Browser searches redirecting to god knows where. HJT/dds.txt/ark.txt files.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

limac

Thread Starter
Joined
Nov 20, 2011
Messages
5
As the title suggests, the usual, search engines redirecting and svchost.exe running ~40% when running some programs.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows XP Professional, Service Pack 2, 32 bit
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+, x86 Family 15 Model 75 Stepping 2
Processor Count: 2
RAM: 2046 Mb
Graphics Card: NVIDIA GeForce 8600 GTS, 256 Mb
Hard Drives: C: Total - 131061 MB, Free - 1869 MB; H: Total - 152625 MB, Free - 21681 MB;
Motherboard: ASUSTeK Computer INC., M2N-E SLI
Antivirus: None


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:11:01 PM, on 11/21/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Li Mclaren\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2670199
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll
R3 - URLSearchHook: Free Lunch Design TB Toolbar - {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - C:\Program Files\Free_Lunch_Design_TB\prxtbFree.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Free Lunch Design TB - {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - C:\Program Files\Free_Lunch_Design_TB\prxtbFree.dll (file missing)
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Free Lunch Design TB Toolbar - {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - C:\Program Files\Free_Lunch_Design_TB\prxtbFree.dll (file missing)
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIANgBGAEUAOQAtAEYARgBQADYANAAtAFQAOAA0AE0AUgAtAE8ARwBXAFQAVgAtADcARQBNAEIAUgA"&"inst=NwA2AC0ANQAwADkAOAAxADcAMwA5ADAALQBEADMAOAAxAEwAKwA1AC0AWABPADMANgArADEALQBUAEIAOQArADIALQBOADEARAArADEALQBQAEwAKwA5AC0ARABEAFQAKwAyADUAOQA2ADEALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAA"&"prod=52"&"ver=9.0.894
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Akamai\netsession_win.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.88,85.255.112.236
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

--
End of file - 9393 bytes



.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180
Run by Li Mclaren at 15:13:37 on 2011-11-21
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.997 [GMT 10:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Li Mclaren\Desktop\HijackThis.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2670199
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
uURLSearchHooks: Free Lunch Design TB Toolbar: {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - c:\program files\free_lunch_design_tb\prxtbFree.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Free Lunch Design TB Toolbar: {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - c:\program files\free_lunch_design_tb\prxtbFree.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuz0.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Free Lunch Design TB Toolbar: {a5ae8924-4036-420f-b7f6-a47e4b8f692e} - c:\program files\free_lunch_design_tb\prxtbFree.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [Google Update] "c:\documents and settings\li mclaren\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] c:\documents and settings\li mclaren\local settings\application data\akamai\netsession_win.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OABNAEUASAAtAFIANgBGAEUAOQAtAEYARgBQADYANAAtAFQAOAA0AE0AUgAtAE8ARwBXAFQAVgAtADcARQBNAEIAUgA"&"inst=NwA2AC0ANQAwADkAOAAxADcAMwA5ADAALQBEADMAOAAxAEwAKwA1AC0AWABPADMANgArADEALQBUAEIAOQArADIALQBOADEARAArADEALQBQAEwAKwA5AC0ARABEAFQAKwAyADUAOQA2ADEALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAA"&"prod=52"&"ver=9.0.894
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4D7F8084-AC08-4316-9E30-7E13B4B2FC56} : DhcpNameServer = 192.168.1.254
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-11-16 239168]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-10-19 2253120]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-10-29 14856]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-11-21 41272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 gkmixern;gkmixern;\??\c:\docume~1\limcla~1\locals~1\temp\gkmixern.sys --> c:\docume~1\limcla~1\locals~1\temp\gkmixern.sys [?]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-7-10 18432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2008-6-19 2560]
.
=============== Created Last 30 ================
.
2011-11-21 05:00:58 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-11-18 03:17:12 54016 ----a-w- c:\windows\system32\drivers\triicgp.sys
2011-11-17 01:10:23 -------- d-----w- C:\fixwareout
2011-11-16 13:59:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-11-16 13:59:21 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-11-16 13:05:08 239168 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-11-16 13:04:55 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-11-16 09:45:03 -------- d-sh--w- c:\documents and settings\li mclaren\local settings\application data\6704923e
2011-11-16 09:37:29 -------- d-----w- c:\documents and settings\li mclaren\local settings\application data\Xilisoft
2011-11-16 09:37:27 -------- d-----w- c:\documents and settings\li mclaren\application data\Xilisoft
2011-11-16 09:36:44 -------- d-----w- c:\program files\Xilisoft
2011-11-16 09:36:44 -------- d-----w- c:\documents and settings\all users\application data\Xilisoft
2011-11-11 03:26:06 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin
2011-11-11 03:26:06 446464 ----a-w- c:\windows\system32\nvunrm.exe
2011-11-10 15:50:38 -------- d-----w- c:\documents and settings\li mclaren\local settings\application data\Skyrim
2011-11-10 15:17:14 -------- d-----w- C:\Phoenix
2011-11-10 15:02:24 -------- d-----w- c:\documents and settings\li mclaren\local settings\application data\DownloadHQ
2011-11-09 21:05:53 -------- d-----w- c:\documents and settings\li mclaren\local settings\application data\Akamai
2011-11-07 08:34:36 -------- d-----w- c:\program files\common files\Akamai
2011-11-06 14:45:46 -------- d-----w- c:\documents and settings\li mclaren\application data\Need for Speed World
2011-11-06 07:04:24 -------- d-----w- c:\documents and settings\li mclaren\local settings\application data\Electronic_Arts_Inc
2011-11-04 07:13:15 -------- d-----w- c:\documents and settings\li mclaren\application data\fltk.org
2011-10-31 06:08:22 -------- d-----w- c:\documents and settings\li mclaren\application data\Bioshock2
2011-10-31 06:01:07 -------- d-sh--w- c:\documents and settings\all users\application data\SecuROM
2011-10-31 05:57:38 -------- d-----w- C:\36f5d95dd494e0d6b19797aabde1de
2011-10-31 05:52:28 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2011-10-29 02:17:33 -------- d-----w- c:\documents and settings\li mclaren\application data\PunkBuster
2011-10-29 02:00:57 -------- d-----w- c:\documents and settings\li mclaren\application data\DAEMON Tools Lite
2011-10-29 02:00:54 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
2011-10-29 01:53:26 14856 ----a-w- c:\windows\system32\drivers\LGVirHid.sys
2011-10-28 11:49:46 -------- d-----w- c:\program files\PowerISO
2011-10-24 12:33:03 -------- d-----w- c:\program files\Games
.
==================== Find3M ====================
.
2011-11-20 15:35:16 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-11-12 16:12:15 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-11-12 16:12:08 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-11-10 16:10:47 285176 ----a-w- c:\windows\system32\nvdrsdb0.bin
2011-11-10 16:10:47 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-11-10 16:10:38 285176 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-10-28 09:50:07 428088 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-10-17 17:38:37 849 --sha-w- c:\windows\system32\mmf.sys
2011-08-31 07:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 13:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 13:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 13:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 13:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-26 10:50:51 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-08-26 10:50:51 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0
.
============= FINISH: 15:15:36.92 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-22 02:03:46
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3250824A rev.3.AAH
Running: f8lq88cg.exe; Driver: C:\DOCUME~1\LIMCLA~1\LOCALS~1\Temp\pxtdapob.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xB7ED4FA0]
SSDT sptd.sys ZwEnumerateKey [0xB7F08698]
SSDT sptd.sys ZwEnumerateValueKey [0xB7F08A26]
SSDT sptd.sys ZwOpenKey [0xB7ED4F80]
SSDT sptd.sys ZwQueryKey [0xB7F08AFE]
SSDT sptd.sys ZwQueryValueKey [0xB7F0897E]
SSDT sptd.sys ZwSetValueKey [0xB7F08B90]

INT 0x62 ? 8AD88CB8
INT 0x63 ? 8ADD0CB8
INT 0x73 ? 8ADD0CB8
INT 0x82 ? 8AD88CB8
INT 0xA4 ? 8AC94CB8

---- Kernel code sections - GMER 1.0.15 ----

.text sptd.sys B7E98000 28 Bytes [30, 48, 6E, 80, A4, 9B, 6E, ...]
.text sptd.sys B7E9801D 3 Bytes [49, 6E, 80]
.text sptd.sys B7E98024 164 Bytes [6E, 42, 53, 80, 68, A9, 54, ...]
.text sptd.sys B7E980C9 259 Bytes [88, 53, 80, A0, 8A, 53, 80, ...]
.text sptd.sys B7E981D4 4 Bytes [27, 39, 4F, 4E] {DAA ; CMP [EDI+0x4e], ECX}
.text ...
.sptd2 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd2" section [0xB7F441AA]
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload B7BDF62C 5 Bytes JMP 8AC941C8
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6E5F380, 0x8D6CD5, 0xE8000020]
.PAGE1 C:\WINDOWS\System32\drivers\afd.sys unknown last section [0xB2826B00, 0x100, 0xC0000040]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB0DBB300, 0x3AF78, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB83E0300, 0x1BCE, 0xE8000020]
? C:\DOCUME~1\LIMCLA~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F49C
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F530
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F6BD
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1080] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!TrackPopupMenu 77D94F16 5 Bytes JMP 013D4320 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Vuze_Remote\tbVuz0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2676] USER32.dll!TrackPopupMenuEx 77D9CAFE 5 Bytes JMP 013D4480 C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Vuze_Remote\tbVuz0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe[4064] kernel32.dll!CreateThread + 1A 7C810849 4 Bytes CALL 02ACA939 C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll
.text C:\WINDOWS\system32\svchost.exe[4728] USER32.dll!DialogBoxIndirectParamAorW 77D56896 5 Bytes [33, C0, C2, 18, 00] {XOR EAX, EAX; RET 0x18}
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F49C
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F530
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F6BD
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5564] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F49C
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F530
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F6BD
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5988] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AD861E8
Device \FileSystem\Fastfat \FatCdrom 87F091E8
Device \Driver\usbohci \Device\USBPDO-0 8AC931E8
Device \Driver\usbehci \Device\USBPDO-1 8AD1B1E8
Device \Driver\Cdrom \Device\CdRom0 8AD171E8
Device \Driver\atapi \Device\Ide\IdePort0 8AD881E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8AD881E8
Device \Driver\atapi \Device\Ide\IdePort1 8AD881E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8AD881E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 8AD881E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 8AD881E8
Device \Driver\Cdrom \Device\CdRom1 8AD171E8
Device \Driver\Cdrom \Device\CdRom2 8AD171E8
Device \Driver\Cdrom \Device\CdRom3 8AD171E8
Device \Driver\dtsoftbus01 \Device\00000075 8ABC2430
Device \Driver\Cdrom \Device\CdRom4 8AD171E8
Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl 8ABC2430
Device \Driver\NetBT \Device\NetBt_Wins_Export 89AE21E8
Device \Driver\PCI_PNP8698 \Device\0000004b sptd.sys
Device \Driver\PCI_PNP8698 \Device\0000004b sptd.sys
Device \Driver\NetBT \Device\NetbiosSmb 89AE21E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{4D7F8084-AC08-4316-9E30-7E13B4B2FC56} 89AE21E8
Device \Driver\usbohci \Device\USBFDO-0 8AC931E8
Device \Driver\usbehci \Device\USBFDO-1 8AD1B1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89AB31E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89AB31E8
Device \Driver\iviVD \Device\Scsi\iviVD1 8ADCC1E8
Device \Driver\ayipnqtw \Device\Scsi\ayipnqtw1 8ACC5430
Device \Driver\nvgts \Device\Scsi\nvgts1 8AD871E8
Device \Driver\nvgts \Device\Scsi\nvgts2 8AD871E8
Device \Driver\ayipnqtw \Device\Scsi\ayipnqtw1Port5Path0Target0Lun0 8ACC5430
Device \Driver\iviVD \Device\Scsi\iviVD1Port0Path0Target0Lun0 8ADCC1E8
Device \FileSystem\Fastfat \Fat 87F091E8

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 89A961E8

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) B6DC0000-B6DC9000 (36864 bytes)
Module (noname) (*** hidden *** ) B8188000-B8196000 (57344 bytes)

---- Threads - GMER 1.0.15 ----

Thread System [4:604] B6DC43E0
Thread System [4:608] B6DC43E0
Thread System [4:612] 89AC6330
Thread System [4:616] 89AC6330

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\[email protected] 0x33 0x17 0xC8 0x0D ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3A 0x43 0xF7 0xEE ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA0 0x09 0x81 0x16 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x33 0x17 0xC8 0x0D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3A 0x43 0xF7 0xEE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA0 0x09 0x81 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x33 0x17 0xC8 0x0D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3A 0x43 0xF7 0xEE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x37 0x36 0x08 0x71 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet004\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet004\Services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet004\Services\[email protected] \systemroot\system32\drivers\ESQULwbbwcbxpidjtflyholxfgualduhgfwby.sys
Reg HKLM\SYSTEM\ControlSet004\Services\[email protected] file system
Reg HKLM\SYSTEM\ControlSet004\Services\ESQULserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\ESQULserv.sys\[email protected] \\?\globalroot\systemroot\system32\drivers\ESQULwbbwcbxpidjtflyholxfgualduhgfwby.sys
Reg HKLM\SYSTEM\ControlSet004\Services\ESQULserv.sys\[email protected] \\?\globalroot\systemroot\system32\ESQULlntfwiusxngdckbswfctfcevkahdgbpa.dll
Reg HKLM\SYSTEM\ControlSet004\Services\ESQULserv.sys\[email protected] \\?\globalroot\systemroot\system32\ESQULxhxomaffkgnyxvskmionkrylkhxfigbc.dll
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C[email protected] 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\[email protected] 0x33 0x17 0xC8 0x0D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3A 0x43 0xF7 0xEE ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x2E 0x7B 0x13 0x1F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 0x33 0x17 0xC8 0x0D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3A 0x43 0xF7 0xEE ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x2E 0x7B 0x13 0x1F ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\[email protected] 0x33 0x17 0xC8 0x0D ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3A 0x43 0xF7 0xEE ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x2E 0x7B 0x13 0x1F ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\[email protected] 0x33 0x17 0xC8 0x0D ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3A 0x43 0xF7 0xEE ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x2E 0x7B 0x13 0x1F ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\[email protected] 0x33 0x17 0xC8 0x0D ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3A 0x43 0xF7 0xEE ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x2E 0x7B 0x13 0x1F ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\[email protected] 0x33 0x17 0xC8 0x0D ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3A 0x43 0xF7 0xEE ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xA8 0xA2 0x59 0x88 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\[email protected] 0x33 0x17 0xC8 0x0D ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x3C 0xEC 0xCF 0x1C ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xB4 0x66 0x65 0x1A ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x79 0xE0 0xA7 0x52 ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x28 0xC8 0x8F 0x7C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x5A 0x3C 0xB8 0x19 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x6C 0x93 0x15 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xA1 0x9C 0x67 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x37 0xF5 0xD1 0x4D ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\[email protected] 0x5A 0x3C 0xB8 0x19 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x6C 0x93 0x15 0x9A ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xA1 0x9C 0x67 0x2D ...
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet012\Services\sptd\Cfg\[email protected] 0x37 0xF5 0xD1 0x4D ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8DI3KL2F\imp[14].com%2F&r=1 847 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8DI3KL2F\imp[15].com%2F&r=1 844 bytes
File C:\WINDOWS\$NtUninstallKB2757$\1728352830 0 bytes
File C:\WINDOWS\$NtUninstallKB2757$\1728352830\@ 2048 bytes
File C:\WINDOWS\$NtUninstallKB2757$\1728352830\L 0 bytes
File C:\WINDOWS\$NtUninstallKB2757$\1728352830\L\ooockaaq 138496 bytes
File C:\WINDOWS\$NtUninstallKB2757$\1728352830\loader.tlb 2632 bytes
File C:\WINDOWS\$NtUninstallKB2757$\1728352830\U 0 bytes
File C:\WINDOWS\$NtUninstallKB2757$\1728352830\U\@00000001 45968 bytes
File C:\WINDOWS\$NtUninstallKB2757$\1728352830\U\@000000c0 3072 bytes
File C:\WINDOWS\$NtUninstallKB2757$\1728352830\U\@000000cb 3072 bytes
File C:\WINDOWS\$NtUninstallKB2757$\1728352830\U\@000000cf 1536 bytes
File C:\WINDOWS\$NtUninstallKB2757$\1728352830\U\@80000000 23040 bytes
File C:\WINDOWS\$NtUninstallKB2757$\1728352830\U\@800000c0 32768 bytes
File C:\WINDOWS\$NtUninstallKB2757$\1728352830\U\@800000cb 24064 bytes
File C:\WINDOWS\$NtUninstallKB2757$\1728352830\U\@800000cf 31744 bytes
File C:\WINDOWS\$NtUninstallKB2757$\3579382902 0 bytes

---- EOF - GMER 1.0.15 ----
 

Attachments

limac

Thread Starter
Joined
Nov 20, 2011
Messages
5
also got a "gmer has found system modification casued by rootikit activity" message after gmer had finished.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,310
Why has Windows XP SP2 not been upgraded to SP3(which was released over 3 years ago)?

Why is there not any full-time antivirus program installed and running?

Google Chrome is your primary browser?

-------------------------------------------------------

Start HiJackThis, but don't run a scan.

Click on the "Open The Misc Tools Section" button.

Click on the "Open Uninstall Manager" button.

Click on the "Save List" button.

Save the "uninstall_list.txt" file somewhere.

It'll then open in Notepad.

Return here to your thread, then copy-and-paste the entire file here.

---------------------------------------------------------

A gold/blue shield member will need to assist you with your DDS and GMER logs because I'm not trained and authorized to do it.

---------------------------------------------------------
 

limac

Thread Starter
Joined
Nov 20, 2011
Messages
5
32 Bit HP CIO Components Installer
AC3Filter (remove only)
Adobe Acrobat 4.0
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Media Player
Adobe Reader 8.3.1
Adobe Shockwave Player 11
Akamai NetSession Interface Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BioShock 2
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
CCleaner
C-Media 6501 Sound
Counter-Strike: Source
DAEMON Tools Lite
DeathSpank: Thongs of Virtue
DEVIL MAY CRY 4
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Driver Updater Pro
Driver Updater Pro
DVD43 v4.4.0
ESET Online Scanner v3
Fraps (remove only)
Hotfix for Windows XP (KB916089)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB958655-v2)
iTunes
Java(TM) 6 Update 2
Java(TM) 6 Update 26
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Junk Mail filter update
Logitech GamePanel Software 3.06.109
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
Magic DVD Ripper V5.4
Malwarebytes' Anti-Malware version 1.51.2.1300
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
MSN
MSVCRT
MSXML 6.0 Parser (KB925673)
Need for Speed™ ProStreet
Need For Speed™ World
neroxml
Notepad++
NVIDIA Drivers
NVIDIA Graphics Driver 285.58
NVIDIA nView 135.95
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Update 1.5.20
OpenAL
OpenOffice.org 2.4
PFPortChecker 1.0.31
Phun beta 3.12
Project64 1.6
Prototype(TM)
PunkBuster Services
QuickTime
Safari
ScummVM 0.11.1
Segoe UI
Skype™ 5.3
Spybot - Search & Destroy
Steam
StuffPlug 3
System Requirements Lab CYRI
Team Fortress 2
Tortun 0.8
Ubisoft Game Launcher
VLC media player 1.0.0
Vuze
Vuze Remote Toolbar
WinAVI Video Converter
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Presentation Foundation
WinRAR archiver
Xilisoft AVI to DVD Converter 6
XP Codec Pack

Yep google is my default browser.

As for sp3, I have a dodgy copy of windows so I don't think I got the updates. And I've never known what antivirus to run fulltime. I do scans with mbam and ccleaner every now and then.

Thats ok, I appreciate your reply all the same. Look forward to hearing a reply from you guys.


Thanks


LiMac
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
83,310
As for sp3, I have a dodgy copy of windows so I don't think I got the updates.
Can you be more specific about this comment?

--------------------------------------------------------
 

limac

Thread Starter
Joined
Nov 20, 2011
Messages
5
I'm fairly certain this copy is cracked, but I'm not sure because my dad set it all up originally.
 

valis

Moderator
Joined
Sep 24, 2004
Messages
78,206
I'm afraid that we cannot assist with cracked copies of software. Get a legal version of Windows, and I'm pretty sure that all of your troubles will cease.

closing thread.

thanks,

v
 

valis

Moderator
Joined
Sep 24, 2004
Messages
78,206
Please run the MGA Diagnostic Tool and post back the report it creates:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.
 

limac

Thread Starter
Joined
Nov 20, 2011
Messages
5
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Blocked VLK
Validation Code: 3
Cached Validation Code: N/A
Windows Product Key: *****-*****-6MPKT-FTM67-2FMWG
Windows Product Key Hash: 7NGC9t4TjuwGmWigU7V+FP7nBao=
Windows Product ID: 55274-646-9147304-23507
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.2.0.pro
ID: {FABFD8E3-9E38-4606-84B9-E1EBF8089465}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-b063_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Documents and Settings\Li Mclaren\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{FABFD8E3-9E38-4606-84B9-E1EBF8089465}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.2.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-2FMWG</PKey><PID>55274-646-9147304-23507</PID><PIDType>1</PIDType><SID>S-1-5-21-1645522239-682003330-839522115</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version>ASUS M2N-E SLI ACPI BIOS Revision 0801</Version><SMBIOSVersion major="2" minor="4"/><Date>20070425000000.000000+000</Date></BIOS><HWID>8DA7399701844C78</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>AUS Eastern Standard Time(GMT+10:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: no
Marker string from BIOS: N/A
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
 

valis

Moderator
Joined
Sep 24, 2004
Messages
78,206
Afraid that is not a valid Windows version. You will need to get a valid OS install disk.
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,249
Reclosing thread since we don't assist with non-genuine operating systems.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top