OTL logfile created on: 8/19/2010 10:52:59 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
512.00 Mb Total Physical Memory | 165.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 29.69 Gb Free Space | 39.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OWNER-KH6ISDX5E
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (NAV) -- C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
========== Driver Services (SafeList) ========== DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\BASHDefs\20100810.004\BHDrvx86.sys (Symantec Corporation)
DRV - (pxrts) -- C:\WINDOWS\system32\drivers\pxrts.sys (Prevx)
DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20100818.006\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\VirusDefs\20100818.006\NAVENG.SYS (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\Definitions\IPSDefs\20100816.001\IDSXpx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NAV\1107000.00C\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\ccHPx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NAV\1107000.00C\SYMDS.SYS (Symantec Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (AN983) -- C:\WINDOWS\system32\drivers\an983.sys (ADMtek Incorporated.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1844237615-261478967-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/IE - HKU\S-1-5-21-1844237615-261478967-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.ca"
FF - prefs.js..extensions.enabledItems:
toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.6.0.32\IPSFFPlgn\ [2010/07/14 21:39:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/16 20:24:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/16 20:24:27 | 000,000,000 | ---D | M]
[2010/03/23 19:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/08/17 19:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejj5v28e.default\extensions
[2010/08/17 19:55:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejj5v28e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/12 22:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ejj5v28e.default\extensions\toolbar@ask.com
[2010/03/23 19:48:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2003/03/31 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-1844237615-261478967-682003330-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1844237615-261478967-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B}
http://www.fileplanet.com/fpdlmgr/cabs/ ... 10.115.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
http://update.microsoft.com/microsoftup ... 9214124734 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.microsoft.com/microsoftup ... 9214106781 (MUWebControl Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/21 18:16:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\baldur.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2010/08/12 22:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/03 23:38:31 | 000,068,968 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/08/03 23:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/08/02 15:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\MumboJumbo
[2010/07/24 18:31:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/07/24 18:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade
[2010/07/24 17:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\Black Isle
[2010/07/24 17:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/07/24 17:45:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2010/07/24 17:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/08/19 23:01:04 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/08/19 22:44:42 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/19 22:43:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/19 22:43:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/19 22:43:31 | 536,449,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/19 14:26:21 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/08/19 14:26:21 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/08/19 14:07:41 | 000,013,756 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/18 19:43:29 | 004,273,492 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/08/18 17:08:18 | 000,000,474 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Owner.job
[2010/08/13 19:30:10 | 000,114,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 19:13:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/13 19:10:07 | 000,488,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 19:10:07 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 19:10:07 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/12 22:31:44 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/08/07 00:32:08 | 000,000,487 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/07 00:32:08 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/07 00:32:08 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/08/03 23:38:31 | 000,068,968 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/08/03 23:38:06 | 000,000,048 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/27 00:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/22 20:29:08 | 000,018,544 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/22 20:27:56 | 000,077,849 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\38621_446573615756_117533210756_6037763_6038584_n.jpg
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/08/12 22:31:42 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/08/03 23:38:06 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/22 20:28:30 | 000,077,849 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\38621_446573615756_117533210756_6037763_6038584_n.jpg
[2010/07/04 17:49:21 | 000,697,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/07/01 12:31:36 | 000,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2010/06/28 19:08:57 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/04/07 23:45:41 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/04/07 23:45:41 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/04/07 23:45:41 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/04/02 22:43:50 | 000,022,528 | ---- | C] () -- C:\WINDOWS\System32\ovstw2k.dll
[2010/03/25 22:45:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
< End of report >
OTL Extras logfile created on: 8/19/2010 10:52:59 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
512.00 Mb Total Physical Memory | 165.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 29.69 Gb Free Space | 39.83% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: OWNER-KH6ISDX5E
Current User Name: Owner
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-1844237615-261478967-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58068:TCP" = 58068:TCP:*:Enabled:Pando Media Booster
"58068:UDP" = 58068:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"58068:TCP" = 58068:TCP:*:Enabled:Pando Media Booster
"58068:UDP" = 58068:UDP:*:Enabled:Pando Media Booster
"8378:TCP" = 8378:TCP:*:Enabled:League of Legends Launcher
"8378:UDP" = 8378:UDP:*:Enabled:League of Legends Launcher
"8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby
"8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby
"8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client
"8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client
"6906:TCP" = 6906:TCP:*:Enabled:League of Legends Launcher
"6906:UDP" = 6906:UDP:*:Enabled:League of Legends Launcher
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\NeverwinterNights\NWN\nwmain.exe" = C:\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights -- (BioWare)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\Warcraft III\Warcraft III.exe" = C:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- ()
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Program Files\GameSpy Arcade\Aphex.exe" = C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade 1.01 -- (IGN Entertainment, Inc.)
"C:\Program Files\Black Isle\BGII - SoA\BGMain.exe" = C:\Program Files\Black Isle\BGII - SoA\BGMain.exe:*:Enabled:Baldur's Gate II - Shadows of Amn - Throne of Bhaal -- (BioWare Corp.)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Riot Games\League of Legends\lol.launcher.exe" = C:\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher -- (Solid State Networks)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate(TM) II - Throne of Bhaal (TM)
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo II" = Diablo II
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"GameSpy Arcade" = GameSpy Arcade
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.
" = Mozilla Firefox (3.6.
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NAV" = Norton AntiVirus
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"StarCraft" = StarCraft
"Warcraft III" = Warcraft III
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1844237615-261478967-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 7/12/2010 11:56:14 PM | Computer Name = OWNER-KH6ISDX5E | Source = Application Hang | ID = 1002
Description = Hanging application DTPro.exe, version 4.36.309.160, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 7/17/2010 12:23:47 PM | Computer Name = OWNER-KH6ISDX5E | Source = PerfDisk | ID = 2001
Description = Unable to read the disk performance information from the system. Disk
performance counters must be enabled for at least one physical disk or logical volume
in order for these counters to appear. Disk performance counters can be enabled
by using the Hardware Device Manager property pages. Status code returned is data
DWORD 0.
Error - 7/17/2010 12:29:39 PM | Computer Name = OWNER-KH6ISDX5E | Source = PerfDisk | ID = 2001
Description = Unable to read the disk performance information from the system. Disk
performance counters must be enabled for at least one physical disk or logical volume
in order for these counters to appear. Disk performance counters can be enabled
by using the Hardware Device Manager property pages. Status code returned is data
DWORD 0.
Error - 7/17/2010 8:01:27 PM | Computer Name = OWNER-KH6ISDX5E | Source = Application Error | ID = 1000
Description = Faulting application nwmain.exe, version 1.6.9.0, faulting module
nwmain.exe, version 1.6.9.0, fault address 0x001cb870.
Error - 7/17/2010 9:01:55 PM | Computer Name = OWNER-KH6ISDX5E | Source = PerfDisk | ID = 2001
Description = Unable to read the disk performance information from the system. Disk
performance counters must be enabled for at least one physical disk or logical volume
in order for these counters to appear. Disk performance counters can be enabled
by using the Hardware Device Manager property pages. Status code returned is data
DWORD 0.
Error - 7/17/2010 9:02:58 PM | Computer Name = OWNER-KH6ISDX5E | Source = MsiInstaller | ID = 11704
Description = Product: Microsoft .NET Framework 3.0 Service Pack 2 -- Error 1704.
An installation for Microsoft .NET Framework 2.0 Service Pack 2 is currently suspended.
You must undo the changes made by that installation to continue. Do you want
to undo those changes?
Error - 7/17/2010 9:08:24 PM | Computer Name = OWNER-KH6ISDX5E | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 3.0-kb977354,
P2 1033, P3 1604, P4 msi, P5 f, P6 9.0.40302.0, P7 install, P8 x86, P9 xp, P10
0.
Error - 7/18/2010 9:35:37 PM | Computer Name = OWNER-KH6ISDX5E | Source = PerfDisk | ID = 2001
Description = Unable to read the disk performance information from the system. Disk
performance counters must be enabled for at least one physical disk or logical volume
in order for these counters to appear. Disk performance counters can be enabled
by using the Hardware Device Manager property pages. Status code returned is data
DWORD 0.
Error - 7/21/2010 1:18:39 PM | Computer Name = OWNER-KH6ISDX5E | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module iertutil.dll, version 8.0.6001.18923, fault address 0x0015e37e.
Error - 7/21/2010 10:02:40 PM | Computer Name = OWNER-KH6ISDX5E | Source = Application Error | ID = 1001
Description = Fault bucket 1965183114.
[ System Events ]
Error - 8/7/2010 2:13:39 AM | Computer Name = OWNER-KH6ISDX5E | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 8/7/2010 2:13:39 AM | Computer Name = OWNER-KH6ISDX5E | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 8/7/2010 2:13:39 AM | Computer Name = OWNER-KH6ISDX5E | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 8/7/2010 2:15:12 AM | Computer Name = OWNER-KH6ISDX5E | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 8/10/2010 11:01:20 PM | Computer Name = OWNER-KH6ISDX5E | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.
Error - 8/10/2010 11:04:39 PM | Computer Name = OWNER-KH6ISDX5E | Source = Service Control Manager | ID = 7034
Description = The Application Layer Gateway Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 8/10/2010 11:04:42 PM | Computer Name = OWNER-KH6ISDX5E | Source = Service Control Manager | ID = 7034
Description = The PIXMA Extended Survey Program service terminated unexpectedly.
It has done this 1 time(s).
Error - 8/10/2010 11:04:51 PM | Computer Name = OWNER-KH6ISDX5E | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 8/10/2010 11:06:04 PM | Computer Name = OWNER-KH6ISDX5E | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.
Error - 8/10/2010 11:09:11 PM | Computer Name = OWNER-KH6ISDX5E | Source = Service Control Manager | ID = 7034
Description = The Print Spooler service terminated unexpectedly. It has done this
3 time(s).
< End of report >
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-08-19 23:11:32
Windows 5.1.2600 Service Pack 3
Running: qc411m25.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxpcqpoc.sys
---- System - GMER 1.0.15 ----
SSDT 82AD5F10 ZwAlertResumeThread
SSDT 82AD5FD0 ZwAlertThread
SSDT 82B5B100 ZwAllocateVirtualMemory
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwAssignProcessToJobObject [0xF67CEA00]
SSDT 82B04E90 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF6BA8210]
SSDT 829DAB78 ZwCreateMutant
SSDT 82AE1618 ZwCreateSymbolicLinkObject
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwCreateThread [0xF67CEA50]
SSDT 82A25B18 ZwDebugActiveProcess
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteKey [0xF67CE720]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwDeleteValueKey [0xF67CE7E0]
SSDT 82DEC098 ZwDuplicateObject
SSDT spzt.sys ZwEnumerateKey [0xF8636E4C]
SSDT spzt.sys ZwEnumerateValueKey [0xF86371DA]
SSDT 82B41080 ZwFreeVirtualMemory
SSDT 82AD5658 ZwImpersonateAnonymousToken
SSDT 82AD5738 ZwImpersonateThread
SSDT 82B65350 ZwLoadDriver
SSDT 82B2D1A0 ZwMapViewOfSection
SSDT 829DAAB8 ZwOpenEvent
SSDT spzt.sys ZwOpenKey [0xF861C0C0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenProcess [0xF67CEE10]
SSDT 82B3D0C8 ZwOpenProcessToken
SSDT 82B763B8 ZwOpenSection
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwOpenThread [0xF67CECA0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwProtectVirtualMemory [0xF67CEAF0]
SSDT spzt.sys ZwQueryKey [0xF86372B2]
SSDT spzt.sys ZwQueryValueKey [0xF8637132]
SSDT 82AEA338 ZwResumeThread
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetContextThread [0xF67CE9B0]
SSDT 8294AF60 ZwSetInformationProcess
SSDT 82B005C8 ZwSetSystemInformation
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwSetValueKey [0xF67CE8C0]
SSDT 82B76498 ZwSuspendProcess
SSDT 82947A50 ZwSuspendThread
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateProcess [0xF67CEFB0]
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwTerminateThread [0xF67CEB90]
SSDT 82B24A58 ZwUnmapViewOfSection
SSDT \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx) ZwWriteVirtualMemory [0xF67CEBE0]
INT 0x62 ? 82F70C88
INT 0x63 ? 82D10C88
INT 0x82 ? 82F70C88
INT 0xB4 ? 82D10C88
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 98 804E2704 4 Bytes JMP 2CC4F67C
.text ntoskrnl.exe!_abnormal_termination + 270 804E28DC 4 Bytes JMP B12CF67C
.text ntoskrnl.exe!_abnormal_termination + 3A0 804E2A0C 4 Bytes JMP 51AD208D
? spzt.sys The system cannot find the file specified. !
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF7FD5360, 0x24BB1D, 0xE8000020]
.text USBPORT.SYS!DllUnload F7FB58AC 5 Bytes JMP 82D101D8
.text amafpl4w.SYS F7F33306 50 Bytes [00, 00, 00, 48, 03, 00, F0, ...]
.text amafpl4w.SYS F7F33339 23 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text amafpl4w.SYS F7F33351 87 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text amafpl4w.SYS F7F333A9 10 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text amafpl4w.SYS F7F333B4 12 Bytes [40, 00, 00, C8, 50, 41, 47, ...] {INC EAX; ADD [EAX], AL; ENTER 0x4150, 0x47; INC EBP; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[1372] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 022F003A
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82F73308
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F864AECE] spzt.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F864AF22] spzt.sys
IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [F861D3E6] spzt.sys
IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [F861D90E] spzt.sys
IAT \WINDOWS\System32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [F861DF9C] spzt.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F861D90E] spzt.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F861D1D4] spzt.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F861D116] spzt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F861E178] spzt.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F861DF9C] spzt.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82D10308
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F862E976] spzt.sys
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoCreateDevice] 000AB0B6
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoDetachDevice] 09E85300
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!ExFreePoolWithTag] 850001F5
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoFreeWorkItem] EBD474C0
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoDeleteDevice] 0C75FF97
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!KeWaitForSingleObject] 2C57FF57
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!KeSetEvent] 8B55C9EB
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!ObfReferenceObject] 0C458BEC
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 2B34488B
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 00982DC1
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 99560000
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!NlsMbCodePageTag] 000D28BE
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!RtlInitAnsiString] 50FEF700
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!RtlInitUnicodeString] FED0E851
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!sprintf] 5D5EFFFF
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoFreeIrp] CC0008C2
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoCancelIrp] 51EC8B55
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoAllocateIrp] FC458D56
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!KeInitializeEvent] 68106A50
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoSetCompletionRoutineEx] 4F525044
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoInitializeTimer] F6331C6A
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IofCallDriver] 2DE85656
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] F70001F4
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoSetStartIoAttributes] F7C01BD8
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoStartPacket] FC4523D0
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!PoRequestPowerIrp] 2274C63B
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoStopTimer] 56084D8B
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoStartTimer] 40C75650
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoAllocateWorkItem] F5C2D408
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoReleaseCancelSpinLock] 0C4089F7
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!KeRemoveEntryDeviceQueue] 89107089
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoQueueWorkItem] 30891470
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoFreeMdl] E8184889
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 0001F3EC
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoAllocateMdl] 75FF08EB
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] FCB2E808
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!memmove] C95EFFFF
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] CC0004C2
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] FFEC8B55
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoBuildPartialMdl] 9DE80C75
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoAcquireCancelSpinLock] 5DFFFFFF
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!KeTickCount] CC0008C2
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!KeBugCheckEx] 53EC8B55
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IofCompleteRequest] 08758B56
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoStartNextPacket] 5E39DB33
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 39517574
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!PoCallDriver] 4C750C5D
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 3C7E8D57
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 8B40C033
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!KeInitializeSpinLock] 850187CF
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!ZwClose] 333C75C0
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!MmHighestUserAddress] 40468DC9
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] C10FF041
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[HAL.dll!KeGetCurrentIrql] 5E0001F4
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[HAL.dll!KfAcquireSpinLock] C2C95B5F
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[HAL.dll!KfReleaseSpinLock] 5F380008
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[HAL.dll!KfRaiseIrql] 56227411
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[HAL.dll!KfLowerIrql] F3563A68
IAT \SystemRoot\System32\Drivers\amafpl4w.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] F7C31352
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 82F6F1F8
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\usbuhci \Device\USBPDO-0 82D0F1F8
Device \Driver\PCI_PNP5668 \Device\00000044 spzt.sys
Device \Driver\usbuhci \Device\USBPDO-1 82D0F1F8
Device \Driver\usbuhci \Device\USBPDO-2 82D0F1F8
Device \Driver\usbuhci \Device\USBPDO-3 82D0F1F8
Device \Driver\usbehci \Device\USBPDO-4 82CF81F8
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\Cdrom \Device\CdRom0 82C691F8
Device \Driver\Cdrom \Device\CdRom1 82C691F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [F8596B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F8596B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F8596B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F8596B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [F8596B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBT_Tcpip_{415CC194-602D-4E4D-8081-C80EDEB86D6B} 8294A1F8
Device \Driver\Cdrom \Device\CdRom2 82C691F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8294A1F8
Device \Driver\NetBT \Device\NetbiosSmb 8294A1F8
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 82D0F1F8
Device \Driver\usbuhci \Device\USBFDO-1 82D0F1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82ADE470
Device \Driver\usbehci \Device\USBFDO-2 82CF81F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 82ADE470
Device \Driver\usbuhci \Device\USBFDO-3 82D0F1F8
Device \Driver\usbuhci \Device\USBFDO-4 82D0F1F8
Device \Driver\sptd \Device\842524418 spzt.sys
Device \Driver\Ftdisk \Device\FtControl 82FDE1F8
Device \Driver\amafpl4w \Device\Scsi\amafpl4w1 82CDF470
Device \Driver\amafpl4w \Device\Scsi\amafpl4w1Port2Path0Target0Lun0 82CDF470
Device \FileSystem\Cdfs \Cdfs 82116470
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xFB 0x50 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x03 0xE7 0x1A 0xD1 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xFB 0x50 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x58 0xE0 0x11 0xB8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x50 0x7A 0x05 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x48 0x15 0xA2 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xFB 0x50 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x58 0xE0 0x11 0xB8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x50 0x7A 0x05 0x88 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x48 0x15 0xA2 0x88 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
---- EOF - GMER 1.0.15 ----