Recommended Posts

Rooter.exe (v1.0.2) by Eric_71

.

SeDebugPrivilege granted successfully ...

.

Windows 2000 . (5.0.2195) Service Pack 4

[32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel

.

Error OpenService (wscsvc) : 1060

[sharedAccess] STOPPED (state:1) : Windows Firewall -> Disabled !

.

Internet Explorer 5.00.3700.1000

.

A:\ [Removable]

C:\ [Fixed-NTFS] .. ( Total:8 Go - Free:3 Go )

D:\ [CD_Rom]

.

Scan : 17:25.15

Path : C:\Documents and Settings\sporteli\Desktop\New Folder (5)\Rooter.exe

User : sporteli ( Administrator -> YES )

.

----------------------\\ Processes

.

Locked [system Process] (0)

______ System (8)

______ \SystemRoot\System32\smss.exe (156)

______ \??\C:\WINNT\system32\csrss.exe (176)

______ \??\C:\WINNT\system32\winlogon.exe (168)

______ C:\WINNT\system32\services.exe (228)

______ C:\WINNT\system32\lsass.exe (244)

______ C:\WINNT\system32\svchost.exe (428)

______ C:\WINNT\system32\spoolsv.exe (456)

______ C:\WINNT\system32\svchost.exe (500)

______ C:\WINNT\system32\hidserv.exe (516)

______ C:\WINNT\System32\svchost.exe (576)

______ C:\WINNT\system32\nvsvc32.exe (592)

______ C:\WINNT\System32\svchost.exe (640)

______ C:\WINNT\system32\regsvc.exe (660)

______ C:\WINNT\system32\MSTask.exe (676)

______ C:\WINNT\System32\snmp.exe (712)

______ C:\WINNT\system32\stisvc.exe (816)

______ C:\WINNT\system32\svchost.exe (876)

______ C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (916)

______ C:\WINNT\system32\mspmspsv.exe (808)

______ C:\WINNT\system32\svchost.exe (944)

______ C:\WINNT\system32\svchost.exe (960)

______ C:\Program Files\TeamViewer\Version4\TeamViewer.exe (1084)

______ C:\WINNT\Explorer.EXE (1112)

______ C:\WINNT\RTHDCPL.EXE (1240)

______ C:\WINNT\system32\RUNDLL32.EXE (1284)

______ C:\WINNT\system32\RUNDLL32.EXE (1312)

______ C:\WINNT\system32\RUNDLL32.EXE (1320)

______ C:\WINNT\system32\RUNDLL32.EXE (1208)

______ C:\Program Files\Skype\Phone\Skype.exe (1288)

______ C:\Documents and Settings\sporteli\Desktop\New Folder (5)\Rooter.exe (1052)

.

----------------------\\ Device\Harddisk0\

.

\Device\Harddisk0 [sectors : 63 x 512 Bytes]

.

----------------------\\ Scheduled Tasks

.

C:\WINNT\Tasks\desktop.ini

C:\WINNT\Tasks\SA.DAT

.

----------------------\\ Registry

.

.

----------------------\\ Files & Folders

.

----------------------\\ Scan completed at 17:25.27

.

C:\Rooter$\Rooter_1.txt - (17/01/2010 | 17:25.27)

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

CKScanner - Additional Security Risks - These are not necessarily bad

c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eat.nfo

c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\file_id.diz

c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\eat.nfo

c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\eat_rls.2000-2009_1130.nfo

c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\file_id.diz

c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\eatvsp85\vuesca85_v8.5.39.exe

c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\eatvsp85\crack\vuescan.exe

scanner sequence 3.FA.11

----- EOF -----

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 17/01/2010 5:44:40 PM - Run 1

OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\sporteli\Desktop\New Folder (5)

Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation

Internet Explorer (Version = 5.00.3700.1000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

895.00 Mb Total Physical Memory | 674.00 Mb Available Physical Memory | 75.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 8.79 Gb Total Space | 3.48 Gb Free Space | 39.57% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: IMPERIAL-YJVVAC

Current User Name: sporteli

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- %1

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" %*

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DoNotAllowExceptions" = 0

"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINNT\fonts\services.exe" = C:\WINNT\fonts\services.exe:*:Enabled:services.exe -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{3E713D52-C967-41FB-AA24-3A92CC1025A4}" = Remote Desktop Connection

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{5932C9AC-9049-11D4-8111-005004D78BE4}" = ImpulseStudio 3.04

"{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs

"{7699B723-9718-41DE-8C18-549F341C02CE}" = Crystal Reports

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min

"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0

"{DCA1B4C0-98A5-418B-8293-45663180B6C5}" = DCA1B4C0-98A5-418B-8293-45663180B6C5

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer

"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0

"{FFD44E90-AEA4-4D25-AF53-5CE2723E88DA}" = MarketingReg

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"AERP_4.0.0" = AERP 4.0.0

"Data Dynamics SharpGrid 2.0" = Data Dynamics SharpGrid 2.0

"EPSON Printer and Utilities" = EPSON Printer Software

"LQ-300+II User's Guide" = LQ-300+II User's Guide

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft SQL Server 2000" = Microsoft SQL Server 2000

"NVIDIA Drivers" = NVIDIA Drivers

"Q828026" = Windows Media Player Hotfix [see Q828026 for more information]

"TeamViewer 4" = TeamViewer 4

"Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4

"VueScan" = VueScan

"WinRAR archiver" = WinRAR archiver

"WMP7" = Windows Media Player 7.1

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 19/12/2009 10:35:27 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 10005

Description = Product: ESET NOD32 Antivirus -- Error 5001. The computer has not

been restarted after a program uninstallation. Please restart the computer and run

the installer again.

Error - 19/12/2009 10:38:26 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920

Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn)

failed to start. Verify that you have sufficient privileges to start system services.

Error - 19/12/2009 10:38:56 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920

Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn)

failed to start. Verify that you have sufficient privileges to start system services.

Error - 19/12/2009 10:39:35 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 10005

Description = Product: ESET NOD32 Antivirus -- Error 5001. The computer has not

been restarted after a program uninstallation. Please restart the computer and run

the installer again.

Error - 19/12/2009 10:45:22 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920

Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn)

failed to start. Verify that you have sufficient privileges to start system services.

Error - 19/12/2009 10:45:55 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920

Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn)

failed to start. Verify that you have sufficient privileges to start system services.

Error - 19/12/2009 10:46:30 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920

Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn)

failed to start. Verify that you have sufficient privileges to start system services.

Error - 16/01/2010 9:07:54 PM | Computer Name = IMPERIAL-YJVVAC | Source = Userenv | ID = 1000

Description = Windows cannot unload your registry file. If you have a roaming profile,

your settings are not replicated. Contact your administrator. DETAIL - Access

is denied. , Build number ((2195)).

Error - 16/01/2010 9:50:04 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920

Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ESET Service'

(ekrn) failed to start. Verify that you have sufficient privileges to start system

services.

Error - 16/01/2010 9:50:34 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920

Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ESET Service'

(ekrn) failed to start. Verify that you have sufficient privileges to start system

services.

[ System Events ]

Error - 16/01/2010 8:48:20 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001

Description = The TCP/IP NetBIOS Helper Service service depends on the AFD Networking

Support Environment service which failed to start because of the following error:

%%1077

Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001

Description = The Messenger service depends on the NetBIOS Interface service which

failed to start because of the following error: %%31

Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001

Description = The System Event Notification service depends on the COM+ Event System

service which failed to start because of the following error: %%1077

Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001

Description = The Simple TCP/IP Services service depends on the AFD Networking Support

Environment service which failed to start because of the following error: %%1077

Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001

Description = The Background Intelligent Transfer Service service depends on the

Windows Management Instrumentation Driver Extensions service which failed to start

because of the following error: %%1077

Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001

Description = The Computer Browser service depends on the Server service which failed

to start because of the following error: %%1077

Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

BIOS MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 16/01/2010 8:50:53 PM | Computer Name = IMPERIAL-YJVVAC | Source = DCOM | ID = 10010

Description = The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register

with DCOM within the required timeout.

Error - 16/01/2010 8:54:00 PM | Computer Name = IMPERIAL-YJVVAC | Source = DCOM | ID = 10010

Description = The server {000C101C-0000-0000-C000-000000000046} did not register

with DCOM within the required timeout.

Error - 16/01/2010 9:06:54 PM | Computer Name = IMPERIAL-YJVVAC | Source = DCOM | ID = 10010

Description = The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register

with DCOM within the required timeout.

< End of report >

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 17/01/2010 5:44:40 PM - Run 1

OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\sporteli\Desktop\New Folder (5)

Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation

Internet Explorer (Version = 5.00.3700.1000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

895.00 Mb Total Physical Memory | 674.00 Mb Available Physical Memory | 75.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free

Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files

Drive C: | 8.79 Gb Total Space | 3.48 Gb Free Space | 39.57% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: IMPERIAL-YJVVAC

Current User Name: sporteli

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/17 17:43:52 | 00,019,456 | ---- | M] () -- C:\WINNT\Temp\VRT3.tmp

PRC - [2010/01/17 11:04:31 | 00,567,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sporteli\Desktop\New Folder (5)\OTL.exe

PRC - [2009/06/02 10:56:00 | 24,264,488 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe

PRC - [2008/12/23 08:04:10 | 03,950,376 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer.exe

PRC - [2008/12/23 07:44:46 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

PRC - [2007/12/20 10:47:36 | 16,882,176 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINNT\RTHDCPL.exe

PRC - [2007/11/27 21:26:00 | 00,176,128 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvsvc32.exe

PRC - [2005/04/01 07:00:00 | 00,263,168 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe

PRC - [2005/04/01 07:00:00 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\winmgmt.exe

PRC - [2005/04/01 07:00:00 | 00,139,264 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe

PRC - [2005/04/01 07:00:00 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe

PRC - [2005/04/01 07:00:00 | 00,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\stisvc.exe

PRC - [2005/04/01 07:00:00 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\snmp.exe

PRC - [2003/06/19 12:05:04 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\hidserv.exe

PRC - [2001/10/01 13:48:44 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mspmspsv.exe

========== Modules (SafeList) ==========

MOD - [2010/01/17 17:35:58 | 00,036,865 | ---- | M] () -- C:\WINNT\system32\msnjkwfb.dll

MOD - [2010/01/17 11:04:31 | 00,567,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sporteli\Desktop\New Folder (5)\OTL.exe

MOD - [2010/01/16 14:46:20 | 00,036,865 | ---- | M] () -- C:\WINNT\system32\mssheatr.dll

MOD - [2010/01/12 07:04:37 | 00,036,865 | ---- | M] () -- C:\WINNT\system32\msjuehus.dll

MOD - [2010/01/09 07:11:20 | 00,036,864 | ---- | M] () -- C:\WINNT\system32\msjgjzcu.dll

MOD - [2005/04/01 07:00:00 | 00,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll

========== Win32 Services (SafeList) ==========

SRV - [2008/12/23 07:44:46 | 00,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)

SRV - [2007/11/27 21:26:00 | 00,176,128 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINNT\system32\nvsvc32.exe -- (NVSvc)

SRV - [2007/03/11 21:35:02 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)

SRV - [2006/11/08 10:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINNT\system32\HPZipm12.dll -- (Pml Driver HPZ12)

SRV - [2006/11/08 10:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINNT\system32\HPZinw12.dll -- (Net Driver HPZ12)

SRV - [2005/04/01 07:00:00 | 00,217,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINNT\system32\wbem\winmgmt.exe -- (WinMgmt)

SRV - [2005/04/01 07:00:00 | 00,167,424 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)

SRV - [2005/04/01 07:00:00 | 00,139,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mstask.exe -- (Schedule)

SRV - [2005/04/01 07:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\faxsvc.exe -- (Fax)

SRV - [2005/04/01 07:00:00 | 00,088,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)

SRV - [2005/04/01 07:00:00 | 00,081,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\stisvc.exe -- (StiSvc)

SRV - [2005/04/01 07:00:00 | 00,080,384 | --S- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINNT\System32\1Bc.exe -- (TapiSrvIpripRemoteAccess)

SRV - [2005/04/01 07:00:00 | 00,080,384 | --S- | M] () [Auto | Stopped] -- C:\WINNT\System32\12520437y.exe -- (TapiSrvIprip)

SRV - [2005/04/01 07:00:00 | 00,050,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\snmp.exe -- (SNMP)

SRV - [2005/04/01 07:00:00 | 00,045,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINNT\system32\tcpsvcs.exe -- (SimpTcp)

SRV - [2005/04/01 07:00:00 | 00,042,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)

SRV - [2003/07/28 06:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2003/06/19 12:05:04 | 00,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\hidserv.exe -- (HidServ)

SRV - [2001/10/01 13:48:44 | 00,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mspmspsv.exe -- (WMDM PMSP Service)

SRV - [1999/12/07 07:00:00 | 00,034,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\iprip.dll -- (Iprip)

========== Driver Services (SafeList) ==========

DRV - [2008/01/07 04:32:06 | 00,029,096 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\teamviewervpn.sys -- (teamviewervpn)

DRV - [2007/12/20 12:00:06 | 04,637,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/11/27 21:26:00 | 06,866,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2007/11/17 02:43:56 | 00,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nvnetbus.sys -- (nvnetbus)

DRV - [2007/11/17 02:43:36 | 00,050,304 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NVENETFD.sys -- (NVENETFD)

DRV - [2007/10/12 02:53:10 | 00,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nvsmu.sys -- (nvsmu)

DRV - [2007/03/07 00:20:50 | 00,021,568 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HPZius12.sys -- (HPZius12)

DRV - [2007/03/07 00:20:49 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HPZipr12.sys -- (HPZipr12)

DRV - [2007/03/07 00:20:48 | 00,049,920 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HPZid412.sys -- (HPZid412)

DRV - [2005/04/01 07:00:00 | 00,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)

DRV - [2005/04/01 07:00:00 | 00,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\dmio.sys -- (dmio)

DRV - [2005/04/01 07:00:00 | 00,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel)

DRV - [2005/04/01 07:00:00 | 00,049,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20)

DRV - [2005/04/01 07:00:00 | 00,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\system32\drivers\efs.sys -- (EFS)

DRV - [2005/04/01 07:00:00 | 00,024,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\openhci.sys -- (openhci)

DRV - [2005/04/01 07:00:00 | 00,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)

DRV - [2005/04/01 07:00:00 | 00,017,680 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ptilink.sys -- (Ptilink)

DRV - [2005/04/01 07:00:00 | 00,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)

DRV - [2005/04/01 07:00:00 | 00,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\diskperf.sys -- (Diskperf)

DRV - [2005/04/01 07:00:00 | 00,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\dmload.sys -- (dmload)

DRV - [2005/04/01 07:00:00 | 00,006,992 | ---- | M] (SGI) [Kernel | System | Stopped] -- C:\WINNT\system32\drivers\sglfb.sys -- (sglfb)

DRV - [2005/03/16 01:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINNT\system32\drivers\BIOS.sys -- (BIOS)

DRV - [2005/01/07 11:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004/07/08 22:26:38 | 00,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([1999/12/07 07:00:00 | 00,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (@msdxmLC.dll,[email protected],&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()

O4 - HKLM..\Run: [Alcmtr] C:\WINNT\Alcmtr.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [AlcWzrd] C:\WINNT\alcwzrd.exe (RealTek Semicoductor Corp.)

O4 - HKLM..\Run: [gxwiyi] C:\WINNT\System32\msnjkwfb.DLL ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe ()

O4 - HKLM..\Run: [qquaqe] C:\WINNT\System32\msjgjzcu.DLL ()

O4 - HKLM..\Run: [rscqdr] C:\WINNT\System32\mssheatr.DLL ()

O4 - HKLM..\Run: [RTHDCPL] C:\WINNT\RTHDCPL.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [skyTel] C:\WINNT\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [soundMan] C:\WINNT\SoundMan.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [synchronization Manager] C:\WINNT\System32\mobsync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [vkqzej] C:\WINNT\System32\msjuehus.DLL ()

O4 - HKCU..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - HKLM..\RunOnce: [[email protected]] Reg Error: Invalid data type. File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\related.htm ()

O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\related.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\rnr20.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229456552406 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229462185640 (MUWebControl Class)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39798.4922337963 (Update Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()

O18 - Protocol\Filter\Class Install Handler - No CLSID value found

O18 - Protocol\Filter\deflate - No CLSID value found

O18 - Protocol\Filter\gzip - No CLSID value found

O18 - Protocol\Filter\lzdhtml - No CLSID value found

O18 - Protocol\Filter\text/webviewhtml - No CLSID value found

O18 - Protocol\Filter\text/xml - No CLSID value found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\sporteli\My Documents\My Pictures\5722_large.jpg

O24 - Desktop BackupWallPaper: C:\WINNT\Zapotec.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/12/17 23:50:07 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

NetSvcs: BtwSrv - File not found

NetSvcs: Ias - C:\WINNT\system32\ias [2009/12/17 15:47:03 | 00,000,000 | ---D | M]

NetSvcs: Iprip - C:\WINNT\system32\iprip.dll (Microsoft Corporation)

NetSvcs: Irmon - C:\WINNT\system32\irmon.dll (Microsoft Corporation)

NetSvcs: Nwsapagent - File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: dmadmin - C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.)

SafeBootMin: dmboot.sys - C:\WINNT\system32\drivers\dmboot.sys (VERITAS Software Corp.)

SafeBootMin: dmio.sys - C:\WINNT\system32\DRIVERS\dmio.sys (VERITAS Software Corp.)

SafeBootMin: dmload.sys - C:\WINNT\system32\drivers\dmload.sys (VERITAS Software Corp.)

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: sglfb.sys - C:\WINNT\system32\drivers\sglfb.sys (SGI)

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: tga.sys - File not found

SafeBootMin: vga.sys - Driver

SafeBootMin: WinMgmt - C:\WINNT\system32\wbem\winmgmt.exe (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: dmadmin - C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.)

SafeBootNet: dmboot.sys - C:\WINNT\system32\drivers\dmboot.sys (VERITAS Software Corp.)

SafeBootNet: dmio.sys - C:\WINNT\system32\DRIVERS\dmio.sys (VERITAS Software Corp.)

SafeBootNet: dmload.sys - C:\WINNT\system32\drivers\dmload.sys (VERITAS Software Corp.)

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NBF - Service

SafeBootNet: nbf.sys - Driver

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: sglfb.sys - C:\WINNT\system32\drivers\sglfb.sys (SGI)

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: tga.sys - File not found

SafeBootNet: vga.sys - Driver

SafeBootNet: WinMgmt - C:\WINNT\system32\wbem\winmgmt.exe (Microsoft Corporation)

SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java

ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe

ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {1b0357b8-e3fb-4918-915c-a8eb232c273e} - KB973354

ActiveX: {1d939273-21ce-4e7f-be14-490866ec66c2} - KB976325

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {390e5bb4-1d89-4343-b62d-b76303708a1d} - KB969897

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {3c0d61fe-1db3-4d0b-8477-3cb53eab9469} - KB951066

ActiveX: {3e843540-63b3-42d7-9f4d-812ffd1e767a} - KB974455

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Visual Basic Scripting Support

ActiveX: {4fe13360-e1fd-11d2-83c7-0000f8051539} - Microsoft New ChangJie IME 98a

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {685e3910-1f77-49b9-9434-50bcd95c51ab} - KB905495

ActiveX: {6A5110B5-E14B-4268-A065-EF89FF33C325} - regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player 7

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {7da6528e-45a6-4022-9e41-c45a8cf33eb5} - KB963027

ActiveX: {80b81c71-14cd-41c3-9e8c-08b9e06d02ef} - KB960714

ActiveX: {81aded60-e2d0-11d2-83c7-0000f8051539} - Microsoft New Phonetic IME 98a

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl

ActiveX: {A00BF2EB-56EE-4fde-B5EA-6A8FA425B2A5} - W2KAppComp

ActiveX: {b6609c7e-4ad5-4b8b-9da5-9edbc50f7592} - KB958869

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {e41091c0-06d5-474f-836e-dd190348ea18} - KB958215

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {f156e5b2-f52e-4094-800c-e7392fe62314} - KB938464

ActiveX: {f351bc8e-a11b-44ba-a436-cee0d27e3abb} - KB976749

ActiveX: {f3d9c2d1-579f-4d41-95ba-5354eeb398d0} - KB972260

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\system32\setup\wmpocm.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - "%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigIE

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - "%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigOE

Drivers32: aux - C:\WINNT\System32\mmdrv.dll (Microsoft Corporation)

Drivers32: aux3 - File not found

Drivers32: aux4 - File not found

Drivers32: aux5 - File not found

Drivers32: aux6 - File not found

Drivers32: aux7 - File not found

Drivers32: aux8 - File not found

Drivers32: aux9 - File not found

Drivers32: midi2 - File not found

Drivers32: midi3 - File not found

Drivers32: midi4 - File not found

Drivers32: midi5 - File not found

Drivers32: midi6 - File not found

Drivers32: midi7 - File not found

Drivers32: midi8 - File not found

Drivers32: midi9 - File not found

Drivers32: mixer2 - File not found

Drivers32: mixer3 - File not found

Drivers32: mixer4 - File not found

Drivers32: mixer5 - File not found

Drivers32: mixer6 - File not found

Drivers32: mixer7 - File not found

Drivers32: mixer8 - File not found

Drivers32: mixer9 - File not found

Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lhacm - C:\WINNT\System32\lhacm.acm (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()

Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)

Drivers32: wave2 - File not found

Drivers32: wave3 - File not found

Drivers32: wave4 - File not found

Drivers32: wave5 - File not found

Drivers32: wave6 - File not found

Drivers32: wave7 - File not found

Drivers32: wave8 - File not found

Drivers32: wave9 - File not found

SystemRestore not available.

========== Files/Folders - Created Within 30 Days ==========

[2010/01/17 17:25:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Desktop\New Folder (2)

[2010/01/17 17:25:27 | 00,000,000 | ---D | C] -- C:\Rooter$

[2010/01/17 17:16:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Application Data\Malwarebytes

[2010/01/17 17:16:37 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys

[2010/01/17 17:16:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/01/17 17:16:35 | 00,018,520 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys

[2010/01/17 17:16:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/01/17 17:11:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Desktop\REGYSTRI

[2010/01/17 17:11:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Desktop\New Folder (5)

[2010/01/14 07:34:17 | 00,245,520 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\winsrv.dll

[2010/01/09 19:16:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Desktop\Avira AntiVir Premium v9.0.0.455

[2010/01/09 19:14:23 | 00,016,496 | R--- | C] (HP) -- C:\WINNT\System32\drivers\HPZipr12.sys

[2010/01/09 19:14:13 | 00,049,920 | R--- | C] (HP) -- C:\WINNT\System32\drivers\HPZid412.sys

[2010/01/09 19:14:11 | 00,364,544 | R--- | C] (Hewlett-Packard) -- C:\WINNT\System32\hppldcoi.dll

[2010/01/09 19:14:11 | 00,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINNT\System32\difxapi.dll

[2010/01/09 19:14:10 | 00,569,344 | R--- | C] (Hewlett-Packard Co.) -- C:\WINNT\System32\hpotscl3.dll

[2010/01/09 19:14:10 | 00,303,104 | R--- | C] (Hewlett-Packard Co.) -- C:\WINNT\System32\hpovst10.dll

[2010/01/09 19:14:10 | 00,229,376 | R--- | C] (Hewlett-Packard) -- C:\WINNT\System32\hpotpusd.dll

[2010/01/09 19:14:08 | 00,021,568 | R--- | C] (HP) -- C:\WINNT\System32\drivers\HPZius12.sys

[2010/01/06 15:02:08 | 00,052,496 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\mtxclu.dll

[2010/01/04 15:06:42 | 01,735,808 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\NTKRPAMP.EXE

[2010/01/04 15:06:42 | 01,714,496 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\NTKRNLMP.EXE

[2010/01/04 15:06:42 | 01,713,536 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ntkrnlpa.exe

[2010/01/04 15:06:42 | 01,690,880 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ntoskrnl.exe

[2010/01/04 12:20:43 | 00,138,000 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\faxui.dll

[2010/01/04 12:20:43 | 00,138,000 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\faxui.dll

[2010/01/01 07:49:09 | 00,000,000 | ---D | C] -- C:\DrWatson

[2009/12/19 21:30:48 | 00,000,000 | ---D | C] -- C:\Program Files\ESET

[4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/17 17:46:23 | 00,033,280 | ---- | M] (Andreas Hausladen) -- C:\WINNT\System32\4633753.exe

[2010/01/17 17:45:27 | 01,847,296 | -H-- | M] () -- C:\Documents and Settings\sporteli\NTUSER.DAT

[2010/01/17 17:44:03 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2cc.dat

[2010/01/17 17:43:44 | 00,000,032 | --S- | M] () -- C:\WINNT\System32\1755361127.dat

[2010/01/17 17:43:38 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT

[2010/01/17 17:37:21 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2c0.dat

[2010/01/17 17:36:02 | 00,000,116 | ---- | M] () -- C:\WINNT\System32\757890.BAT

[2010/01/17 17:35:58 | 00,048,640 | ---- | M] () -- C:\WINNT\System32\2561086.exe

[2010/01/17 17:35:58 | 00,036,865 | ---- | M] () -- C:\WINNT\System32\msnjkwfb.dll

[2010/01/17 17:24:12 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2c8.dat

[2010/01/17 17:22:07 | 00,465,166 | -H-- | M] () -- C:\WINNT\ShellIconCache

[2010/01/17 17:16:39 | 00,000,569 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/01/17 17:16:15 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_348.dat

[2010/01/16 22:42:31 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_354.dat

[2010/01/16 21:19:20 | 00,000,280 | -HS- | M] () -- C:\Documents and Settings\sporteli\ntuser.ini

[2010/01/16 21:00:57 | 00,000,538 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\VueScan.lnk

[2010/01/16 20:09:53 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_300.dat

[2010/01/16 19:38:56 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_320.dat

[2010/01/16 15:00:09 | 00,001,166 | -H-- | M] () -- C:\Documents and Settings\sporteli\My Documents\Default.rdp

[2010/01/16 14:46:20 | 00,036,865 | ---- | M] () -- C:\WINNT\System32\mssheatr.dll

[2010/01/16 14:43:43 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_34c.dat

[2010/01/16 08:22:10 | 00,002,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010/01/16 07:09:59 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_854.dat

[2010/01/15 07:23:40 | 00,180,240 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT

[2010/01/15 07:05:42 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_790.dat

[2010/01/15 00:32:08 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_340.dat

[2010/01/14 07:32:28 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_324.dat

[2010/01/12 15:03:21 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_78c.dat

[2010/01/12 07:04:37 | 00,036,865 | ---- | M] () -- C:\WINNT\System32\msjuehus.dll

[2010/01/12 07:03:46 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_388.dat

[2010/01/09 19:16:08 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2f8.dat

[2010/01/09 07:11:20 | 00,036,864 | ---- | M] () -- C:\WINNT\System32\msjgjzcu.dll

[2010/01/09 07:10:15 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_71c.dat

[2010/01/08 07:03:18 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_72c.dat

[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys

[2010/01/07 16:07:04 | 00,018,520 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys

[2010/01/07 07:18:47 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5b0.dat

[2010/01/07 07:00:36 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_6bc.dat

[2010/01/06 07:09:27 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_67c.dat

[2010/01/05 07:40:36 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5f8.dat

[2010/01/05 07:23:29 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5d8.dat

[2010/01/04 07:16:18 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4e4.dat

[2010/01/02 07:18:25 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4b0.dat

[2009/12/30 07:40:15 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4d8.dat

[2009/12/30 07:21:56 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_524.dat

[2009/12/28 11:23:12 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2ec.dat

[2009/12/27 15:13:48 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4d0.dat

[2009/12/27 07:52:12 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_510.dat

[2009/12/26 10:53:28 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_1c70.dat

[2009/12/26 07:55:09 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_120c.dat

[2009/12/26 07:53:56 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_274.dat

[2009/12/25 12:46:14 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2e0.dat

[2009/12/25 11:16:55 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_378.dat

[2009/12/24 15:41:14 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_35c.dat

[2009/12/24 07:59:33 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_47c.dat

[2009/12/24 07:36:51 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_3c0.dat

[2009/12/23 08:12:48 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_44c.dat

[2009/12/22 07:48:10 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_394.dat

[2009/12/22 07:25:25 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4c0.dat

[2009/12/20 10:33:23 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4e8.dat

[2009/12/20 08:11:06 | 00,000,120 | ---- | M] () -- C:\WINNT\System32\7138178.exe

[2009/12/19 21:42:14 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2ac.dat

[2009/12/19 21:39:43 | 00,000,629 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\E-MAILI I HOTELIT.lnk

[2009/12/19 21:36:55 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2d0.dat

[2009/12/19 21:36:53 | 00,170,656 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ndis.sys

[2009/12/19 21:30:28 | 00,000,120 | ---- | M] () -- C:\WINNT\System32\7552737.exe

[2009/12/19 21:28:45 | 00,107,520 | RHS- | M] () -- C:\WINNT\het7upd.exe

[2009/12/19 21:28:40 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2dc.dat

[4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/17 17:44:03 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2cc.dat

[2010/01/17 17:37:21 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2c0.dat

[2010/01/17 17:36:02 | 00,000,116 | ---- | C] () -- C:\WINNT\System32\757890.BAT

[2010/01/17 17:35:58 | 00,048,640 | ---- | C] () -- C:\WINNT\System32\2561086.exe

[2010/01/17 17:35:58 | 00,036,865 | ---- | C] () -- C:\WINNT\System32\msnjkwfb.dll

[2010/01/17 17:24:12 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2c8.dat

[2010/01/17 17:16:39 | 00,000,569 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/01/17 17:16:15 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_348.dat

[2010/01/16 22:44:18 | 00,465,166 | -H-- | C] () -- C:\WINNT\ShellIconCache

[2010/01/16 22:42:31 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_354.dat

[2010/01/16 20:09:53 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_300.dat

[2010/01/16 19:38:56 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_320.dat

[2010/01/16 14:46:20 | 00,036,865 | ---- | C] () -- C:\WINNT\System32\mssheatr.dll

[2010/01/16 14:43:43 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_34c.dat

[2010/01/16 07:09:59 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_854.dat

[2010/01/16 07:09:49 | 00,000,032 | --S- | C] () -- C:\WINNT\System32\1755361127.dat

[2010/01/15 07:05:42 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_790.dat

[2010/01/15 00:32:08 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_340.dat

[2010/01/14 07:32:28 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_324.dat

[2010/01/12 15:03:21 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_78c.dat

[2010/01/12 07:04:37 | 00,036,865 | ---- | C] () -- C:\WINNT\System32\msjuehus.dll

[2010/01/12 07:03:46 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_388.dat

[2010/01/09 19:16:08 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2f8.dat

[2010/01/09 07:11:20 | 00,036,864 | ---- | C] () -- C:\WINNT\System32\msjgjzcu.dll

[2010/01/09 07:10:15 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_71c.dat

[2010/01/08 07:03:18 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_72c.dat

[2010/01/07 07:18:47 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5b0.dat

[2010/01/07 07:00:36 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_6bc.dat

[2010/01/06 07:09:27 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_67c.dat

[2010/01/05 07:40:36 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5f8.dat

[2010/01/05 07:23:29 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5d8.dat

[2010/01/04 07:16:18 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4e4.dat

[2010/01/02 07:18:25 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4b0.dat

[2009/12/30 07:40:15 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4d8.dat

[2009/12/30 07:21:56 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_524.dat

[2009/12/28 11:23:12 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2ec.dat

[2009/12/27 15:13:48 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4d0.dat

[2009/12/27 07:52:12 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_510.dat

[2009/12/26 10:53:28 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_1c70.dat

[2009/12/26 07:55:09 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_120c.dat

[2009/12/26 07:53:56 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_274.dat

[2009/12/25 12:46:14 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2e0.dat

[2009/12/25 11:16:55 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_378.dat

[2009/12/24 15:41:14 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_35c.dat

[2009/12/24 07:59:33 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_47c.dat

[2009/12/24 07:36:51 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3c0.dat

[2009/12/23 08:12:48 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_44c.dat

[2009/12/22 07:48:10 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_394.dat

[2009/12/22 07:25:25 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4c0.dat

[2009/12/20 10:33:23 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4e8.dat

[2009/12/20 08:11:06 | 00,000,120 | ---- | C] () -- C:\WINNT\System32\7138178.exe

[2009/12/19 21:42:14 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2ac.dat

[2009/12/19 21:36:55 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2d0.dat

[2009/12/19 21:33:13 | 31,616,000 | ---- | C] () -- C:\Documents and Settings\sporteli\Desktop\eav_nt32_enu.msi

[2009/12/19 21:30:28 | 00,000,120 | ---- | C] () -- C:\WINNT\System32\7552737.exe

[2009/12/19 21:28:46 | 00,107,520 | RHS- | C] () -- C:\WINNT\het7upd.exe

[2009/12/19 21:28:40 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2dc.dat

[2009/07/24 23:04:29 | 00,000,025 | ---- | C] () -- C:\WINNT\CDELQ300+II_Eu.ini

[2009/02/01 04:44:35 | 01,290,240 | ---- | C] () -- C:\WINNT\System32\wmploc.dll

[2009/02/01 04:44:35 | 01,122,304 | ---- | C] () -- C:\WINNT\System32\wmpui.dll

[2009/02/01 04:44:35 | 00,270,336 | ---- | C] () -- C:\WINNT\System32\pdbrowse.dll

[2009/02/01 04:44:35 | 00,184,320 | ---- | C] () -- C:\WINNT\System32\wmpcd.dll

[2009/02/01 04:44:34 | 00,147,456 | ---- | C] () -- C:\WINNT\System32\CEWMDM.dll

[2009/01/27 13:45:14 | 00,001,298 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2008/12/16 16:21:09 | 00,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll

[2008/12/16 16:20:59 | 00,173,056 | ---- | C] () -- C:\WINNT\System32\qasf.dll

[2008/12/16 16:01:58 | 00,001,078 | ---- | C] () -- C:\WINNT\ODBC.INI

[2008/12/16 14:20:30 | 00,021,952 | -H-- | C] () -- C:\Program Files\folder.htt

[2007/11/27 21:26:00 | 01,703,936 | ---- | C] () -- C:\WINNT\System32\nvwdmcpl.dll

[2007/11/27 21:26:00 | 01,474,560 | ---- | C] () -- C:\WINNT\System32\nview.dll

[2007/11/27 21:26:00 | 01,019,904 | ---- | C] () -- C:\WINNT\System32\nvwimg.dll

[2007/11/27 21:26:00 | 00,466,944 | ---- | C] () -- C:\WINNT\System32\nvshell.dll

[2007/11/27 21:26:00 | 00,286,720 | ---- | C] () -- C:\WINNT\System32\nvnt4cpl.dll

[2005/04/01 07:00:00 | 00,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll

[2005/04/01 07:00:00 | 00,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll

[2005/04/01 07:00:00 | 00,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini

[2005/04/01 07:00:00 | 00,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini

[2005/04/01 07:00:00 | 00,000,023 | ---- | C] () -- C:\WINNT\welcome.ini

[2003/09/17 11:13:54 | 00,815,104 | ---- | C] () -- C:\WINNT\System32\wmpcore.dll

[2003/01/07 09:05:08 | 00,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI

[2000/10/25 20:15:00 | 00,017,920 | ---- | C] () -- C:\WINNT\System32\Implode.dll

[1999/10/26 03:00:00 | 00,028,672 | ---- | C] () -- C:\WINNT\System32\CRInf9.dll

[1999/09/25 05:36:24 | 00,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys

[1999/09/25 05:36:22 | 00,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys

[1999/03/12 03:00:00 | 00,299,008 | ---- | C] () -- C:\WINNT\System32\Crutl14.dll

[1999/03/12 03:00:00 | 00,045,056 | ---- | C] () -- C:\WINNT\System32\Crsybdtc14.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2005/04/01 07:00:00 | 00,150,528 | RHS- | M] () -- C:\arcldr.exe

[2005/04/01 07:00:00 | 00,163,840 | RHS- | M] () -- C:\arcsetup.exe

[2009/12/17 23:50:07 | 00,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT

[2009/12/17 22:30:30 | 00,000,192 | -HS- | M] () -- C:\boot.ini

[2009/08/06 01:43:44 | 11,923,854 | ---- | M] () -- C:\br.bmp

[2009/12/17 23:50:07 | 00,000,000 | -H-- | M] () -- C:\CONFIG.SYS

[2008/12/16 14:20:56 | 00,000,000 | RHS- | M] () -- C:\IO.SYS

[2008/12/16 14:20:56 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008/12/16 16:31:37 | 00,000,206 | ---- | M] () -- C:\mylog.log

[2009/07/05 03:31:31 | 00,374,112 | ---- | M] (Nitro PDF Software ) -- C:\nitro_pdf_professional.exe

[2005/04/01 07:00:00 | 00,034,724 | RHS- | M] () -- C:\NTDETECT.COM

[2005/04/01 07:00:00 | 00,214,432 | RHS- | M] () -- C:\ntldr

[2010/01/17 17:43:28 | 14,092,86144 | -HS- | M] () -- C:\pagefile.sys

[2008/12/16 16:31:37 | 00,000,573 | ---- | M] () -- C:\RHDSetup.log

[2010/01/17 17:43:58 | 00,000,000 | ---- | M] () -- C:\RTHDCPL_Dump.txt

< MD5 for: AGP440.SYS >

[2005/04/01 07:00:00 | 06,553,075 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:AGP440.sys

[2008/12/16 15:52:59 | 10,066,272 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:AGP440.sys

[2003/06/19 14:05:04 | 00,021,008 | ---- | M] (Microsoft Corporation) MD5=CDDB71A90077C93BEA5C72507F0B1394 -- C:\WINNT\ServicePackFiles\i386\agp440.sys

< MD5 for: ATAPI.SYS >

[2005/04/01 07:00:00 | 06,553,075 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:atapi.sys

[2008/12/16 15:52:59 | 10,066,272 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:atapi.sys

[2003/06/19 14:05:04 | 00,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\ServicePackFiles\i386\atapi.sys

[2005/04/01 07:00:00 | 00,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2003/06/19 14:05:04 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\$NtUpdateRollupPackUninstall$\eventlog.dll

[2003/06/19 14:05:04 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\ServicePackFiles\i386\eventlog.dll

[2005/04/01 07:00:00 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\system32\dllcache\eventlog.dll

[2005/04/01 07:00:00 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >

[2003/06/19 14:05:04 | 00,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\ServicePackFiles\i386\netlogon.dll

[2005/04/01 07:00:00 | 00,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\system32\dllcache\netlogon.dll

[2005/04/01 07:00:00 | 00,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\system32\netlogon.dll

< MD5 for: SCECLI.DLL >

[2003/06/19 14:05:04 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\$NtUpdateRollupPackUninstall$\scecli.dll

[2003/06/19 14:05:04 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\ServicePackFiles\i386\scecli.dll

[2005/04/01 07:00:00 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\system32\dllcache\scecli.dll

[2005/04/01 07:00:00 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\system32\scecli.dll

< %systemroot%\system32\*.dll /lockedfiles >

[4 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*. /mp /s >

< %PROGRAMFILES%\*. >

[2008/12/16 18:49:22 | 00,000,000 | ---D | M] -- C:\Program Files\Accessories

[2009/07/16 01:31:52 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe

[2009/01/25 09:07:59 | 00,000,000 | ---D | M] -- C:\Program Files\BitComet

[2009/07/24 23:05:07 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files

[2008/12/16 14:19:33 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications

[2009/05/23 01:58:28 | 00,000,000 | ---D | M] -- C:\Program Files\Data Dynamics

[2008/12/16 16:29:43 | 00,000,000 | ---D | M] -- C:\Program Files\Driver

[2009/07/05 03:11:25 | 00,000,000 | ---D | M] -- C:\Program Files\EPSON

[2009/12/19 21:30:48 | 00,000,000 | ---D | M] -- C:\Program Files\ESET

[2009/01/27 13:48:39 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard

[2009/01/27 13:46:56 | 00,000,000 | ---D | M] -- C:\Program Files\HP

[2009/05/23 01:58:08 | 00,000,000 | ---D | M] -- C:\Program Files\Ingenuware

[2009/10/18 11:18:05 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information

[2009/12/17 22:31:34 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer

[2010/01/17 17:16:39 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/05/23 01:52:12 | 00,000,000 | ---D | M] -- C:\Program Files\MapInfo MapX

[2008/12/16 16:00:51 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync

[2008/12/16 14:21:22 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage

[2008/12/16 16:00:17 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office

[2009/05/23 01:35:50 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server

[2008/12/16 16:00:56 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET

[2009/01/29 03:16:45 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0

[2009/12/17 22:31:45 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting

[2009/12/17 22:31:32 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express

[2008/12/16 16:25:43 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek

[2009/01/25 08:25:08 | 00,000,000 | ---D | M] -- C:\Program Files\Remote Desktop Control

[2009/05/23 01:51:38 | 00,000,000 | ---D | M] -- C:\Program Files\Seagate Software

[2009/06/10 23:09:36 | 00,000,000 | R--D | M] -- C:\Program Files\Skype

[2009/01/25 08:34:58 | 00,000,000 | ---D | M] -- C:\Program Files\TeamViewer

[2009/05/23 01:36:10 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information

[2009/12/17 22:31:47 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player

[2008/12/16 15:54:05 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT

[2008/12/16 14:48:16 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate

[2009/12/18 00:01:10 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR

[2009/01/25 08:16:54 | 00,000,000 | ---D | M] -- C:\Program Files\WinZip

< %userprofile%\Desktop\*.* >

[2009/12/18 00:28:29 | 00,001,359 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Alpha Platinum.exe.lnk

[2009/05/26 23:04:17 | 00,092,160 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Copy of Template_Artikuj_Celje.xls

[2008/08/02 04:33:40 | 05,498,912 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\delete_setup.exe

[2009/12/19 21:39:43 | 00,000,629 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\E-MAILI I HOTELIT.lnk

[2009/12/12 16:02:46 | 31,616,000 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\eav_nt32_enu.msi

[2009/12/13 14:46:10 | 09,099,811 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Hamrick[1].VueScan.Pro.v8.5.39..rar

[2009/12/08 21:36:26 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Karboni C.doc

[2009/07/05 22:59:11 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\KONTRATE E KLIENTIT ME IMPERIAL HOTEL.doc

[2009/02/12 08:43:14 | 01,122,294 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\logo.bmp

[2009/12/02 14:35:07 | 00,081,920 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\menuja e resorantit per seminaret.doc

[2009/07/02 23:19:12 | 00,002,416 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Microsoft Office Excel 2003.lnk

[2009/12/08 21:14:06 | 00,002,416 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Microsoft Office Word 2003.lnk

[2009/06/24 19:06:06 | 00,233,064 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\myspace_cube.pdf

[2009/07/05 03:31:31 | 00,374,112 | ---- | M] (Nitro PDF Software ) -- C:\Documents and Settings\sporteli\Desktop\nitro_pdf_professional.exe

[2009/12/03 15:57:21 | 00,071,168 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\OFERTA.doc

[2009/10/19 13:23:47 | 00,009,062 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\OFERTA.eml

[2009/12/11 10:23:11 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Rasti 1.doc

[2009/12/17 15:07:01 | 00,001,473 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Remote Desktop Connection.lnk

[2009/01/25 08:29:37 | 07,345,754 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\TeamViewer[1].4.0.Build.5459_.rar

[2009/09/23 13:47:46 | 00,228,864 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Vizioni.doc

[2009/12/13 14:18:56 | 06,751,440 | ---- | M] (Hamrick Software) -- C:\Documents and Settings\sporteli\Desktop\vuesca85.exe

[2010/01/16 21:00:57 | 00,000,538 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\VueScan.lnk

[2009/05/22 22:13:25 | 01,144,168 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\sporteli\Desktop\wlsetup-custom.exe

[2009/06/26 03:41:17 | 00,018,586 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\WM speech Tirana.rtf

[2009/12/16 11:17:48 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\sporteli\Desktop\~$nuja e resorantit per seminaret.doc

< %userprofile%\Desktop\*. >

[2010/01/09 19:16:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\Avira AntiVir Premium v9.0.0.455

[2009/05/14 01:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\DR

[2010/01/08 19:02:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\G.Kormaku

[2010/01/16 13:37:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\Gazmira

[2009/10/18 12:20:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\LPT TO USB

[2009/12/06 20:14:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\New Folder

[2010/01/17 17:42:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\New Folder (2)

[2010/01/17 17:27:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\New Folder (5)

[2010/01/17 17:11:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\REGYSTRI

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-17 20:10:26

========== Files - Unicode (All) ==========

[2008/12/16 16:05:18 | 00,000,000 | R--D | M](C:\Documents and Settings\sporteli\My Documents\??) -- C:\Documents and Settings\sporteli\My Documents\安装

[2008/12/16 16:05:17 | 00,000,000 | R--D | C](C:\Documents and Settings\sporteli\My Documents\??) -- C:\Documents and Settings\sporteli\My Documents\安装

[2008/12/16 16:05:08 | 00,000,000 | R--D | M](C:\Documents and Settings\sporteli\My Documents\????) -- C:\Documents and Settings\sporteli\My Documents\使用说明

[2008/12/16 16:05:07 | 00,000,000 | R--D | C](C:\Documents and Settings\sporteli\My Documents\????) -- C:\Documents and Settings\sporteli\My Documents\使用说明

========== Alternate Data Streams ==========

@Alternate Data Stream - 6584 bytes -> C:\Documents and Settings\sporteli\Desktop\logo.bmp:Q30lsldxJoudresxAaaqpcawXc

< End of report >

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-01-17 17:31:07

Windows 5.0.2195 Service Pack 4

Running: gmer.exe; Driver: C:\DOCUME~1\sporteli\LOCALS~1\Temp\pwkiifod.sys

---- System - GMER 1.0.15 ----

INT 0x52 ? F9190044

INT 0x72 ? F925C844

INT 0xA2 ? F9190BE4

INT 0xA3 ? F91D6B64

INT 0xB1 ? F928F044

INT 0xB3 ? F91F5BE4

---- Kernel code sections - GMER 1.0.15 ----

? lljmn.sys The system cannot find the file specified. !

.reloc C:\WINNT\system32\drivers\NDIS.sys section is executable [0xF919B200, 0x2FBCA, 0xE0000060]

.text C:\WINNT\system32\DRIVERS\nv4_mini.sys section is writeable [0xBF6AA360, 0x30AD87, 0xE8000020]

.text ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

---- User code sections - GMER 1.0.15 ----

.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\WINNT\system32\services.exe[228] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FF947A4

.text C:\WINNT\system32\services.exe[228] ntdll.dll!NtCreateFile 77F8F9BA 3 Bytes CALL 7FF94715

.text C:\WINNT\system32\services.exe[228] ntdll.dll!NtCreateFile + 4 77F8F9BE 1 Byte [08]

.text C:\WINNT\system32\services.exe[228] ntdll.dll!NtQueryInformationProcess 77F93351 3 Bytes CALL 7FF947F2

.text C:\WINNT\system32\services.exe[228] ntdll.dll!NtQueryInformationProcess + 4 77F93355 1 Byte [08]

.text C:\WINNT\system32\services.exe[228] ntdll.dll!NtDeviceIoControlFile 77F950D4 5 Bytes CALL 7FF94A35

.text C:\WINNT\system32\services.exe[228] ntdll.dll!NtOpenFile 77F95337 5 Bytes CALL 7FF9479A

.text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.reloc C:\WINNT\Explorer.EXE[1112] C:\WINNT\Explorer.EXE section is executable [0x0043C000, 0x7000, 0xE0000060]

.reloc C:\WINNT\Explorer.EXE[1112] C:\WINNT\Explorer.EXE entry point in ".reloc" section [0x00442A0C]

.text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

.text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4

.text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715

.text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2

.text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35

.text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]

.text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A

.text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!LoadLibraryExA] [732E78DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WININET.dll [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WININET.dll [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WININET.dll [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\NDIS \Device\Ndis [F919F235] NDIS.sys[.reloc]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] 0

---- Files - GMER 1.0.15 ----

File C:\WINNT\system32\dllcache\ndis.sys (size mismatch) 200192/170656 bytes executable

File C:\WINNT\system32\drivers\ndis.sys (size mismatch) 200192/170656 bytes executable

File C:\WINNT\ServicePackFiles\i386\ndis.sys (size mismatch) 170928/170656 bytes executable

---- EOF - GMER 1.0.15 ----

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

LockSearch by jpshortstuff (05.11.09.1)

Log created at 17:26 on 17/01/2010 (sporteli)

Scanning C:\

C:\pagefile.sys

-------------------------

C:\WINNT\system32\12520437y.exe

-------------------------

C:\WINNT\system32\12520437y.exe [unable to get md5 : 80384 bytes]

-=E.O.F=-

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Link to post
Share on other sites

Hi,

Download Combofix from any of the links below but rename it to <schrauber> before saving it to your desktop.

Link 1

Link 2

--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.

ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link to post
Share on other sites

SCHRAUBER I GET AN ERROR TABLE:

!!ALERT!!

IT IS NOT SAFE TO CONTINUE.

THE CONTENTS OF THE COMBOFIX HAS BEEN COMPROMISED!

NOTE:YOU MAY BE INFECTED WITH A FILE PATCHING VIRUS "VIRUT"

AND I GET ANOTHER TABLE WHEN THEY SAY THAT THE MEMORY COULD NOT BE WRITTEN AD COULD NOT BE READ!

(2 ERROR WINDOWS)

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...