1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Browser searches redirecting to god knows where. HJT/dds.txt/ark.txt files.

Discussion in 'Virus & Other Malware Removal' started by limac, Nov 21, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. limac

    limac Thread Starter

    Joined:
    Nov 20, 2011
    Messages:
    5
    As the title suggests, the usual, search engines redirecting and svchost.exe running ~40% when running some programs.

    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft Windows XP Professional, Service Pack 2, 32 bit
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+, x86 Family 15 Model 75 Stepping 2
    Processor Count: 2
    RAM: 2046 Mb
    Graphics Card: NVIDIA GeForce 8600 GTS, 256 Mb
    Hard Drives: C: Total - 131061 MB, Free - 1869 MB; H: Total - 152625 MB, Free - 21681 MB;
    Motherboard: ASUSTeK Computer INC., M2N-E SLI
    Antivirus: None


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:11:01 PM, on 11/21/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\Program Files\Steam\Steam.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Documents and Settings\Li Mclaren\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2670199
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
    R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll
    R3 - URLSearchHook: Free Lunch Design TB Toolbar - {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - C:\Program Files\Free_Lunch_Design_TB\prxtbFree.dll (file missing)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Free Lunch Design TB - {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - C:\Program Files\Free_Lunch_Design_TB\prxtbFree.dll (file missing)
    O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
    O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll
    O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
    O3 - Toolbar: Free Lunch Design TB Toolbar - {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - C:\Program Files\Free_Lunch_Design_TB\prxtbFree.dll (file missing)
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
    O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
    O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
    O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIANgBGAEUAOQAtAEYARgBQADYANAAtAFQAOAA0AE0AUgAtAE8ARwBXAFQAVgAtADcARQBNAEIAUgA"&"inst=NwA2AC0ANQAwADkAOAAxADcAMwA5ADAALQBEADMAOAAxAEwAKwA1AC0AWABPADMANgArADEALQBUAEIAOQArADIALQBOADEARAArADEALQBQAEwAKwA5AC0ARABEAFQAKwAyADUAOQA2ADEALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAA"&"prod=52"&"ver=9.0.894
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Akamai\netsession_win.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
    O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.88,85.255.112.236
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

    --
    End of file - 9393 bytes



    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 6.0.2900.2180
    Run by Li Mclaren at 15:13:37 on 2011-11-21
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.997 [GMT 10:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
    C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
    C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\WINDOWS\System32\svchost.exe -k Akamai
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\iTunes\iTunes.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
    C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Akamai\netsession_win.exe
    C:\Program Files\Steam\Steam.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Documents and Settings\Li Mclaren\Desktop\HijackThis.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2670199
    uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
    uURLSearchHooks: Free Lunch Design TB Toolbar: {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - c:\program files\free_lunch_design_tb\prxtbFree.dll
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    mURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Free Lunch Design TB Toolbar: {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - c:\program files\free_lunch_design_tb\prxtbFree.dll
    BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
    TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
    TB: Free Lunch Design TB Toolbar: {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - c:\program files\free_lunch_design_tb\prxtbFree.dll
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    uRun: [Google Update] "c:\documents and settings\li mclaren\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Akamai NetSession Interface] c:\documents and settings\li mclaren\local settings\application data\akamai\netsession_win.exe
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
    mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
    mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIANgBGAEUAOQAtAEYARgBQADYANAAtAFQAOAA0AE0AUgAtAE8ARwBXAFQAVgAtADcARQBNAEIAUgA"&"inst=NwA2AC0ANQAwADkAOAAxADcAMwA5ADAALQBEADMAOAAxAEwAKwA1AC0AWABPADMANgArADEALQBUAEIAOQArADIALQBOADEARAArADEALQBQAEwAKwA5AC0ARABEAFQAKwAyADUAOQA2ADEALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAA"&"prod=52"&"ver=9.0.894
    IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
    LSP: mswsock.dll
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{4D7F8084-AC08-4316-9E30-7E13B4B2FC56} : DhcpNameServer = 192.168.1.254
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-11-16 239168]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-10-19 2253120]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-10-29 14856]
    R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-11-21 41272]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 gkmixern;gkmixern;\??\c:\docume~1\limcla~1\locals~1\temp\gkmixern.sys --> c:\docume~1\limcla~1\locals~1\temp\gkmixern.sys [?]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-7-10 18432]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2008-6-19 2560]
    .
    =============== Created Last 30 ================
    .
    2011-11-21 05:00:58 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-11-18 03:17:12 54016 ----a-w- c:\windows\system32\drivers\triicgp.sys
    2011-11-17 01:10:23 -------- d-----w- C:\fixwareout
    2011-11-16 13:59:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-11-16 13:59:21 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
    2011-11-16 13:05:08 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-11-16 13:04:55 -------- d-----w- c:\program files\DAEMON Tools Lite
    2011-11-16 09:45:03 -------- d-sh--w- c:\documents and settings\li mclaren\local settings\application data\6704923e
    2011-11-16 09:37:29 -------- d-----w- c:\documents and settings\li mclaren\local settings\application data\Xilisoft
    2011-11-16 09:37:27 -------- d-----w- c:\documents and settings\li mclaren\application data\Xilisoft
    2011-11-16 09:36:44 -------- d-----w- c:\program files\Xilisoft
    2011-11-16 09:36:44 -------- d-----w- c:\documents and settings\all users\application data\Xilisoft
    2011-11-11 03:26:06 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
    2011-11-11 03:26:06 446464 ----a-w- c:\windows\system32\nvunrm.exe
    2011-11-10 15:50:38 -------- d-----w- c:\documents and settings\li mclaren\local settings\application data\Skyrim
    2011-11-10 15:17:14 -------- d-----w- C:\Phoenix
    2011-11-10 15:02:24 -------- d-----w- c:\documents and settings\li mclaren\local settings\application data\DownloadHQ
    2011-11-09 21:05:53 -------- d-----w- c:\documents and settings\li mclaren\local settings\application data\Akamai
    2011-11-07 08:34:36 -------- d-----w- c:\program files\common files\Akamai
    2011-11-06 14:45:46 -------- d-----w- c:\documents and settings\li mclaren\application data\Need for Speed World
    2011-11-06 07:04:24 -------- d-----w- c:\documents and settings\li mclaren\local settings\application data\Electronic_Arts_Inc
    2011-11-04 07:13:15 -------- d-----w- c:\documents and settings\li mclaren\application data\fltk.org
    2011-10-31 06:08:22 -------- d-----w- c:\documents and settings\li mclaren\application data\Bioshock2
    2011-10-31 06:01:07 -------- d-sh--w- c:\documents and settings\all users\application data\SecuROM
    2011-10-31 05:57:38 -------- d-----w- C:\36f5d95dd494e0d6b19797aabde1de
    2011-10-31 05:52:28 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2011-10-29 02:17:33 -------- d-----w- c:\documents and settings\li mclaren\application data\PunkBuster
    2011-10-29 02:00:57 -------- d-----w- c:\documents and settings\li mclaren\application data\DAEMON Tools Lite
    2011-10-29 02:00:54 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
    2011-10-29 01:53:26 14856 ----a-w- c:\windows\system32\drivers\LGVirHid.sys
    2011-10-28 11:49:46 -------- d-----w- c:\program files\PowerISO
    2011-10-24 12:33:03 -------- d-----w- c:\program files\Games
    .
    ==================== Find3M ====================
    .
    2011-11-20 15:35:16 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
    2011-11-12 16:12:15 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2011-11-12 16:12:08 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
    2011-11-10 16:10:47 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2011-11-10 16:10:47 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2011-11-10 16:10:38 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin
    2011-10-28 09:50:07 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
    2011-10-17 17:38:37 849 --sha-w- c:\windows\system32\mmf.sys
    2011-08-31 07:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-30 13:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
    2011-08-30 13:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
    2011-08-30 13:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
    2011-08-30 13:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
    2011-08-26 10:50:51 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2011-08-26 10:50:51 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
    .
    ============= FINISH: 15:15:36.92 ===============

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-22 02:03:46
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3250824A rev.3.AAH
    Running: f8lq88cg.exe; Driver: C:\DOCUME~1\LIMCLA~1\LOCALS~1\Temp\pxtdapob.sys


    ---- System - GMER 1.0.15 ----

    SSDT sptd.sys ZwCreateKey [0xB7ED4FA0]
    SSDT sptd.sys ZwEnumerateKey [0xB7F08698]
    SSDT sptd.sys ZwEnumerateValueKey [0xB7F08A26]
    SSDT sptd.sys ZwOpenKey [0xB7ED4F80]
    SSDT sptd.sys ZwQueryKey [0xB7F08AFE]
    SSDT sptd.sys ZwQueryValueKey [0xB7F0897E]
    SSDT sptd.sys ZwSetValueKey [0xB7F08B90]

    INT 0x62 ? 8AD88CB8
    INT 0x63 ? 8ADD0CB8
    INT 0x73 ? 8ADD0CB8
    INT 0x82 ? 8AD88CB8
    INT 0xA4 ? 8AC94CB8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text sptd.sys B7E98000 28 Bytes [30, 48, 6E, 80, A4, 9B, 6E, ...]
    .text sptd.sys B7E9801D 3 Bytes [49, 6E, 80]
    .text sptd.sys B7E98024 164 Bytes [6E, 42, 53, 80, 68, A9, 54, ...]
    .text sptd.sys B7E980C9 259 Bytes [88, 53, 80, A0, 8A, 53, 80, ...]
    .text sptd.sys B7E981D4 4 Bytes [27, 39, 4F, 4E] {DAA ; CMP [EDI+0x4e], ECX}
    .text ...
    .sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB7F441AA]
    ? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
    .text USBPORT.SYS!DllUnload B7BDF62C 5 Bytes JMP 8AC941C8
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6E5F380, 0x8D6CD5, 0xE8000020]
    .PAGE1 C:\WINDOWS\System32\drivers\afd.sys unknown last section [0xB2826B00, 0x100, 0xC0000040]
    .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB0DBB300, 0x3AF78, 0xE8000020]
    .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB83E0300, 0x1BCE, 0xE8000020]
    ? C:\DOCUME~1\LIMCLA~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F49C
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F530
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F6BD
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!TrackPopupMenu 77D94F16 5 Bytes JMP 013D4320 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Vuze_Remote\tbVuz0.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!TrackPopupMenuEx 77D9CAFE 5 Bytes JMP 013D4480 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Vuze_Remote\tbVuz0.dll (Conduit Toolbar/Conduit Ltd.)
    .text C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe[4064] kernel32.dll!CreateThread + 1A 7C810849 4 Bytes CALL 02ACA939 C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll
    .text C:\WINDOWS\system32\svchost.exe[4728] USER32.dll!DialogBoxIndirectParamAorW 77D56896 5 Bytes [33, C0, C2, 18, 00] {XOR EAX, EAX; RET 0x18}
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F49C
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F530
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F6BD
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F49C
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F530
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F6BD
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 17, 00]
    .text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 8AD861E8
    Device \FileSystem\Fastfat \FatCdrom 87F091E8
    Device \Driver\usbohci \Device\USBPDO-0 8AC931E8
    Device \Driver\usbehci \Device\USBPDO-1 8AD1B1E8
    Device \Driver\Cdrom \Device\CdRom0 8AD171E8
    Device \Driver\atapi \Device\Ide\IdePort0 8AD881E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8AD881E8
    Device \Driver\atapi \Device\Ide\IdePort1 8AD881E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8AD881E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 8AD881E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 8AD881E8
    Device \Driver\Cdrom \Device\CdRom1 8AD171E8
    Device \Driver\Cdrom \Device\CdRom2 8AD171E8
    Device \Driver\Cdrom \Device\CdRom3 8AD171E8
    Device \Driver\dtsoftbus01 \Device\00000075 8ABC2430
    Device \Driver\Cdrom \Device\CdRom4 8AD171E8
    Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl 8ABC2430
    Device \Driver\NetBT \Device\NetBt_Wins_Export 89AE21E8
    Device \Driver\PCI_PNP8698 \Device\0000004b sptd.sys
    Device \Driver\PCI_PNP8698 \Device\0000004b sptd.sys
    Device \Driver\NetBT \Device\NetbiosSmb 89AE21E8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{4D7F8084-AC08-4316-9E30-7E13B4B2FC56} 89AE21E8
    Device \Driver\usbohci \Device\USBFDO-0 8AC931E8
    Device \Driver\usbehci \Device\USBFDO-1 8AD1B1E8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89AB31E8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 89AB31E8
    Device \Driver\iviVD \Device\Scsi\iviVD1 8ADCC1E8
    Device \Driver\ayipnqtw \Device\Scsi\ayipnqtw1 8ACC5430
    Device \Driver\nvgts \Device\Scsi\nvgts1 8AD871E8
    Device \Driver\nvgts \Device\Scsi\nvgts2 8AD871E8
    Device \Driver\ayipnqtw \Device\Scsi\ayipnqtw1Port5Path0Target0Lun0 8ACC5430
    Device \Driver\iviVD \Device\Scsi\iviVD1Port0Path0Target0Lun0 8ADCC1E8
    Device \FileSystem\Fastfat \Fat 87F091E8

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs 89A961E8

    ---- Modules - GMER 1.0.15 ----

    Module (noname) (*** hidden *** ) B6DC0000-B6DC9000 (36864 bytes)
    Module (noname) (*** hidden *** ) B8188000-B8196000 (57344 bytes)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:604] B6DC43E0
    Thread System [4:608] B6DC43E0
    Thread System [4:612] 89AC6330
    Thread System [4:616] 89AC6330

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0x33 0x17 0xC8 0x0D ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3A 0x43 0xF7 0xEE ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA0 0x09 0x81 0x16 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x33 0x17 0xC8 0x0D ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3A 0x43 0xF7 0xEE ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA0 0x09 0x81 0x16 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x33 0x17 0xC8 0x0D ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3A 0x43 0xF7 0xEE ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x37 0x36 0x08 0x71 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet004\Services\[email protected] 1
    Reg HKLM\SYSTEM\ControlSet004\Services\[email protected] 1
    Reg HKLM\SYSTEM\ControlSet004\Services\[email protected] \systemroot\system32\drivers\ESQULwbbwcbxpidjtflyholxfgualduhgfwby.sys
    Reg HKLM\SYSTEM\ControlSet004\Services\ESQULse[email protected] file system
    Reg HKLM\SYSTEM\ControlSet004\Services\ESQULserv.sys\modules (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\ESQULserv.sys\[email protected] \\?\globalroot\systemroot\system32\drivers\ESQULwbbwcbxpidjtflyholxfgualduhgfwby.sys
    Reg HKLM\SYSTEM\ControlSet004\Services\ESQULserv.sys\[email protected] \\?\globalroot\systemroot\system32\ESQULlntfwiusxngdckbswfctfcevkahdgbpa.dll
    Reg HKLM\SYSTEM\ControlSet004\Services\ESQULserv.sys\[email protected] \\?\globalroot\systemroot\system32\ESQULxhxomaffkgnyxvskmionkrylkhxfigbc.dll
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0x33 0x17 0xC8 0x0D ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3A 0x43 0xF7 0xEE ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x2E 0x7B 0x13 0x1F ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 0x33 0x17 0xC8 0x0D ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3A 0x43 0xF7 0xEE ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x2E 0x7B 0x13 0x1F ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\[email protected] 0x33 0x17 0xC8 0x0D ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3A 0x43 0xF7 0xEE ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x2E 0x7B 0x13 0x1F ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\[email protected] 0x33 0x17 0xC8 0x0D ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3A 0x43 0xF7 0xEE ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x2E 0x7B 0x13 0x1F ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\[email protected] 0x33 0x17 0xC8 0x0D ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3A 0x43 0xF7 0xEE ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x2E 0x7B 0x13 0x1F ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\[email protected] 0x33 0x17 0xC8 0x0D ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3A 0x43 0xF7 0xEE ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA8 0xA2 0x59 0x88 ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\[email protected] 0x33 0x17 0xC8 0x0D ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3C 0xEC 0xCF 0x1C ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xB4 0x66 0x65 0x1A ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x79 0xE0 0xA7 0x52 ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x5A 0x3C 0xB8 0x19 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x6C 0x93 0x15 0x9A ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xA1 0x9C 0x67 0x2D ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x37 0xF5 0xD1 0x4D ...
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\[email protected] 1
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\[email protected] 0x5A 0x3C 0xB8 0x19 ...
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x6C 0x93 0x15 0x9A ...
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xA1 0x9C 0x67 0x2D ...
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\[email protected] 0x37 0xF5 0xD1 0x4D ...

    ---- Files - GMER 1.0.15 ----

    File C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt 0 bytes
    File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8DI3KL2F\imp[14].com%2F&r=1 847 bytes
    File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8DI3KL2F\imp[15].com%2F&r=1 844 bytes
    File C:\WINDOWS\$NtUninstallKB2757$\1728352830 0 bytes
    File C:\WINDOWS\$NtUninstallKB2757$\1728352830\@ 2048 bytes
    File C:\WINDOWS\$NtUninstallKB2757$\1728352830\L 0 bytes
    File C:\WINDOWS\$NtUninstallKB2757$\1728352830\L\ooockaaq 138496 bytes
    File C:\WINDOWS\$NtUninstallKB2757$\1728352830\loader.tlb 2632 bytes
    File C:\WINDOWS\$NtUninstallKB2757$\1728352830\U 0 bytes
    File C:\WINDOWS\$NtUninstallKB2757$\1728352830\U\@00000001 45968 bytes
    File C:\WINDOWS\$NtUninstallKB2757$\1728352830\U\@000000c0 3072 bytes
    File C:\WINDOWS\$NtUninstallKB2757$\1728352830\U\@000000cb 3072 bytes
    File C:\WINDOWS\$NtUninstallKB2757$\1728352830\U\@000000cf 1536 bytes
    File C:\WINDOWS\$NtUninstallKB2757$\1728352830\U\@80000000 23040 bytes
    File C:\WINDOWS\$NtUninstallKB2757$\1728352830\U\@800000c0 32768 bytes
    File C:\WINDOWS\$NtUninstallKB2757$\1728352830\U\@800000cb 24064 bytes
    File C:\WINDOWS\$NtUninstallKB2757$\1728352830\U\@800000cf 31744 bytes
    File C:\WINDOWS\$NtUninstallKB2757$\3579382902 0 bytes

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. limac

    limac Thread Starter

    Joined:
    Nov 20, 2011
    Messages:
    5
    also got a "gmer has found system modification casued by rootikit activity" message after gmer had finished.
     
  3. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,922
    First Name:
    Frank
    Why has Windows XP SP2 not been upgraded to SP3(which was released over 3 years ago)?

    Why is there not any full-time antivirus program installed and running?

    Google Chrome is your primary browser?

    -------------------------------------------------------

    Start HiJackThis, but don't run a scan.

    Click on the "Open The Misc Tools Section" button.

    Click on the "Open Uninstall Manager" button.

    Click on the "Save List" button.

    Save the "uninstall_list.txt" file somewhere.

    It'll then open in Notepad.

    Return here to your thread, then copy-and-paste the entire file here.

    ---------------------------------------------------------

    A gold/blue shield member will need to assist you with your DDS and GMER logs because I'm not trained and authorized to do it.

    ---------------------------------------------------------
     
  4. limac

    limac Thread Starter

    Joined:
    Nov 20, 2011
    Messages:
    5
    32 Bit HP CIO Components Installer
    AC3Filter (remove only)
    Adobe Acrobat 4.0
    Adobe AIR
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Media Player
    Adobe Reader 8.3.1
    Adobe Shockwave Player 11
    Akamai NetSession Interface Service
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    BioShock 2
    Bonjour
    Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    CCleaner
    C-Media 6501 Sound
    Counter-Strike: Source
    DAEMON Tools Lite
    DeathSpank: Thongs of Virtue
    DEVIL MAY CRY 4
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    Driver Updater Pro
    Driver Updater Pro
    DVD43 v4.4.0
    ESET Online Scanner v3
    Fraps (remove only)
    Hotfix for Windows XP (KB916089)
    Hotfix for Windows XP (KB942288-v3)
    Hotfix for Windows XP (KB958655-v2)
    iTunes
    Java(TM) 6 Update 2
    Java(TM) 6 Update 26
    Java(TM) 6 Update 3
    Java(TM) 6 Update 4
    Java(TM) 6 Update 5
    Junk Mail filter update
    Logitech GamePanel Software 3.06.109
    Logitech QuickCam
    Logitech QuickCam Driver Package
    Logitech Updater
    Magic DVD Ripper V5.4
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Messenger Plus! Live
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile
    Microsoft Choice Guard
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft WSE 3.0 Runtime
    MSN
    MSVCRT
    MSXML 6.0 Parser (KB925673)
    Need for Speed™ ProStreet
    Need For Speed™ World
    neroxml
    Notepad++
    NVIDIA Drivers
    NVIDIA Graphics Driver 285.58
    NVIDIA nView 135.95
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.11.0621
    NVIDIA Update 1.5.20
    OpenAL
    OpenOffice.org 2.4
    PFPortChecker 1.0.31
    Phun beta 3.12
    Project64 1.6
    Prototype(TM)
    PunkBuster Services
    QuickTime
    Safari
    ScummVM 0.11.1
    Segoe UI
    Skype™ 5.3
    Spybot - Search & Destroy
    Steam
    StuffPlug 3
    System Requirements Lab CYRI
    Team Fortress 2
    Tortun 0.8
    Ubisoft Game Launcher
    VLC media player 1.0.0
    Vuze
    Vuze Remote Toolbar
    WinAVI Video Converter
    Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Presentation Foundation
    WinRAR archiver
    Xilisoft AVI to DVD Converter 6
    XP Codec Pack

    Yep google is my default browser.

    As for sp3, I have a dodgy copy of windows so I don't think I got the updates. And I've never known what antivirus to run fulltime. I do scans with mbam and ccleaner every now and then.

    Thats ok, I appreciate your reply all the same. Look forward to hearing a reply from you guys.


    Thanks


    LiMac
     
  5. flavallee

    flavallee Trusted Advisor

    Joined:
    May 12, 2002
    Messages:
    80,922
    First Name:
    Frank
    Can you be more specific about this comment?

    --------------------------------------------------------
     
  6. limac

    limac Thread Starter

    Joined:
    Nov 20, 2011
    Messages:
    5
    I'm fairly certain this copy is cracked, but I'm not sure because my dad set it all up originally.
     
  7. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,767
    I'm afraid that we cannot assist with cracked copies of software. Get a legal version of Windows, and I'm pretty sure that all of your troubles will cease.

    closing thread.

    thanks,

    v
     
  8. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,767
    re-opening for mga check.
     
  9. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,767
    Please run the MGA Diagnostic Tool and post back the report it creates:
    • Download MGADiag to your desktop.
    • Double-click on MGADiag.exe to launch the program
    • Click "Continue"
    • Ensure that the "Windows" tab is selected (it should be by default).
    • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
    • Paste the MGA Diagnostic Report back here in your next reply.
     
  10. limac

    limac Thread Starter

    Joined:
    Nov 20, 2011
    Messages:
    5
    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Blocked VLK
    Validation Code: 3
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-6MPKT-FTM67-2FMWG
    Windows Product Key Hash: 7NGC9t4TjuwGmWigU7V+FP7nBao=
    Windows Product ID: 55274-646-9147304-23507
    Windows Product ID Type: 1
    Windows License Type: Volume
    Windows OS version: 5.1.2600.2.00010100.2.0.pro
    ID: {FABFD8E3-9E38-4606-84B9-E1EBF8089465}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: N/A, hr = 0x80070002
    Signed By: N/A, hr = 0x80070002
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-b063_E2AD56EA-766-0_E2AD56EA-134-80004005
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    File Exists: No
    Version: N/A, hr = 0x80070002
    WgaTray.exe Signed By: N/A, hr = 0x80070002
    WgaLogon.dll Signed By: N/A, hr = 0x80070002

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: N/A, hr = 0x80070002
    OGAExec.exe Signed By: N/A, hr = 0x80070002
    OGAAddin.dll Signed By: N/A, hr = 0x80070002

    OGA Data-->
    Office Status: 109 N/A
    OGA Version: N/A, 0x80070002
    Signed By: N/A, hr = 0x80070002
    Office Diagnostics: 025D1FF3-230-1

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
    Default Browser: C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{FABFD8E3-9E38-4606-84B9-E1EBF8089465}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-2FMWG</PKey><PID>55274-646-9147304-23507</PID><PIDType>1</PIDType><SID>S-1-5-21-1645522239-682003330-839522115</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>ASUS M2N-E SLI ACPI BIOS Revision 0801</Version><SMBIOSVersion major="2" minor="4"/><Date>20070425000000.000000+000</Date></BIOS><HWID>8DA7399701844C78</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: no
    Marker string from BIOS: N/A
    Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

    OEM Activation 2.0 Data-->
    N/A
     
  11. valis

    valis Moderator

    Joined:
    Sep 24, 2004
    Messages:
    77,767
    Afraid that is not a valid Windows version. You will need to get a valid OS install disk.
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    115,843
    First Name:
    Karen
    Reclosing thread since we don't assist with non-genuine operating systems.
     
  13. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - Browser searches redirecting
  1. bj nick
    Replies:
    0
    Views:
    780
  2. Brigham
    Replies:
    1
    Views:
    635
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1027802

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice