dragoi90 Posted January 16, 2010 Report Share Posted January 16, 2010 PLEASE HELP ME!I CANT OPEN ANYTHING WITH MY WORK COMPUTER!I CANT EVEN INSTALL AN ANTIVIRUS!MY COMP IS EVEN VERY SLOWLY![PLEASE ANYONE HELP ME! Quote Link to post Share on other sites
schrauber Posted January 16, 2010 Report Share Posted January 16, 2010 Hi and welcome to BestTechie! I'll be assisting you to clean up your computer. The first thing I need you to do is follow the steps in this thread. Make sure you go through all of the procedures, and post back here with the logs you get back. Quote Link to post Share on other sites
dragoi90 Posted January 17, 2010 Author Report Share Posted January 17, 2010 (edited) DEAR schrauber HERE ARE MY LOGS!I HAVE ATTECHED THEM BELOW!THANK YOU FOR YOUR TIME AND HELP!PS.BY THE WAY I HAVE WINDOWS 2000!Rooter_1.txtckfiles.txtExtras.TxtOTL.TxtGMER.txtLockSearch.txtmbam-log-2010-01-17 (17-42-22).txt Edited January 17, 2010 by dragoi Quote Link to post Share on other sites
dragoi90 Posted January 17, 2010 Author Report Share Posted January 17, 2010 Rooter.exe (v1.0.2) by Eric_71.SeDebugPrivilege granted successfully ....Windows 2000 . (5.0.2195) Service Pack 4[32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel.Error OpenService (wscsvc) : 1060[sharedAccess] STOPPED (state:1) : Windows Firewall -> Disabled !.Internet Explorer 5.00.3700.1000.A:\ [Removable]C:\ [Fixed-NTFS] .. ( Total:8 Go - Free:3 Go )D:\ [CD_Rom].Scan : 17:25.15Path : C:\Documents and Settings\sporteli\Desktop\New Folder (5)\Rooter.exeUser : sporteli ( Administrator -> YES ).----------------------\\ Processes.Locked [system Process] (0)______ System (8)______ \SystemRoot\System32\smss.exe (156)______ \??\C:\WINNT\system32\csrss.exe (176)______ \??\C:\WINNT\system32\winlogon.exe (168)______ C:\WINNT\system32\services.exe (228)______ C:\WINNT\system32\lsass.exe (244)______ C:\WINNT\system32\svchost.exe (428)______ C:\WINNT\system32\spoolsv.exe (456)______ C:\WINNT\system32\svchost.exe (500)______ C:\WINNT\system32\hidserv.exe (516)______ C:\WINNT\System32\svchost.exe (576)______ C:\WINNT\system32\nvsvc32.exe (592)______ C:\WINNT\System32\svchost.exe (640)______ C:\WINNT\system32\regsvc.exe (660)______ C:\WINNT\system32\MSTask.exe (676)______ C:\WINNT\System32\snmp.exe (712)______ C:\WINNT\system32\stisvc.exe (816)______ C:\WINNT\system32\svchost.exe (876)______ C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (916)______ C:\WINNT\system32\mspmspsv.exe (808)______ C:\WINNT\system32\svchost.exe (944)______ C:\WINNT\system32\svchost.exe (960)______ C:\Program Files\TeamViewer\Version4\TeamViewer.exe (1084)______ C:\WINNT\Explorer.EXE (1112)______ C:\WINNT\RTHDCPL.EXE (1240)______ C:\WINNT\system32\RUNDLL32.EXE (1284)______ C:\WINNT\system32\RUNDLL32.EXE (1312)______ C:\WINNT\system32\RUNDLL32.EXE (1320)______ C:\WINNT\system32\RUNDLL32.EXE (1208)______ C:\Program Files\Skype\Phone\Skype.exe (1288)______ C:\Documents and Settings\sporteli\Desktop\New Folder (5)\Rooter.exe (1052).----------------------\\ Device\Harddisk0\.\Device\Harddisk0 [sectors : 63 x 512 Bytes].----------------------\\ Scheduled Tasks.C:\WINNT\Tasks\desktop.iniC:\WINNT\Tasks\SA.DAT.----------------------\\ Registry..----------------------\\ Files & Folders.----------------------\\ Scan completed at 17:25.27.C:\Rooter$\Rooter_1.txt - (17/01/2010 | 17:25.27)---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------CKScanner - Additional Security Risks - These are not necessarily badc:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eat.nfoc:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\file_id.dizc:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\eat.nfoc:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\eat_rls.2000-2009_1130.nfoc:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\file_id.dizc:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\eatvsp85\vuesca85_v8.5.39.exec:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\eatvsp85\crack\vuescan.exescanner sequence 3.FA.11 ----- EOF ----- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------OTL Extras logfile created on: 17/01/2010 5:44:40 PM - Run 1OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\sporteli\Desktop\New Folder (5)Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstationInternet Explorer (Version = 5.00.3700.1000)Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy895.00 Mb Total Physical Memory | 674.00 Mb Available Physical Memory | 75.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File freePaging file location(s): C:\pagefile.sys 1344 2688 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program FilesDrive C: | 8.79 Gb Total Space | 3.48 Gb Free Space | 39.57% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: IMPERIAL-YJVVACCurrent User Name: sporteliLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- %1scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" %*txtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DoNotAllowExceptions" = 0"EnableFirewall" = 0========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\WINNT\fonts\services.exe" = C:\WINNT\fonts\services.exe:*:Enabled:services.exe -- File not found========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan"{3E713D52-C967-41FB-AA24-3A92CC1025A4}" = Remote Desktop Connection"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport"{5932C9AC-9049-11D4-8111-005004D78BE4}" = ImpulseStudio 3.04"{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs"{7699B723-9718-41DE-8C18-549F341C02CE}" = Crystal Reports"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0"{DCA1B4C0-98A5-418B-8293-45663180B6C5}" = DCA1B4C0-98A5-418B-8293-45663180B6C5"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0"{FFD44E90-AEA4-4D25-AF53-5CE2723E88DA}" = MarketingReg"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX"AERP_4.0.0" = AERP 4.0.0"Data Dynamics SharpGrid 2.0" = Data Dynamics SharpGrid 2.0"EPSON Printer and Utilities" = EPSON Printer Software"LQ-300+II User's Guide" = LQ-300+II User's Guide"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"Microsoft SQL Server 2000" = Microsoft SQL Server 2000"NVIDIA Drivers" = NVIDIA Drivers"Q828026" = Windows Media Player Hotfix [see Q828026 for more information]"TeamViewer 4" = TeamViewer 4"Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4"VueScan" = VueScan"WinRAR archiver" = WinRAR archiver"WMP7" = Windows Media Player 7.1========== Last 10 Event Log Errors ==========[ Application Events ]Error - 19/12/2009 10:35:27 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 10005Description = Product: ESET NOD32 Antivirus -- Error 5001. The computer has not been restarted after a program uninstallation. Please restart the computer and run the installer again.Error - 19/12/2009 10:38:26 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn) failed to start. Verify that you have sufficient privileges to start system services.Error - 19/12/2009 10:38:56 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn) failed to start. Verify that you have sufficient privileges to start system services.Error - 19/12/2009 10:39:35 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 10005Description = Product: ESET NOD32 Antivirus -- Error 5001. The computer has not been restarted after a program uninstallation. Please restart the computer and run the installer again.Error - 19/12/2009 10:45:22 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn) failed to start. Verify that you have sufficient privileges to start system services.Error - 19/12/2009 10:45:55 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn) failed to start. Verify that you have sufficient privileges to start system services.Error - 19/12/2009 10:46:30 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn) failed to start. Verify that you have sufficient privileges to start system services.Error - 16/01/2010 9:07:54 PM | Computer Name = IMPERIAL-YJVVAC | Source = Userenv | ID = 1000Description = Windows cannot unload your registry file. If you have a roaming profile, your settings are not replicated. Contact your administrator. DETAIL - Access is denied. , Build number ((2195)).Error - 16/01/2010 9:50:04 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ESET Service' (ekrn) failed to start. Verify that you have sufficient privileges to start system services.Error - 16/01/2010 9:50:34 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ESET Service' (ekrn) failed to start. Verify that you have sufficient privileges to start system services.[ System Events ]Error - 16/01/2010 8:48:20 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001Description = The TCP/IP NetBIOS Helper Service service depends on the AFD Networking Support Environment service which failed to start because of the following error: %%1077Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001Description = The Messenger service depends on the NetBIOS Interface service which failed to start because of the following error: %%31Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001Description = The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: %%1077Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001Description = The Simple TCP/IP Services service depends on the AFD Networking Support Environment service which failed to start because of the following error: %%1077Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001Description = The Background Intelligent Transfer Service service depends on the Windows Management Instrumentation Driver Extensions service which failed to start because of the following error: %%1077Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1077Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7026Description = The following boot-start or system-start driver(s) failed to load: BIOS MRxSmb NetBIOS NetBT RasAcd Rdbss TcpipError - 16/01/2010 8:50:53 PM | Computer Name = IMPERIAL-YJVVAC | Source = DCOM | ID = 10010Description = The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register with DCOM within the required timeout.Error - 16/01/2010 8:54:00 PM | Computer Name = IMPERIAL-YJVVAC | Source = DCOM | ID = 10010Description = The server {000C101C-0000-0000-C000-000000000046} did not register with DCOM within the required timeout.Error - 16/01/2010 9:06:54 PM | Computer Name = IMPERIAL-YJVVAC | Source = DCOM | ID = 10010Description = The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register with DCOM within the required timeout.< End of report >---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------OTL logfile created on: 17/01/2010 5:44:40 PM - Run 1OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\sporteli\Desktop\New Folder (5)Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstationInternet Explorer (Version = 5.00.3700.1000)Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy895.00 Mb Total Physical Memory | 674.00 Mb Available Physical Memory | 75.00% Memory free2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File freePaging file location(s): C:\pagefile.sys 1344 2688 [binary data]%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program FilesDrive C: | 8.79 Gb Total Space | 3.48 Gb Free Space | 39.57% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: IMPERIAL-YJVVACCurrent User Name: sporteliLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard========== Processes (SafeList) ==========PRC - [2010/01/17 17:43:52 | 00,019,456 | ---- | M] () -- C:\WINNT\Temp\VRT3.tmpPRC - [2010/01/17 11:04:31 | 00,567,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sporteli\Desktop\New Folder (5)\OTL.exePRC - [2009/06/02 10:56:00 | 24,264,488 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exePRC - [2008/12/23 08:04:10 | 03,950,376 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer.exePRC - [2008/12/23 07:44:46 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exePRC - [2007/12/20 10:47:36 | 16,882,176 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINNT\RTHDCPL.exePRC - [2007/11/27 21:26:00 | 00,176,128 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvsvc32.exePRC - [2005/04/01 07:00:00 | 00,263,168 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exePRC - [2005/04/01 07:00:00 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\winmgmt.exePRC - [2005/04/01 07:00:00 | 00,139,264 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exePRC - [2005/04/01 07:00:00 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exePRC - [2005/04/01 07:00:00 | 00,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\stisvc.exePRC - [2005/04/01 07:00:00 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\snmp.exePRC - [2003/06/19 12:05:04 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\hidserv.exePRC - [2001/10/01 13:48:44 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mspmspsv.exe========== Modules (SafeList) ==========MOD - [2010/01/17 17:35:58 | 00,036,865 | ---- | M] () -- C:\WINNT\system32\msnjkwfb.dllMOD - [2010/01/17 11:04:31 | 00,567,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sporteli\Desktop\New Folder (5)\OTL.exeMOD - [2010/01/16 14:46:20 | 00,036,865 | ---- | M] () -- C:\WINNT\system32\mssheatr.dllMOD - [2010/01/12 07:04:37 | 00,036,865 | ---- | M] () -- C:\WINNT\system32\msjuehus.dllMOD - [2010/01/09 07:11:20 | 00,036,864 | ---- | M] () -- C:\WINNT\system32\msjgjzcu.dllMOD - [2005/04/01 07:00:00 | 00,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll========== Win32 Services (SafeList) ==========SRV - [2008/12/23 07:44:46 | 00,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)SRV - [2007/11/27 21:26:00 | 00,176,128 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINNT\system32\nvsvc32.exe -- (NVSvc)SRV - [2007/03/11 21:35:02 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)SRV - [2006/11/08 10:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINNT\system32\HPZipm12.dll -- (Pml Driver HPZ12)SRV - [2006/11/08 10:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINNT\system32\HPZinw12.dll -- (Net Driver HPZ12)SRV - [2005/04/01 07:00:00 | 00,217,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINNT\system32\wbem\winmgmt.exe -- (WinMgmt)SRV - [2005/04/01 07:00:00 | 00,167,424 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)SRV - [2005/04/01 07:00:00 | 00,139,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mstask.exe -- (Schedule)SRV - [2005/04/01 07:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\faxsvc.exe -- (Fax)SRV - [2005/04/01 07:00:00 | 00,088,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)SRV - [2005/04/01 07:00:00 | 00,081,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\stisvc.exe -- (StiSvc)SRV - [2005/04/01 07:00:00 | 00,080,384 | --S- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINNT\System32\1Bc.exe -- (TapiSrvIpripRemoteAccess)SRV - [2005/04/01 07:00:00 | 00,080,384 | --S- | M] () [Auto | Stopped] -- C:\WINNT\System32\12520437y.exe -- (TapiSrvIprip)SRV - [2005/04/01 07:00:00 | 00,050,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\snmp.exe -- (SNMP)SRV - [2005/04/01 07:00:00 | 00,045,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINNT\system32\tcpsvcs.exe -- (SimpTcp)SRV - [2005/04/01 07:00:00 | 00,042,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)SRV - [2003/07/28 06:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)SRV - [2003/06/19 12:05:04 | 00,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\hidserv.exe -- (HidServ)SRV - [2001/10/01 13:48:44 | 00,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mspmspsv.exe -- (WMDM PMSP Service)SRV - [1999/12/07 07:00:00 | 00,034,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\iprip.dll -- (Iprip)========== Driver Services (SafeList) ==========DRV - [2008/01/07 04:32:06 | 00,029,096 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\teamviewervpn.sys -- (teamviewervpn)DRV - [2007/12/20 12:00:06 | 04,637,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)DRV - [2007/11/27 21:26:00 | 06,866,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv)DRV - [2007/11/17 02:43:56 | 00,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nvnetbus.sys -- (nvnetbus)DRV - [2007/11/17 02:43:36 | 00,050,304 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NVENETFD.sys -- (NVENETFD)DRV - [2007/10/12 02:53:10 | 00,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nvsmu.sys -- (nvsmu)DRV - [2007/03/07 00:20:50 | 00,021,568 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HPZius12.sys -- (HPZius12)DRV - [2007/03/07 00:20:49 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HPZipr12.sys -- (HPZipr12)DRV - [2007/03/07 00:20:48 | 00,049,920 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HPZid412.sys -- (HPZid412)DRV - [2005/04/01 07:00:00 | 00,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)DRV - [2005/04/01 07:00:00 | 00,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\dmio.sys -- (dmio)DRV - [2005/04/01 07:00:00 | 00,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel)DRV - [2005/04/01 07:00:00 | 00,049,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20)DRV - [2005/04/01 07:00:00 | 00,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\system32\drivers\efs.sys -- (EFS)DRV - [2005/04/01 07:00:00 | 00,024,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\openhci.sys -- (openhci)DRV - [2005/04/01 07:00:00 | 00,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)DRV - [2005/04/01 07:00:00 | 00,017,680 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ptilink.sys -- (Ptilink)DRV - [2005/04/01 07:00:00 | 00,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)DRV - [2005/04/01 07:00:00 | 00,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\diskperf.sys -- (Diskperf)DRV - [2005/04/01 07:00:00 | 00,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\dmload.sys -- (dmload)DRV - [2005/04/01 07:00:00 | 00,006,992 | ---- | M] (SGI) [Kernel | System | Stopped] -- C:\WINNT\system32\drivers\sglfb.sys -- (sglfb)DRV - [2005/03/16 01:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINNT\system32\drivers\BIOS.sys -- (BIOS)DRV - [2005/01/07 11:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Hdaudbus.sys -- (HDAudBus)DRV - [2004/07/08 22:26:38 | 00,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.comIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System32\blank.htmIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0O1 HOSTS File: ([1999/12/07 07:00:00 | 00,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()O4 - HKLM..\Run: [Alcmtr] C:\WINNT\Alcmtr.exe (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [AlcWzrd] C:\WINNT\alcwzrd.exe (RealTek Semicoductor Corp.)O4 - HKLM..\Run: [gxwiyi] C:\WINNT\System32\msnjkwfb.DLL ()O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\NvMcTray.DLL (NVIDIA Corporation)O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe ()O4 - HKLM..\Run: [qquaqe] C:\WINNT\System32\msjgjzcu.DLL ()O4 - HKLM..\Run: [rscqdr] C:\WINNT\System32\mssheatr.DLL ()O4 - HKLM..\Run: [RTHDCPL] C:\WINNT\RTHDCPL.exe (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [skyTel] C:\WINNT\SkyTel.exe (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [soundMan] C:\WINNT\SoundMan.exe (Realtek Semiconductor Corp.)O4 - HKLM..\Run: [synchronization Manager] C:\WINNT\System32\mobsync.exe (Microsoft Corporation)O4 - HKLM..\Run: [vkqzej] C:\WINNT\System32\msjuehus.DLL ()O4 - HKCU..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)O4 - HKLM..\RunOnce: [X0@] Reg Error: Invalid data type. File not foundO4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\related.htm ()O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\related.htm ()O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\rnr20.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229456552406 (WUWebControl Class)O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229462185640 (MUWebControl Class)O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39798.4922337963 (Update Class)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()O18 - Protocol\Filter\Class Install Handler - No CLSID value foundO18 - Protocol\Filter\deflate - No CLSID value foundO18 - Protocol\Filter\gzip - No CLSID value foundO18 - Protocol\Filter\lzdhtml - No CLSID value foundO18 - Protocol\Filter\text/webviewhtml - No CLSID value foundO18 - Protocol\Filter\text/xml - No CLSID value foundO20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)O24 - Desktop WallPaper: C:\Documents and Settings\sporteli\My Documents\My Pictures\5722_large.jpgO24 - Desktop BackupWallPaper: C:\WINNT\Zapotec.bmpO32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2009/12/17 23:50:07 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - comfile [open] -- "%1" %*O35 - exefile [open] -- "%1" %*NetSvcs: BtwSrv - File not foundNetSvcs: Ias - C:\WINNT\system32\ias [2009/12/17 15:47:03 | 00,000,000 | ---D | M]NetSvcs: Iprip - C:\WINNT\system32\iprip.dll (Microsoft Corporation)NetSvcs: Irmon - C:\WINNT\system32\irmon.dll (Microsoft Corporation)NetSvcs: Nwsapagent - File not foundSafeBootMin: Base - Driver GroupSafeBootMin: Boot Bus Extender - Driver GroupSafeBootMin: Boot file system - Driver GroupSafeBootMin: dmadmin - C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.)SafeBootMin: dmboot.sys - C:\WINNT\system32\drivers\dmboot.sys (VERITAS Software Corp.)SafeBootMin: dmio.sys - C:\WINNT\system32\DRIVERS\dmio.sys (VERITAS Software Corp.)SafeBootMin: dmload.sys - C:\WINNT\system32\drivers\dmload.sys (VERITAS Software Corp.)SafeBootMin: File system - Driver GroupSafeBootMin: Filter - Driver GroupSafeBootMin: PCI Configuration - Driver GroupSafeBootMin: PNP Filter - Driver GroupSafeBootMin: Primary disk - Driver GroupSafeBootMin: SCSI Class - Driver GroupSafeBootMin: sermouse.sys - DriverSafeBootMin: sglfb.sys - C:\WINNT\system32\drivers\sglfb.sys (SGI)SafeBootMin: System Bus Extender - Driver GroupSafeBootMin: tga.sys - File not foundSafeBootMin: vga.sys - DriverSafeBootMin: WinMgmt - C:\WINNT\system32\wbem\winmgmt.exe (Microsoft Corporation)SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesSafeBootNet: Base - Driver GroupSafeBootNet: Boot Bus Extender - Driver GroupSafeBootNet: Boot file system - Driver GroupSafeBootNet: dmadmin - C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.)SafeBootNet: dmboot.sys - C:\WINNT\system32\drivers\dmboot.sys (VERITAS Software Corp.)SafeBootNet: dmio.sys - C:\WINNT\system32\DRIVERS\dmio.sys (VERITAS Software Corp.)SafeBootNet: dmload.sys - C:\WINNT\system32\drivers\dmload.sys (VERITAS Software Corp.)SafeBootNet: File system - Driver GroupSafeBootNet: Filter - Driver GroupSafeBootNet: NBF - ServiceSafeBootNet: nbf.sys - DriverSafeBootNet: NDIS Wrapper - Driver GroupSafeBootNet: NetBIOSGroup - Driver GroupSafeBootNet: NetDDEGroup - Driver GroupSafeBootNet: Network - Driver GroupSafeBootNet: NetworkProvider - Driver GroupSafeBootNet: PCI Configuration - Driver GroupSafeBootNet: PNP Filter - Driver GroupSafeBootNet: PNP_TDI - Driver GroupSafeBootNet: Primary disk - Driver GroupSafeBootNet: SCSI Class - Driver GroupSafeBootNet: sermouse.sys - DriverSafeBootNet: sglfb.sys - C:\WINNT\system32\drivers\sglfb.sys (SGI)SafeBootNet: Streams Drivers - Driver GroupSafeBootNet: System Bus Extender - Driver GroupSafeBootNet: TDI - Driver GroupSafeBootNet: tga.sys - File not foundSafeBootNet: vga.sys - DriverSafeBootNet: WinMgmt - C:\WINNT\system32\wbem\winmgmt.exe (Microsoft Corporation)SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllersSafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM DriveSafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDriveSafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controllerSafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - HdcSafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - KeyboardSafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - MouseSafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - NetSafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClientSafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetServiceSafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTransSafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA AdaptersSafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapterSafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - SystemSafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk driveSafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - VolumeSafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface DevicesActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VMActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for JavaActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMeActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEXActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)ActiveX: {1b0357b8-e3fb-4918-915c-a8eb232c273e} - KB973354ActiveX: {1d939273-21ce-4e7f-be14-490866ec66c2} - KB976325ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShowActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimationActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for JavaActiveX: {390e5bb4-1d89-4343-b62d-b76303708a1d} - KB969897ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing PackActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - UniscribeActiveX: {3c0d61fe-1db3-4d0b-8477-3cb53eab9469} - KB951066ActiveX: {3e843540-63b3-42d7-9f4d-812ffd1e767a} - KB974455ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced AuthoringActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /installActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NTActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShowActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectXActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawExActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer HelpActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java ClassesActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Visual Basic Scripting SupportActiveX: {4fe13360-e1fd-11d2-83c7-0000f8051539} - Microsoft New ChangJie IME 98aActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICWActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup ToolsActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing EnhancementsActiveX: {685e3910-1f77-49b9-9434-50bcd95c51ab} - KB905495ActiveX: {6A5110B5-E14B-4268-A065-EF89FF33C325} - regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dllActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player 7ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site AccessActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web FoldersActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /installActiveX: {7da6528e-45a6-4022-9e41-c45a8cf33eb5} - KB963027ActiveX: {80b81c71-14cd-41c3-9e8c-08b9e06d02ef} - KB960714ActiveX: {81aded60-e2d0-11d2-83c7-0000f8051539} - Microsoft New Phonetic IME 98aActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dllActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exeActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data BindingActiveX: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crlActiveX: {A00BF2EB-56EE-4fde-B5EA-6A8FA425B2A5} - W2KAppCompActiveX: {b6609c7e-4ad5-4b8b-9da5-9edbc50f7592} - KB958869ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core FontsActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task SchedulerActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash PlayerActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML HelpActiveX: {e41091c0-06d5-474f-836e-dd190348ea18} - KB958215ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service InterfaceActiveX: {f156e5b2-f52e-4094-800c-e7392fe62314} - KB938464ActiveX: {f351bc8e-a11b-44ba-a436-cee0d27e3abb} - KB976749ActiveX: {f3d9c2d1-579f-4d41-95ba-5354eeb398d0} - KB972260ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\system32\setup\wmpocm.exe /ShowWMPActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - "%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigIEActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUPActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - "%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigOEDrivers32: aux - C:\WINNT\System32\mmdrv.dll (Microsoft Corporation)Drivers32: aux3 - File not foundDrivers32: aux4 - File not foundDrivers32: aux5 - File not foundDrivers32: aux6 - File not foundDrivers32: aux7 - File not foundDrivers32: aux8 - File not foundDrivers32: aux9 - File not foundDrivers32: midi2 - File not foundDrivers32: midi3 - File not foundDrivers32: midi4 - File not foundDrivers32: midi5 - File not foundDrivers32: midi6 - File not foundDrivers32: midi7 - File not foundDrivers32: midi8 - File not foundDrivers32: midi9 - File not foundDrivers32: mixer2 - File not foundDrivers32: mixer3 - File not foundDrivers32: mixer4 - File not foundDrivers32: mixer5 - File not foundDrivers32: mixer6 - File not foundDrivers32: mixer7 - File not foundDrivers32: mixer8 - File not foundDrivers32: mixer9 - File not foundDrivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: msacm.lhacm - C:\WINNT\System32\lhacm.acm (Microsoft Corporation)Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)Drivers32: wave2 - File not foundDrivers32: wave3 - File not foundDrivers32: wave4 - File not foundDrivers32: wave5 - File not foundDrivers32: wave6 - File not foundDrivers32: wave7 - File not foundDrivers32: wave8 - File not foundDrivers32: wave9 - File not foundSystemRestore not available.========== Files/Folders - Created Within 30 Days ==========[2010/01/17 17:25:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Desktop\New Folder (2)[2010/01/17 17:25:27 | 00,000,000 | ---D | C] -- C:\Rooter$[2010/01/17 17:16:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Application Data\Malwarebytes[2010/01/17 17:16:37 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys[2010/01/17 17:16:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2010/01/17 17:16:35 | 00,018,520 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys[2010/01/17 17:16:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2010/01/17 17:11:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Desktop\REGYSTRI[2010/01/17 17:11:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Desktop\New Folder (5)[2010/01/14 07:34:17 | 00,245,520 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\winsrv.dll[2010/01/09 19:16:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Desktop\Avira AntiVir Premium v9.0.0.455[2010/01/09 19:14:23 | 00,016,496 | R--- | C] (HP) -- C:\WINNT\System32\drivers\HPZipr12.sys[2010/01/09 19:14:13 | 00,049,920 | R--- | C] (HP) -- C:\WINNT\System32\drivers\HPZid412.sys[2010/01/09 19:14:11 | 00,364,544 | R--- | C] (Hewlett-Packard) -- C:\WINNT\System32\hppldcoi.dll[2010/01/09 19:14:11 | 00,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINNT\System32\difxapi.dll[2010/01/09 19:14:10 | 00,569,344 | R--- | C] (Hewlett-Packard Co.) -- C:\WINNT\System32\hpotscl3.dll[2010/01/09 19:14:10 | 00,303,104 | R--- | C] (Hewlett-Packard Co.) -- C:\WINNT\System32\hpovst10.dll[2010/01/09 19:14:10 | 00,229,376 | R--- | C] (Hewlett-Packard) -- C:\WINNT\System32\hpotpusd.dll[2010/01/09 19:14:08 | 00,021,568 | R--- | C] (HP) -- C:\WINNT\System32\drivers\HPZius12.sys[2010/01/06 15:02:08 | 00,052,496 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\mtxclu.dll[2010/01/04 15:06:42 | 01,735,808 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\NTKRPAMP.EXE[2010/01/04 15:06:42 | 01,714,496 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\NTKRNLMP.EXE[2010/01/04 15:06:42 | 01,713,536 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ntkrnlpa.exe[2010/01/04 15:06:42 | 01,690,880 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ntoskrnl.exe[2010/01/04 12:20:43 | 00,138,000 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\faxui.dll[2010/01/04 12:20:43 | 00,138,000 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\faxui.dll[2010/01/01 07:49:09 | 00,000,000 | ---D | C] -- C:\DrWatson[2009/12/19 21:30:48 | 00,000,000 | ---D | C] -- C:\Program Files\ESET[4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010/01/17 17:46:23 | 00,033,280 | ---- | M] (Andreas Hausladen) -- C:\WINNT\System32\4633753.exe[2010/01/17 17:45:27 | 01,847,296 | -H-- | M] () -- C:\Documents and Settings\sporteli\NTUSER.DAT[2010/01/17 17:44:03 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2cc.dat[2010/01/17 17:43:44 | 00,000,032 | --S- | M] () -- C:\WINNT\System32\1755361127.dat[2010/01/17 17:43:38 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT[2010/01/17 17:37:21 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2c0.dat[2010/01/17 17:36:02 | 00,000,116 | ---- | M] () -- C:\WINNT\System32\757890.BAT[2010/01/17 17:35:58 | 00,048,640 | ---- | M] () -- C:\WINNT\System32\2561086.exe[2010/01/17 17:35:58 | 00,036,865 | ---- | M] () -- C:\WINNT\System32\msnjkwfb.dll[2010/01/17 17:24:12 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2c8.dat[2010/01/17 17:22:07 | 00,465,166 | -H-- | M] () -- C:\WINNT\ShellIconCache[2010/01/17 17:16:39 | 00,000,569 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2010/01/17 17:16:15 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_348.dat[2010/01/16 22:42:31 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_354.dat[2010/01/16 21:19:20 | 00,000,280 | -HS- | M] () -- C:\Documents and Settings\sporteli\ntuser.ini[2010/01/16 21:00:57 | 00,000,538 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\VueScan.lnk[2010/01/16 20:09:53 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_300.dat[2010/01/16 19:38:56 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_320.dat[2010/01/16 15:00:09 | 00,001,166 | -H-- | M] () -- C:\Documents and Settings\sporteli\My Documents\Default.rdp[2010/01/16 14:46:20 | 00,036,865 | ---- | M] () -- C:\WINNT\System32\mssheatr.dll[2010/01/16 14:43:43 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_34c.dat[2010/01/16 08:22:10 | 00,002,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk[2010/01/16 07:09:59 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_854.dat[2010/01/15 07:23:40 | 00,180,240 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT[2010/01/15 07:05:42 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_790.dat[2010/01/15 00:32:08 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_340.dat[2010/01/14 07:32:28 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_324.dat[2010/01/12 15:03:21 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_78c.dat[2010/01/12 07:04:37 | 00,036,865 | ---- | M] () -- C:\WINNT\System32\msjuehus.dll[2010/01/12 07:03:46 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_388.dat[2010/01/09 19:16:08 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2f8.dat[2010/01/09 07:11:20 | 00,036,864 | ---- | M] () -- C:\WINNT\System32\msjgjzcu.dll[2010/01/09 07:10:15 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_71c.dat[2010/01/08 07:03:18 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_72c.dat[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys[2010/01/07 16:07:04 | 00,018,520 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys[2010/01/07 07:18:47 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5b0.dat[2010/01/07 07:00:36 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_6bc.dat[2010/01/06 07:09:27 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_67c.dat[2010/01/05 07:40:36 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5f8.dat[2010/01/05 07:23:29 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5d8.dat[2010/01/04 07:16:18 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4e4.dat[2010/01/02 07:18:25 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4b0.dat[2009/12/30 07:40:15 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4d8.dat[2009/12/30 07:21:56 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_524.dat[2009/12/28 11:23:12 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2ec.dat[2009/12/27 15:13:48 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4d0.dat[2009/12/27 07:52:12 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_510.dat[2009/12/26 10:53:28 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_1c70.dat[2009/12/26 07:55:09 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_120c.dat[2009/12/26 07:53:56 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_274.dat[2009/12/25 12:46:14 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2e0.dat[2009/12/25 11:16:55 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_378.dat[2009/12/24 15:41:14 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_35c.dat[2009/12/24 07:59:33 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_47c.dat[2009/12/24 07:36:51 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_3c0.dat[2009/12/23 08:12:48 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_44c.dat[2009/12/22 07:48:10 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_394.dat[2009/12/22 07:25:25 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4c0.dat[2009/12/20 10:33:23 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4e8.dat[2009/12/20 08:11:06 | 00,000,120 | ---- | M] () -- C:\WINNT\System32\7138178.exe[2009/12/19 21:42:14 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2ac.dat[2009/12/19 21:39:43 | 00,000,629 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\E-MAILI I HOTELIT.lnk[2009/12/19 21:36:55 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2d0.dat[2009/12/19 21:36:53 | 00,170,656 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ndis.sys[2009/12/19 21:30:28 | 00,000,120 | ---- | M] () -- C:\WINNT\System32\7552737.exe[2009/12/19 21:28:45 | 00,107,520 | RHS- | M] () -- C:\WINNT\het7upd.exe[2009/12/19 21:28:40 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2dc.dat[4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]========== Files Created - No Company Name ==========[2010/01/17 17:44:03 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2cc.dat[2010/01/17 17:37:21 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2c0.dat[2010/01/17 17:36:02 | 00,000,116 | ---- | C] () -- C:\WINNT\System32\757890.BAT[2010/01/17 17:35:58 | 00,048,640 | ---- | C] () -- C:\WINNT\System32\2561086.exe[2010/01/17 17:35:58 | 00,036,865 | ---- | C] () -- C:\WINNT\System32\msnjkwfb.dll[2010/01/17 17:24:12 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2c8.dat[2010/01/17 17:16:39 | 00,000,569 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2010/01/17 17:16:15 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_348.dat[2010/01/16 22:44:18 | 00,465,166 | -H-- | C] () -- C:\WINNT\ShellIconCache[2010/01/16 22:42:31 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_354.dat[2010/01/16 20:09:53 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_300.dat[2010/01/16 19:38:56 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_320.dat[2010/01/16 14:46:20 | 00,036,865 | ---- | C] () -- C:\WINNT\System32\mssheatr.dll[2010/01/16 14:43:43 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_34c.dat[2010/01/16 07:09:59 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_854.dat[2010/01/16 07:09:49 | 00,000,032 | --S- | C] () -- C:\WINNT\System32\1755361127.dat[2010/01/15 07:05:42 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_790.dat[2010/01/15 00:32:08 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_340.dat[2010/01/14 07:32:28 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_324.dat[2010/01/12 15:03:21 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_78c.dat[2010/01/12 07:04:37 | 00,036,865 | ---- | C] () -- C:\WINNT\System32\msjuehus.dll[2010/01/12 07:03:46 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_388.dat[2010/01/09 19:16:08 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2f8.dat[2010/01/09 07:11:20 | 00,036,864 | ---- | C] () -- C:\WINNT\System32\msjgjzcu.dll[2010/01/09 07:10:15 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_71c.dat[2010/01/08 07:03:18 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_72c.dat[2010/01/07 07:18:47 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5b0.dat[2010/01/07 07:00:36 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_6bc.dat[2010/01/06 07:09:27 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_67c.dat[2010/01/05 07:40:36 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5f8.dat[2010/01/05 07:23:29 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5d8.dat[2010/01/04 07:16:18 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4e4.dat[2010/01/02 07:18:25 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4b0.dat[2009/12/30 07:40:15 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4d8.dat[2009/12/30 07:21:56 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_524.dat[2009/12/28 11:23:12 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2ec.dat[2009/12/27 15:13:48 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4d0.dat[2009/12/27 07:52:12 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_510.dat[2009/12/26 10:53:28 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_1c70.dat[2009/12/26 07:55:09 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_120c.dat[2009/12/26 07:53:56 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_274.dat[2009/12/25 12:46:14 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2e0.dat[2009/12/25 11:16:55 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_378.dat[2009/12/24 15:41:14 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_35c.dat[2009/12/24 07:59:33 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_47c.dat[2009/12/24 07:36:51 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3c0.dat[2009/12/23 08:12:48 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_44c.dat[2009/12/22 07:48:10 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_394.dat[2009/12/22 07:25:25 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4c0.dat[2009/12/20 10:33:23 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4e8.dat[2009/12/20 08:11:06 | 00,000,120 | ---- | C] () -- C:\WINNT\System32\7138178.exe[2009/12/19 21:42:14 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2ac.dat[2009/12/19 21:36:55 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2d0.dat[2009/12/19 21:33:13 | 31,616,000 | ---- | C] () -- C:\Documents and Settings\sporteli\Desktop\eav_nt32_enu.msi[2009/12/19 21:30:28 | 00,000,120 | ---- | C] () -- C:\WINNT\System32\7552737.exe[2009/12/19 21:28:46 | 00,107,520 | RHS- | C] () -- C:\WINNT\het7upd.exe[2009/12/19 21:28:40 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2dc.dat[2009/07/24 23:04:29 | 00,000,025 | ---- | C] () -- C:\WINNT\CDELQ300+II_Eu.ini[2009/02/01 04:44:35 | 01,290,240 | ---- | C] () -- C:\WINNT\System32\wmploc.dll[2009/02/01 04:44:35 | 01,122,304 | ---- | C] () -- C:\WINNT\System32\wmpui.dll[2009/02/01 04:44:35 | 00,270,336 | ---- | C] () -- C:\WINNT\System32\pdbrowse.dll[2009/02/01 04:44:35 | 00,184,320 | ---- | C] () -- C:\WINNT\System32\wmpcd.dll[2009/02/01 04:44:34 | 00,147,456 | ---- | C] () -- C:\WINNT\System32\CEWMDM.dll[2009/01/27 13:45:14 | 00,001,298 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log[2008/12/16 16:21:09 | 00,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll[2008/12/16 16:20:59 | 00,173,056 | ---- | C] () -- C:\WINNT\System32\qasf.dll[2008/12/16 16:01:58 | 00,001,078 | ---- | C] () -- C:\WINNT\ODBC.INI[2008/12/16 14:20:30 | 00,021,952 | -H-- | C] () -- C:\Program Files\folder.htt[2007/11/27 21:26:00 | 01,703,936 | ---- | C] () -- C:\WINNT\System32\nvwdmcpl.dll[2007/11/27 21:26:00 | 01,474,560 | ---- | C] () -- C:\WINNT\System32\nview.dll[2007/11/27 21:26:00 | 01,019,904 | ---- | C] () -- C:\WINNT\System32\nvwimg.dll[2007/11/27 21:26:00 | 00,466,944 | ---- | C] () -- C:\WINNT\System32\nvshell.dll[2007/11/27 21:26:00 | 00,286,720 | ---- | C] () -- C:\WINNT\System32\nvnt4cpl.dll[2005/04/01 07:00:00 | 00,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll[2005/04/01 07:00:00 | 00,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll[2005/04/01 07:00:00 | 00,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini[2005/04/01 07:00:00 | 00,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini[2005/04/01 07:00:00 | 00,000,023 | ---- | C] () -- C:\WINNT\welcome.ini[2003/09/17 11:13:54 | 00,815,104 | ---- | C] () -- C:\WINNT\System32\wmpcore.dll[2003/01/07 09:05:08 | 00,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI[2000/10/25 20:15:00 | 00,017,920 | ---- | C] () -- C:\WINNT\System32\Implode.dll[1999/10/26 03:00:00 | 00,028,672 | ---- | C] () -- C:\WINNT\System32\CRInf9.dll[1999/09/25 05:36:24 | 00,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys[1999/09/25 05:36:22 | 00,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys[1999/03/12 03:00:00 | 00,299,008 | ---- | C] () -- C:\WINNT\System32\Crutl14.dll[1999/03/12 03:00:00 | 00,045,056 | ---- | C] () -- C:\WINNT\System32\Crsybdtc14.dll========== Custom Scans ==========< %SYSTEMDRIVE%\*.* >[2005/04/01 07:00:00 | 00,150,528 | RHS- | M] () -- C:\arcldr.exe[2005/04/01 07:00:00 | 00,163,840 | RHS- | M] () -- C:\arcsetup.exe[2009/12/17 23:50:07 | 00,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT[2009/12/17 22:30:30 | 00,000,192 | -HS- | M] () -- C:\boot.ini[2009/08/06 01:43:44 | 11,923,854 | ---- | M] () -- C:\br.bmp[2009/12/17 23:50:07 | 00,000,000 | -H-- | M] () -- C:\CONFIG.SYS[2008/12/16 14:20:56 | 00,000,000 | RHS- | M] () -- C:\IO.SYS[2008/12/16 14:20:56 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS[2008/12/16 16:31:37 | 00,000,206 | ---- | M] () -- C:\mylog.log[2009/07/05 03:31:31 | 00,374,112 | ---- | M] (Nitro PDF Software ) -- C:\nitro_pdf_professional.exe[2005/04/01 07:00:00 | 00,034,724 | RHS- | M] () -- C:\NTDETECT.COM[2005/04/01 07:00:00 | 00,214,432 | RHS- | M] () -- C:\ntldr[2010/01/17 17:43:28 | 14,092,86144 | -HS- | M] () -- C:\pagefile.sys[2008/12/16 16:31:37 | 00,000,573 | ---- | M] () -- C:\RHDSetup.log[2010/01/17 17:43:58 | 00,000,000 | ---- | M] () -- C:\RTHDCPL_Dump.txt< MD5 for: AGP440.SYS >[2005/04/01 07:00:00 | 06,553,075 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:AGP440.sys[2008/12/16 15:52:59 | 10,066,272 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:AGP440.sys[2003/06/19 14:05:04 | 00,021,008 | ---- | M] (Microsoft Corporation) MD5=CDDB71A90077C93BEA5C72507F0B1394 -- C:\WINNT\ServicePackFiles\i386\agp440.sys< MD5 for: ATAPI.SYS >[2005/04/01 07:00:00 | 06,553,075 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:atapi.sys[2008/12/16 15:52:59 | 10,066,272 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:atapi.sys[2003/06/19 14:05:04 | 00,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\ServicePackFiles\i386\atapi.sys[2005/04/01 07:00:00 | 00,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\system32\drivers\atapi.sys< MD5 for: EVENTLOG.DLL >[2003/06/19 14:05:04 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\$NtUpdateRollupPackUninstall$\eventlog.dll[2003/06/19 14:05:04 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\ServicePackFiles\i386\eventlog.dll[2005/04/01 07:00:00 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\system32\dllcache\eventlog.dll[2005/04/01 07:00:00 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\system32\eventlog.dll< MD5 for: NETLOGON.DLL >[2003/06/19 14:05:04 | 00,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\ServicePackFiles\i386\netlogon.dll[2005/04/01 07:00:00 | 00,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\system32\dllcache\netlogon.dll[2005/04/01 07:00:00 | 00,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\system32\netlogon.dll< MD5 for: SCECLI.DLL >[2003/06/19 14:05:04 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\$NtUpdateRollupPackUninstall$\scecli.dll[2003/06/19 14:05:04 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\ServicePackFiles\i386\scecli.dll[2005/04/01 07:00:00 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\system32\dllcache\scecli.dll[2005/04/01 07:00:00 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\system32\scecli.dll< %systemroot%\system32\*.dll /lockedfiles >[4 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]< %systemroot%\Tasks\*.job /lockedfiles >< %systemroot%\*. /mp /s >< %PROGRAMFILES%\*. >[2008/12/16 18:49:22 | 00,000,000 | ---D | M] -- C:\Program Files\Accessories[2009/07/16 01:31:52 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe[2009/01/25 09:07:59 | 00,000,000 | ---D | M] -- C:\Program Files\BitComet[2009/07/24 23:05:07 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files[2008/12/16 14:19:33 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications[2009/05/23 01:58:28 | 00,000,000 | ---D | M] -- C:\Program Files\Data Dynamics[2008/12/16 16:29:43 | 00,000,000 | ---D | M] -- C:\Program Files\Driver[2009/07/05 03:11:25 | 00,000,000 | ---D | M] -- C:\Program Files\EPSON[2009/12/19 21:30:48 | 00,000,000 | ---D | M] -- C:\Program Files\ESET[2009/01/27 13:48:39 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard[2009/01/27 13:46:56 | 00,000,000 | ---D | M] -- C:\Program Files\HP[2009/05/23 01:58:08 | 00,000,000 | ---D | M] -- C:\Program Files\Ingenuware[2009/10/18 11:18:05 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information[2009/12/17 22:31:34 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer[2010/01/17 17:16:39 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware[2009/05/23 01:52:12 | 00,000,000 | ---D | M] -- C:\Program Files\MapInfo MapX[2008/12/16 16:00:51 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync[2008/12/16 14:21:22 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage[2008/12/16 16:00:17 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office[2009/05/23 01:35:50 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server[2008/12/16 16:00:56 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET[2009/01/29 03:16:45 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0[2009/12/17 22:31:45 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting[2009/12/17 22:31:32 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express[2008/12/16 16:25:43 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek[2009/01/25 08:25:08 | 00,000,000 | ---D | M] -- C:\Program Files\Remote Desktop Control[2009/05/23 01:51:38 | 00,000,000 | ---D | M] -- C:\Program Files\Seagate Software[2009/06/10 23:09:36 | 00,000,000 | R--D | M] -- C:\Program Files\Skype[2009/01/25 08:34:58 | 00,000,000 | ---D | M] -- C:\Program Files\TeamViewer[2009/05/23 01:36:10 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information[2009/12/17 22:31:47 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player[2008/12/16 15:54:05 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT[2008/12/16 14:48:16 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate[2009/12/18 00:01:10 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR[2009/01/25 08:16:54 | 00,000,000 | ---D | M] -- C:\Program Files\WinZip< %userprofile%\Desktop\*.* >[2009/12/18 00:28:29 | 00,001,359 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Alpha Platinum.exe.lnk[2009/05/26 23:04:17 | 00,092,160 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Copy of Template_Artikuj_Celje.xls[2008/08/02 04:33:40 | 05,498,912 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\delete_setup.exe[2009/12/19 21:39:43 | 00,000,629 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\E-MAILI I HOTELIT.lnk[2009/12/12 16:02:46 | 31,616,000 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\eav_nt32_enu.msi[2009/12/13 14:46:10 | 09,099,811 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Hamrick[1].VueScan.Pro.v8.5.39..rar[2009/12/08 21:36:26 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Karboni C.doc[2009/07/05 22:59:11 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\KONTRATE E KLIENTIT ME IMPERIAL HOTEL.doc[2009/02/12 08:43:14 | 01,122,294 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\logo.bmp[2009/12/02 14:35:07 | 00,081,920 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\menuja e resorantit per seminaret.doc[2009/07/02 23:19:12 | 00,002,416 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Microsoft Office Excel 2003.lnk[2009/12/08 21:14:06 | 00,002,416 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Microsoft Office Word 2003.lnk[2009/06/24 19:06:06 | 00,233,064 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\myspace_cube.pdf[2009/07/05 03:31:31 | 00,374,112 | ---- | M] (Nitro PDF Software ) -- C:\Documents and Settings\sporteli\Desktop\nitro_pdf_professional.exe[2009/12/03 15:57:21 | 00,071,168 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\OFERTA.doc[2009/10/19 13:23:47 | 00,009,062 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\OFERTA.eml[2009/12/11 10:23:11 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Rasti 1.doc[2009/12/17 15:07:01 | 00,001,473 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Remote Desktop Connection.lnk[2009/01/25 08:29:37 | 07,345,754 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\TeamViewer[1].4.0.Build.5459_.rar[2009/09/23 13:47:46 | 00,228,864 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Vizioni.doc[2009/12/13 14:18:56 | 06,751,440 | ---- | M] (Hamrick Software) -- C:\Documents and Settings\sporteli\Desktop\vuesca85.exe[2010/01/16 21:00:57 | 00,000,538 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\VueScan.lnk[2009/05/22 22:13:25 | 01,144,168 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\sporteli\Desktop\wlsetup-custom.exe[2009/06/26 03:41:17 | 00,018,586 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\WM speech Tirana.rtf[2009/12/16 11:17:48 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\sporteli\Desktop\~$nuja e resorantit per seminaret.doc< %userprofile%\Desktop\*. >[2010/01/09 19:16:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\Avira AntiVir Premium v9.0.0.455[2009/05/14 01:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\DR[2010/01/08 19:02:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\G.Kormaku[2010/01/16 13:37:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\Gazmira[2009/10/18 12:20:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\LPT TO USB[2009/12/06 20:14:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\New Folder[2010/01/17 17:42:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\New Folder (2)[2010/01/17 17:27:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\New Folder (5)[2010/01/17 17:11:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\REGYSTRI< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-17 20:10:26========== Files - Unicode (All) ==========[2008/12/16 16:05:18 | 00,000,000 | R--D | M](C:\Documents and Settings\sporteli\My Documents\??) -- C:\Documents and Settings\sporteli\My Documents\安装[2008/12/16 16:05:17 | 00,000,000 | R--D | C](C:\Documents and Settings\sporteli\My Documents\??) -- C:\Documents and Settings\sporteli\My Documents\安装[2008/12/16 16:05:08 | 00,000,000 | R--D | M](C:\Documents and Settings\sporteli\My Documents\????) -- C:\Documents and Settings\sporteli\My Documents\使用说明[2008/12/16 16:05:07 | 00,000,000 | R--D | C](C:\Documents and Settings\sporteli\My Documents\????) -- C:\Documents and Settings\sporteli\My Documents\使用说明========== Alternate Data Streams ==========@Alternate Data Stream - 6584 bytes -> C:\Documents and Settings\sporteli\Desktop\logo.bmp:Q30lsldxJoudresxAaaqpcawXc< End of report >---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------GMER 1.0.15.15281 - http://www.gmer.netRootkit scan 2010-01-17 17:31:07Windows 5.0.2195 Service Pack 4Running: gmer.exe; Driver: C:\DOCUME~1\sporteli\LOCALS~1\Temp\pwkiifod.sys---- System - GMER 1.0.15 ----INT 0x52 ? F9190044INT 0x72 ? F925C844INT 0xA2 ? F9190BE4INT 0xA3 ? F91D6B64INT 0xB1 ? F928F044INT 0xB3 ? F91F5BE4---- Kernel code sections - GMER 1.0.15 ----? lljmn.sys The system cannot find the file specified. !.reloc C:\WINNT\system32\drivers\NDIS.sys section is executable [0xF919B200, 0x2FBCA, 0xE0000060].text C:\WINNT\system32\DRIVERS\nv4_mini.sys section is writeable [0xBF6AA360, 0x30AD87, 0xE8000020].text ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]---- User code sections - GMER 1.0.15 ----.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\WINNT\system32\services.exe[228] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FF947A4 .text C:\WINNT\system32\services.exe[228] ntdll.dll!NtCreateFile 77F8F9BA 3 Bytes CALL 7FF94715 .text C:\WINNT\system32\services.exe[228] ntdll.dll!NtCreateFile + 4 77F8F9BE 1 Byte [08].text C:\WINNT\system32\services.exe[228] ntdll.dll!NtQueryInformationProcess 77F93351 3 Bytes CALL 7FF947F2 .text C:\WINNT\system32\services.exe[228] ntdll.dll!NtQueryInformationProcess + 4 77F93355 1 Byte [08].text C:\WINNT\system32\services.exe[228] ntdll.dll!NtDeviceIoControlFile 77F950D4 5 Bytes CALL 7FF94A35 .text C:\WINNT\system32\services.exe[228] ntdll.dll!NtOpenFile 77F95337 5 Bytes CALL 7FF9479A .text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].reloc C:\WINNT\Explorer.EXE[1112] C:\WINNT\Explorer.EXE section is executable [0x0043C000, 0x7000, 0xE0000060].reloc C:\WINNT\Explorer.EXE[1112] C:\WINNT\Explorer.EXE entry point in ".reloc" section [0x00442A0C].text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08].text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08].text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]---- User IAT/EAT - GMER 1.0.15 ----IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!LoadLibraryExA] [732E78DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WININET.dll [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WININET.dll [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WININET.dll [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)---- Devices - GMER 1.0.15 ----Device \Driver\NDIS \Device\Ndis [F919F235] NDIS.sys[.reloc] ---- Registry - GMER 1.0.15 ----Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex 0---- Files - GMER 1.0.15 ----File C:\WINNT\system32\dllcache\ndis.sys (size mismatch) 200192/170656 bytes executableFile C:\WINNT\system32\drivers\ndis.sys (size mismatch) 200192/170656 bytes executableFile C:\WINNT\ServicePackFiles\i386\ndis.sys (size mismatch) 170928/170656 bytes executable---- EOF - GMER 1.0.15 --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------LockSearch by jpshortstuff (05.11.09.1)Log created at 17:26 on 17/01/2010 (sporteli)Scanning C:\C:\pagefile.sys-------------------------C:\WINNT\system32\12520437y.exe-------------------------C:\WINNT\system32\12520437y.exe [unable to get md5 : 80384 bytes]-=E.O.F=---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Quote Link to post Share on other sites
schrauber Posted January 17, 2010 Report Share Posted January 17, 2010 Hi,Download Combofix from any of the links below but rename it to <schrauber> before saving it to your desktop.Link 1Link 2--------------------------------------------------------------------Double click on the renamed Combofix.exe & follow the prompts.When finished, it will produce a report for you. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.This tool is not a toy and not for everyday use.ComboFix SHOULD NOT be used unless requested by a forum helperIf you need help, see this link:http://www.bleepingcomputer.com/combofix/how-to-use-combofix Quote Link to post Share on other sites
dragoi90 Posted January 18, 2010 Author Report Share Posted January 18, 2010 SCHRAUBER I GET AN ERROR TABLE:!!ALERT!!IT IS NOT SAFE TO CONTINUE.THE CONTENTS OF THE COMBOFIX HAS BEEN COMPROMISED!NOTE:YOU MAY BE INFECTED WITH A FILE PATCHING VIRUS "VIRUT"AND I GET ANOTHER TABLE WHEN THEY SAY THAT THE MEMORY COULD NOT BE WRITTEN AD COULD NOT BE READ!(2 ERROR WINDOWS) Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.