 7:33 am

Hello :),

Reminder.
It's 48 hours since my last reply.
Please let me know if you have any problems to understand my instructions or you need an extra time.
In order to maintain our policy,
You have, next 24 hours to reply at this topic, otherwise it will be closed as inactive.

Regards,
xixo_12
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Help Please?

Unread postby paradox » April 20th, 2010, 11:13 pm

I'm sorry, but i was unable to use my PC for these last few days, but i did use the tools you suggested me, the weird thing is that the problem was gone after i ran GMER. Is this normal, is GMER supposed to clean the problem? or could a NOD32 update have solved the problem? I can paste the logs you asked here later today.
paradox
Active Member
 
Posts: 5
Joined: April 12th, 2010, 8:17 pm

Re: Help Please?

Unread postby xixo_12 » April 20th, 2010, 11:45 pm

Hi,
GMER is just for rootkit scanner. It will not solve any problems that you have.
If you like to continue, just provide the logs and I will go through about it.

If not, I will ask for closure.
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Help Please?

Unread postby paradox » April 21st, 2010, 4:59 pm

info.txt logfile of random's system information tool 1.06 2010-04-18 16:58:26

======Uninstall list======

-->MsiExec /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter 1.63b-->"C:\Program Files\AC3Filter\unins000.exe"
Acrobat.com-->msiexec /qb /x {6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Acrobat.com-->MsiExec.exe /I{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Mobile Device Support-->MsiExec.exe /I{B5C3B892-0849-476C-9F46-B12F84819D57}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Betfair Casino-->"C:\Casino\Betfair Casino\_SetupCasino_9e939e.exe" /uninstall
Bonjour-->MsiExec.exe /X{76BC2442-0002-47FA-9617-43BAD82BEF4C}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Day of Defeat: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/300
Empress of the Deep - The Darkest Secret-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-empressofthedeepthedarkestsecret.rguninst" "AddRemove"
ffdshow [rev 3128] [2009-11-08]-->"C:\Program Files\ffdshow\unins000.exe"
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLSW v1.3.2.1-->"C:\Program Files\HLSW\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HP Foto e Imagem 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Foto e Imagem 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Foto e Imagem 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
IconPackager-->"C:\Documents and Settings\All Users\Application Data\{B98A2B83-8BB0-42E7-AA1D-D6FA6E7C8F31}\IconPackager.exe" REMOVE=TRUE MODIFY=FALSE
IconPackager-->C:\Documents and Settings\All Users\Application Data\{B98A2B83-8BB0-42E7-AA1D-D6FA6E7C8F31}\IconPackager.exe
Insider Tales - Vanished in Rome-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-insidertalesvanishedinrome.rguninst" "AddRemove"
iTunes-->MsiExec.exe /I{996A2FAA-7514-4628-9D12-A8FC34A0016E}
Jane Angel - Templar Mystery-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-janeangeltemplarmystery.rguninst" "AddRemove"
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
JDownloader-->C:\Program Files\JDownloader\uninstall.exe
LogMeIn-->MsiExec.exe /I{34F93E31-E1A0-421C-8E86-BCF7C4193A91}
Logon Loader 3.0-->C:\Program Files\Logon Loader\uninst.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Medieval CUE Splitter-->MsiExec.exe /I{B96D2269-568B-4CBF-9332-12FAE8B158F7}
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - PTG-->MsiExec.exe /I{86D08C33-E38D-33C1-8521-65A0281F4CC6}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - PTG-->MsiExec.exe /I{EFD60119-AC8D-3F86-8B83-7BEB03A69FB5}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack - PTG-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - ptg\setup.exe
Microsoft .NET Framework 3.5 Language Pack - ptg-->MsiExec.exe /I{BCC5866E-3653-39E6-A763-DACD24F35BF0}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mind's Eye - Secrets of the Forgotten-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-mindseyesecretsoftheforgotten.rguninst" "AddRemove"
mIRC-->"C:\eXtreme\mirc.exe" -uninstall
Mozilla Firefox (3.5.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe
Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A"
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}
PFPortChecker 1.0.32-->C:\Program Files\PFPortChecker\uninst.exe
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Razer DeathAdder(TM) Mouse-->C:\Program Files\InstallShield Installation Information\{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}\setup.exe -runfromtemp -l0x0009 -removeonly
Romantic Discoveries Bundle - 3 in 1-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\am-romanticdiscoveriesbundle3in1.rguninst" "AddRemove"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sereby's Updatepack - IE8 Addon Version 1.0.7-->msiexec.exe
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x416 -removeonly
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Team Fortress 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/440
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe"
TomTom HOME 2.7.3.1894-->C:\Program Files\TomTom HOME 2\Uninstall TomTom HOME.exe
TomTom HOME Visual Studio Merge Modules-->MsiExec.exe /I{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}
TrafNet 2.0.9-->C:\Program Files\TrafNet\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Veetle TV 0.9.16-->C:\Program Files\Veetle\UninstallVeetleTV.exe
VexcastPlayer2.0-->"C:\WINDOWS\system32\Nagasoft\Uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Apple Inc. Apple Keyboard (07/18/2007 2.0.0.7)-->C:\PROGRA~1\DIFX\7F01D4C0B2897E27\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\keymagic_4198E0DC68B0013AE225FE28D3A2C303E2BD6730\keymagic.inf
Windows Driver Package - Cypress (CyUsb) USB -->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\cyusb_13860389BCE916343D6A5C65169C6F0C6BF6E3EA\cyusb.inf
Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\dadder_1D206EBC9FC4C5439CDE5E133FD5DADD76F8E58F\dadder.inf
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.1.9-->"C:\Program Files\WinSCP\unins000.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: ESET NOD32 Antivirus 4.0

======System event log======

Computer Name: CROW
Event Code: 15005
Message: Unable to bind to the underlying transport for 0.0.0.0:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.

Record Number: 1252
Source Name: HTTP
Time Written: 20091123153607.000000+000
Event Type: error
User:

Computer Name: CROW
Event Code: 59
Message: Generate Activation Context failed for C:\Program Files\ESET\ESET NOD32 Antivirus\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Record Number: 1209
Source Name: SideBySide
Time Written: 20091123055147.000000+000
Event Type: error
User:

Computer Name: CROW
Event Code: 58
Message: Syntax error in manifest or policy file "C:\Program Files\ESET\ESET NOD32 Antivirus\Microsoft.VC80.MFCLOC.MANIFEST" on line 5.

Record Number: 1208
Source Name: SideBySide
Time Written: 20091123055147.000000+000
Event Type: error
User:

Computer Name: CROW
Event Code: 34
Message: Component identity found in manifest does not match the identity of the component requested

Record Number: 1207
Source Name: SideBySide
Time Written: 20091123055147.000000+000
Event Type: error
User:

Computer Name: CROW
Event Code: 59
Message: Generate Activation Context failed for C:\Program Files\ESET\ESET NOD32 Antivirus\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Record Number: 1206
Source Name: SideBySide
Time Written: 20091123055147.000000+000
Event Type: error
User:

=====Application event log=====

Computer Name: CROW
Event Code: 1002
Message: Hanging application hl2.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 546
Source Name: Application Hang
Time Written: 20100120043330.000000+000
Event Type: error
User:

Computer Name: CROW
Event Code: 1002
Message: Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 545
Source Name: Application Hang
Time Written: 20100120011802.000000+000
Event Type: error
User:

Computer Name: CROW
Event Code: 1002
Message: Hanging application hl2.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 529
Source Name: Application Hang
Time Written: 20100115024817.000000+000
Event Type: error
User:

Computer Name: CROW
Event Code: 110
Message: Request denied for user ? for URI [/main.html] from IP address 89.181.51.211. Secure (SSL) Connection: Yes

Record Number: 509
Source Name: LogMeIn
Time Written: 20100106024043.000000+000
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: CROW
Event Code: 1000
Message: Faulting application hl2.exe, version 0.0.0.0, faulting module vstdlib.dll, version 0.0.0.0, fault address 0x00001f42.

Record Number: 440
Source Name: Application Error
Time Written: 20091218202348.000000+000
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"asl.log"=Destination=file;OnFirstLog=command,environment
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.06 (written by random/random)
Run by prick at 2010-04-18 16:58:20
Microsoft Windows XP Professional Service Pack 3
System drive C: has 31 GB (39%) free of 79 GB
Total RAM: 3327 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:25, on 18-04-2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AveDesk13\AVEDESK.EXE
C:\PROGRA~1\TrafNet\TrafNet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\yz_dock\YzDock.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\eXtreme\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\prick\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\prick.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AVEDESK] "C:\Program Files\AveDesk13\AVEDESK.EXE"
O4 - HKCU\..\Run: [TrafNet] C:\PROGRA~1\TrafNet\TrafNet.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\prick\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: YzDock.lnk = C:\Program Files\yz_dock\YzDock.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 5508447781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 8573713578
O17 - HKLM\System\CCS\Services\Tcpip\..\{7193BC82-F184-4B05-8905-AA77776E24BA}: NameServer = 212.55.154.174
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço de Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Serviço iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 7889 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1270068795.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-19 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-19 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-10-08 1036288]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2007-10-08 864256]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-09-27 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-09-27 13918208]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-09-11 2054360]
"DeathAdder"=C:\Program Files\Razer\DeathAdder\razerhid.exe [2008-09-05 159744]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-03-17 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-03-26 142120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AVEDESK"=C:\Program Files\AveDesk13\AVEDESK.EXE [2005-10-26 1424896]
"TrafNet"=C:\PROGRA~1\TrafNet\TrafNet.exe [2009-08-31 1884672]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-08-11 63048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2009-11-13 247144]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Documents and Settings\prick\Start Menu\Programs\Startup
Dropbox.lnk - C:\Documents and Settings\prick\Application Data\Dropbox\bin\Dropbox.exe
YzDock.lnk - C:\Program Files\yz_dock\YzDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-09-28 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 190464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2009-11-05 133632]
IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll [2009-01-28 70960]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\eMule\eMule.exe"="D:\eMule\eMule.exe:*:Enabled:eMule"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Steam\steamapps\soldtothedevil\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\soldtothedevil\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\soldtothedevil\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\soldtothedevil\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\PFPortChecker\PFPortChecker.exe"="C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded."
"C:\eXtreme\mirc.exe"="C:\eXtreme\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Steam\steamapps\soldtothedevil\day of defeat source\hl2.exe"="C:\Program Files\Steam\steamapps\soldtothedevil\day of defeat source\hl2.exe:*:Enabled:hl2"
"C:\Documents and Settings\prick\Application Data\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\prick\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Serviço de Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======List of files/folders created in the last 1 months======

2010-04-18 16:58:20 ----D---- C:\rsit
2010-04-18 15:33:02 ----D---- C:\Documents and Settings\prick\Application Data\iMaxGen
2010-04-18 14:14:48 ----D---- C:\Documents and Settings\All Users\Application Data\Intenium
2010-04-18 10:22:59 ----D---- C:\Documents and Settings\All Users\Application Data\Alawar Entertainment
2010-04-18 00:05:48 ----D---- C:\Documents and Settings\All Users\Application Data\Artist Colony
2010-04-17 23:48:39 ----D---- C:\GameHouse Games
2010-04-15 03:08:27 ----D---- C:\Documents and Settings\prick\Application Data\Mumble
2010-04-15 03:08:03 ----D---- C:\Program Files\Mumble
2010-04-14 18:48:30 ----D---- C:\Casino
2010-04-13 04:28:40 ----D---- C:\Program Files\iPod
2010-04-13 04:25:54 ----D---- C:\Program Files\Apple Software Update
2010-04-13 04:24:22 ----D---- C:\Program Files\Bonjour
2010-04-13 02:31:57 ----A---- C:\WINDOWS\system32\bootdelete.exe
2010-04-13 02:28:18 ----D---- C:\Documents and Settings\All Users\Application Data\Hitman Pro
2010-04-13 02:28:16 ----D---- C:\Program Files\Hitman Pro 3.5
2010-04-13 01:39:45 ----D---- C:\WINDOWS\system32\appmgmt
2010-04-13 01:33:42 ----D---- C:\Program Files\Trend Micro
2010-04-13 00:43:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-13 00:14:55 ----D---- C:\Program Files\QuickTime
2010-04-12 22:34:36 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-12 21:37:25 ----D---- C:\Documents and Settings\prick\Application Data\Malwarebytes
2010-04-12 21:37:11 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-04-12 20:49:25 ----D---- C:\Program Files\SUPERAntiSpyware
2010-04-12 20:49:24 ----D---- C:\Documents and Settings\prick\Application Data\SUPERAntiSpyware.com
2010-04-12 17:49:59 ----D---- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-12 17:42:23 ----SHD---- C:\Config.Msi
2010-04-12 04:09:21 ----D---- C:\Documents and Settings\prick\Application Data\TS3Client
2010-04-12 04:09:09 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-04-11 14:28:33 ----D---- C:\Documents and Settings\prick\Application Data\Settlement. Colossus
2010-04-11 12:47:10 ----D---- C:\Documents and Settings\prick\Application Data\Alawar Entertainment
2010-04-11 11:26:34 ----D---- C:\Documents and Settings\prick\Application Data\BanzaiInteractive
2010-04-09 03:23:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-04-09 03:23:30 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-08 06:24:55 ----D---- C:\WINDOWS\pss
2010-03-31 21:55:06 ----D---- C:\Documents and Settings\prick\Application Data\Hewlett-Packard
2010-03-31 21:54:39 ----D---- C:\Program Files\HP
2010-03-31 21:54:37 ----A---- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
2010-03-31 21:51:29 ----D---- C:\Program Files\Common Files\Hewlett-Packard
2010-03-31 21:50:32 ----D---- C:\Program Files\Hewlett-Packard
2010-03-31 21:49:11 ----D---- C:\temp
2010-03-28 12:45:22 ----D---- C:\Documents and Settings\All Users\Application Data\EscapeTheMuseum2
2010-03-27 19:13:10 ----D---- C:\Documents and Settings\prick\Application Data\Silverback Productions
2010-03-27 12:25:48 ----D---- C:\Documents and Settings\All Users\Application Data\GameHouse
2010-03-22 23:42:40 ----D---- C:\Program Files\Veetle
2010-03-22 05:18:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-21 13:58:35 ----D---- C:\Documents and Settings\prick\Application Data\MemoryClinic
2010-03-21 13:34:48 ----D---- C:\Documents and Settings\prick\Application Data\MysteryStudio

======List of files/folders modified in the last 1 months======

2010-04-18 16:58:25 ----D---- C:\WINDOWS\Temp
2010-04-18 16:57:31 ----SHD---- C:\WINDOWS\Installer
2010-04-18 16:55:58 ----D---- C:\WINDOWS\system32
2010-04-18 16:55:31 ----D---- C:\WINDOWS\Prefetch
2010-04-18 16:55:15 ----D---- C:\Program Files\Steam
2010-04-18 16:54:28 ----D---- C:\Program Files\Mozilla Firefox
2010-04-18 16:54:07 ----D---- C:\Documents and Settings\prick\Application Data\Dropbox
2010-04-18 16:53:58 ----D---- C:\WINDOWS
2010-04-18 16:53:39 ----D---- C:\WINDOWS\system32\drivers
2010-04-18 16:52:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-18 16:52:19 ----D---- C:\eXtreme
2010-04-18 16:32:27 ----RD---- C:\Program Files
2010-04-18 16:32:25 ----D---- C:\Documents and Settings\prick\Application Data\uTorrent
2010-04-18 15:25:49 ----D---- C:\Program Files\RealArcade
2010-04-18 00:20:04 ----D---- C:\Program Files\LogMeIn
2010-04-17 03:38:23 ----D---- C:\Program Files\JDownloader
2010-04-16 07:06:52 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-15 23:39:46 ----D---- C:\Documents and Settings\prick\Application Data\HLSW
2010-04-15 03:08:11 ----D---- C:\WINDOWS\WinSxS
2010-04-15 01:42:04 ----D---- C:\WINDOWS\Network Diagnostic
2010-04-13 04:29:45 ----D---- C:\Program Files\iTunes
2010-04-13 04:28:35 ----D---- C:\Program Files\Common Files\Apple
2010-04-13 04:25:56 ----SD---- C:\WINDOWS\Tasks
2010-04-13 04:25:11 ----HD---- C:\WINDOWS\inf
2010-04-13 04:25:11 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-13 04:25:08 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-04-13 04:25:05 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-13 04:25:04 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-13 00:21:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-13 00:18:31 ----D---- C:\WINDOWS\system32\config
2010-04-13 00:18:17 ----D---- C:\WINDOWS\system32\wbem
2010-04-13 00:18:16 ----D---- C:\WINDOWS\Registration
2010-04-13 00:12:48 ----D---- C:\WINDOWS\system32\Restore
2010-04-12 22:35:17 ----D---- C:\Documents and Settings
2010-04-12 22:34:12 ----D---- C:\WINDOWS\SxsCaPendDel
2010-04-12 20:46:59 ----RD---- C:\MSN downloads
2010-04-12 19:36:20 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-11 23:06:11 ----D---- C:\Documents and Settings\prick\Application Data\teamspeak2
2010-04-08 06:24:05 ----D---- C:\Program Files\CCleaner
2010-04-08 06:21:43 ----D---- C:\WINDOWS\Minidump
2010-04-08 06:21:43 ----D---- C:\WINDOWS\Debug
2010-03-31 21:53:31 ----A---- C:\WINDOWS\win.ini
2010-03-31 21:52:23 ----D---- C:\WINDOWS\twain_32
2010-03-31 21:51:29 ----D---- C:\Program Files\Common Files
2010-03-31 18:33:01 ----D---- C:\Program Files\Internet Explorer
2010-03-31 18:32:49 ----D---- C:\WINDOWS\ie8updates
2010-03-31 18:32:41 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-26 20:59:44 ----D---- C:\Program Files\PokerStars
2010-03-22 05:18:07 ----D---- C:\Program Files\Movie Maker
2010-03-21 05:23:02 ----D---- C:\DivX subs
2010-03-19 05:14:57 ----D---- C:\Program Files\WinRAR

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-09-11 108792]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-09-11 96408]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-09-11 116008]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-09 313856]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-06-19 103424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2009-11-05 60800]
R3 DAdderFltr;DeathAdder Mouse; C:\WINDOWS\system32\drivers\dadder.sys [2007-08-02 22784]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-08-11 10144]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2009-11-05 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2009-11-05 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-09-27 7655872]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-09-19 290432]
S3 ai8cze5t;ai8cze5t; C:\WINDOWS\system32\drivers\ai8cze5t.sys []
S3 CyUsb;Cypress Generic USB Driver; C:\WINDOWS\System32\Drivers\CyUsb.sys [2005-03-03 31104]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1; C:\WINDOWS\system32\drivers\libusb0.sys [2007-03-20 28672]
S3 Netaapl;Apple Mobile Device Ethernet Service; C:\WINDOWS\system32\DRIVERS\netaapl.sys [2009-08-28 17408]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-10-16 41472]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-11-05 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-11-05 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672]
R2 Bonjour Service;Serviço de Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-11 735960]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-19 153376]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-09-28 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-08-11 63040]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-09-27 172100]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 yksvc;Marvell Yukon Service; ykx32mpcoinst,serviceStartProc []
R3 iPod Service;Serviço iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-03-26 545576]
S2 vvdsvc;VJVodClientServices; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-09-11 20680]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-21 21:53:02
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\prick\LOCALS~1\Temp\uxtdqpob.sys


---- System - GMER 1.0.15 ----

SSDT 89B07580 ZwAssignProcessToJobObject
SSDT spln.sys ZwCreateKey [0xB7EB50E0]
SSDT 89B08100 ZwDebugActiveProcess
SSDT 89B07B30 ZwDuplicateObject
SSDT spln.sys ZwEnumerateKey [0xB7ECDDA4]
SSDT spln.sys ZwEnumerateValueKey [0xB7ECE132]
SSDT spln.sys ZwOpenKey [0xB7EB50C0]
SSDT 89B06CC0 ZwOpenProcess
SSDT 89B06FC0 ZwOpenThread
SSDT 89B079C0 ZwProtectVirtualMemory
SSDT spln.sys ZwQueryKey [0xB7ECE20A]
SSDT spln.sys ZwQueryValueKey [0xB7ECE08A]
SSDT 89B07860 ZwSetContextThread
SSDT 89B076E0 ZwSetInformationThread
SSDT 89B04700 ZwSetSecurityObject
SSDT spln.sys ZwSetValueKey [0xB7ECE29C]
SSDT 89B07420 ZwSuspendProcess
SSDT 89B072C0 ZwSuspendThread
SSDT 89B06E50 ZwTerminateProcess
SSDT 89B07150 ZwTerminateThread
SSDT 89B07F50 ZwWriteVirtualMemory

INT 0x63 ? 8A47FBF8
INT 0x63 ? 8A47FBF8
INT 0x63 ? 8A47FBF8
INT 0x63 ? 8A47FBF8
INT 0x83 ? 8A709BF8
INT 0x83 ? 8A709BF8
INT 0x83 ? 8A47FBF8
INT 0x83 ? 8A709BF8
INT 0x84 ? 8A47FBF8
INT 0x94 ? 8A47FBF8
INT 0xA4 ? 8A709BF8
INT 0xA4 ? 8A709BF8
INT 0xA4 ? 8A709BF8
INT 0xA4 ? 8A709BF8
INT 0xA4 ? 8A709BF8

---- Kernel code sections - GMER 1.0.15 ----

? spln.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6F19360, 0x3E57A5, 0xE8000020]
.text USBPORT.SYS!DllUnload B6EF98AC 5 Bytes JMP 8A47F1D8
.text as1hw3cw.SYS B6E16386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text as1hw3cw.SYS B6E163AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text as1hw3cw.SYS B6E163C4 3 Bytes [00, 80, 02]
.text as1hw3cw.SYS B6E163C9 1 Byte [30]
.text as1hw3cw.SYS B6E163C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB3EE1A00]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1332] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB6042] spln.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB613E] spln.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB60C0] spln.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB6800] spln.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB66D6] spln.sys
IAT \SystemRoot\System32\Drivers\as1hw3cw.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\as1hw3cw.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\as1hw3cw.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\as1hw3cw.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\as1hw3cw.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\as1hw3cw.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\as1hw3cw.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\as1hw3cw.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\as1hw3cw.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\as1hw3cw.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\as1hw3cw.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\as1hw3cw.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\as1hw3cw.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\as1hw3cw.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\as1hw3cw.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC5B90] spln.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A7081F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\NetBT \Device\NetBT_Tcpip_{CB174A66-9922-433C-BCD2-E97D6E1D1F7E} 89A88500
Device \Driver\PCI_PNP5350 \Device\00000043 spln.sys
Device \Driver\usbuhci \Device\USBPDO-0 8A3BB1F8
Device \Driver\usbuhci \Device\USBPDO-1 8A3BB1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A69A1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A69A1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A69A1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A69A1F8
Device \Driver\sptd \Device\396465350 spln.sys
Device \Driver\usbuhci \Device\USBPDO-2 8A3BB1F8
Device \Driver\usbehci \Device\USBPDO-3 8A4701F8
Device \Driver\usbuhci \Device\USBPDO-4 8A3BB1F8

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device \Driver\usbuhci \Device\USBPDO-5 8A3BB1F8
Device \Driver\usbuhci \Device\USBPDO-6 8A3BB1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A70A1F8
Device \Driver\usbehci \Device\USBPDO-7 8A4701F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A70A1F8
Device \Driver\Cdrom \Device\CdRom0 8A4541F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A70A1F8
Device \Driver\Cdrom \Device\CdRom1 8A4541F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort5 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-1c [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-24 [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 89A88500
Device \Driver\NetBT \Device\NetBT_Tcpip_{7193BC82-F184-4B05-8905-AA77776E24BA} 89A88500
Device \Driver\NetBT \Device\NetbiosSmb 89A88500
Device \Driver\usbuhci \Device\USBFDO-0 8A3BB1F8
Device \Driver\usbuhci \Device\USBFDO-1 8A3BB1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89A2A1F8
Device \Driver\usbuhci \Device\USBFDO-2 8A3BB1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89A2A1F8
Device \Driver\usbehci \Device\USBFDO-3 8A4701F8
Device \Driver\usbuhci \Device\USBFDO-4 8A3BB1F8
Device \Driver\Ftdisk \Device\FtControl 8A70A1F8
Device \Driver\usbuhci \Device\USBFDO-5 8A3BB1F8
Device \Driver\usbuhci \Device\USBFDO-6 8A3BB1F8
Device \Driver\usbehci \Device\USBFDO-7 8A4701F8
Device \Driver\as1hw3cw \Device\Scsi\as1hw3cw1 8A32B500
Device \Driver\as1hw3cw \Device\Scsi\as1hw3cw1Port6Path0Target0Lun0 8A32B500
Device \FileSystem\Cdfs \Cdfs 89FAA500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x63 0x0C 0x1D 0xB0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x98 0x48 0xAC 0x67 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x76 0xAB 0xBD 0x5B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x63 0x0C 0x1D 0xB0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x98 0x48 0xAC 0x67 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x76 0xAB 0xBD 0x5B ...

---- EOF - GMER 1.0.15 ----
paradox
Active Member
 
Posts: 5
Joined: April 12th, 2010, 8:17 pm

Re: Help Please?

Unread postby xixo_12 » April 22nd, 2010, 6:27 am

Hi,
Try this.

DeFogger - Disable
Please download from HERE and save to the desktop.
  • Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Next,
GMER
Please run it again and provide the log for me.

Next,
Checklist.
Please post.
  • Content of GMER.txt
User avatar
xixo_12
MRU Master Emeritus
 
Posts: 2340
Joined: October 14th, 2008, 11:40 am
Location: Malaysia

Re: Help Please?

Unread postby Dakeyras » April 25th, 2010, 8:46 am

Due to lack of activity, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware