1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hi-jack possibility -newbie - help appreciated.

Discussion in 'Virus & Other Malware Removal' started by grayflan, Jan 12, 2011.

Thread Status:
Not open for further replies.
  1. grayflan

    grayflan Thread Starter

    Joined:
    Jan 12, 2011
    Messages:
    2
    hi all,
    vista home premium, amd athlon x64 dual core 5000, 60gb HD with remote 500gb HD.

    not sure if i've been hi-jacked, but wifi keeps dropping signal on my home network (have 3 pc's and 1 in particular is troublesome).
    my IP is reporting all OK on its network etc.
    tried a new router and it does the same.
    wirelss dongle detects a rather suspicious "network" which has garbled wording as its I.D.

    hope i've uploaded info correctly and any assistance greatly appreciated, and, apologies if this is post is in wrong section or indeed turns out to be something of my own "dabbling".
    cheers.

    HiJack This Log
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:21:40, on 12/01/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18999)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Soluto\soluto.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\windows\vsnpstd2.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    G:\Programmes\Software\Software Downloads\HiJack This\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Windows\system32\DllHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: BGAntiphishingBHO - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll
    O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "G:\Programmes\Software\ITunes\iTunesHelper.exe"
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL BgGamingMonitor.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: BgRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
    O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
    O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe
    O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
    O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: WTService - Unknown owner - C:\Windows\system32\atwtusb.exe

    --
    End of file - 8123 bytes

    DDS Log
    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Flexaccom at 11:25:12.81 on 12/01/2011
    Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_20
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1791.613 [GMT 0:00]

    AV: BullGuard Antivirus *Enabled/Updated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
    SP: BullGuard Antispyware *Enabled/Updated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: BullGuard Firewall *Enabled* {68747E43-7A47-EA26-053F-CB84640E3E67}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\SvcHost.exe -k BullGuard_Main
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\System32\SvcHost.exe -k BullGuard_LowPriv
    C:\Windows\System32\SvcHost.exe -k BullGuard
    C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\fsproflt.exe
    C:\Windows\system32\IoctlSvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
    C:\Program Files\Soluto\SolutoService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Soluto\soluto.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\taskeng.exe
    C:\windows\vsnpstd2.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
    C:\Windows\system32\msiexec.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    G:\Programmes\Software\Software Downloads\HiJack This\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    G:\Flexaccom\Flexaccom System\Flexaccom\Downloads\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: BGAntiphishingBHO Class: {fc872b94-35e3-4b94-b028-184a2a1c7cce} - c:\program files\bullguard ltd\bullguard\antiphishing\ie\BGAntiphishingIEBHO.dll
    mRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\BullGuard.exe" -boot
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "g:\programmes\software\itunes\iTunesHelper.exe"
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - c:\program files\bullguard ltd\bullguard\antiphishing\ie\BGAntiphishingIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    AppInit_DLLs: c:\progra~1\google\go333c~1\GOEC62~1.DLL BgGamingMonitor.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    LSA: Authentication Packages = msv1_0 relog_ap
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\flexac~1\appdata\roaming\mozilla\firefox\profiles\h5z74suj.default\
    FF - component: c:\program files\bullguard ltd\bullguard\antiphishing\ff\[email protected]\components\BGFFComponent.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1441.4352\npCIDetect13.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: g:\programmes\software\itunes\mozilla plugins\npitunes.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: BullGuard Antiphishing Toolbar: [email protected] - c:\program files\bullguard ltd\bullguard\antiphishing\ff\[email protected]
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Xmarks: [email protected] - %profile%\extensions\[email protected]

    ============= SERVICES / DRIVERS ===============

    R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2009-10-11 43792]
    R1 afw;Agnitum Firewall Driver;c:\windows\system32\drivers\Afw.sys [2007-11-28 29208]
    R1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys [2010-3-12 58592]
    R2 BsBrowser;BullGuard antiphishing service;c:\windows\system32\SvcHost.exe -k BullGuard_LowPriv [2008-8-24 21504]
    R2 BsFileScan;BullGuard on-access service;c:\windows\system32\SvcHost.exe -k BullGuard [2008-8-24 21504]
    R2 BsFire;BullGuard firewall service;c:\windows\system32\SvcHost.exe -k BullGuard [2008-8-24 21504]
    R2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\system32\SvcHost.exe -k BullGuard [2008-8-24 21504]
    R2 BsMain;BullGuard main service;c:\windows\system32\SvcHost.exe -k BullGuard_Main [2008-8-24 21504]
    R2 BsUpdate;BullGuard update service;c:\program files\bullguard ltd\bullguard\BullGuardUpdate.exe [2010-9-22 355720]
    R2 Cubase32;Cubase32;c:\windows\system32\drivers\Cubase32.sys [2009-9-11 11808]
    R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-10-11 142648]
    R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]
    R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2010-10-12 330784]
    R3 AfwCore;Agnitum Firewall Core Driver;c:\windows\system32\drivers\AfwCore.sys [2008-11-13 318488]
    R3 BsScanner;BullGuard scanning service;c:\program files\bullguard ltd\bullguard\BullGuardScanner.exe [2010-3-3 305032]
    R3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [2010-9-7 29824]
    R3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\drivers\L6TPortA.sys [2010-9-7 579456]
    S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [2010-11-2 181704]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 BgRaSvc;BgRaSvc;c:\program files\bullguard ltd\bullguard\support\BgRaSvc.exe [2010-3-3 122760]
    S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2010-2-5 28048]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-24 21504]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-12-8 30192]
    S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-28 133104]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-2-21 16472]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]

    =============== Created Last 30 ================

    2011-01-12 11:16:32 388096 ----a-r- c:\users\flexac~1\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-01-07 14:49:27 292696 ----a-w- c:\windows\system32\XceedFtp.dll
    2011-01-07 14:49:22 -------- d-----w- c:\windows\OutlookBackupPro
    2011-01-07 14:49:22 -------- d-----w- c:\program files\OutlookBackupPro
    2011-01-07 12:13:25 -------- d-----w- c:\program files\Microsoft Analysis Services
    2011-01-06 11:24:53 -------- d-----w- c:\users\flexac~1\appdata\local\Apple Computer
    2011-01-06 11:24:31 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-01-06 11:24:31 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2011-01-06 11:23:06 -------- d-----w- c:\program files\iPod
    2010-12-23 15:05:01 -------- d-----w- c:\users\flexac~1\appdata\roaming\LimeWire
    2010-12-22 10:42:33 -------- d-----w- c:\program files\Belkin
    2010-12-22 09:48:10 -------- d-----w- c:\program files\BT VY1055
    2010-12-22 09:47:56 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
    2010-12-22 09:47:56 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
    2010-12-22 09:47:56 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
    2010-12-22 09:47:56 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
    2010-12-22 09:47:56 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
    2010-12-22 09:47:56 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
    2010-12-22 09:47:55 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
    2010-12-21 11:43:06 -------- d-----w- c:\users\flexac~1\appdata\roaming\zohocrm
    2010-12-20 13:49:33 -------- d-----w- c:\users\flexac~1\appdata\local\Microsoft Help
    2010-12-17 09:55:21 -------- d-----w- c:\progra~2\TAS
    2010-12-15 09:10:57 638232 ----a-w- c:\program files\internet explorer\iexplore.exe
    2010-12-15 09:10:52 515584 ----a-w- c:\program files\windows mail\wab.exe
    2010-12-15 09:10:51 66048 ----a-w- c:\program files\windows mail\wabmig.exe
    2010-12-15 09:10:51 33280 ----a-w- c:\program files\windows mail\wabfind.dll
    2010-12-15 09:10:46 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-12-15 09:10:42 72704 ----a-w- c:\windows\system32\fontsub.dll
    2010-12-15 09:10:42 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-12-15 09:10:42 292352 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-15 09:10:24 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-12-15 09:06:22 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2010-12-13 13:05:08 -------- d-----w- c:\users\flexac~1\appdata\roaming\DVD Flick

    ==================== Find3M ====================

    2010-12-24 13:48:17 32 ----a-w- c:\windows\system32\msvcsv60.dll
    2010-11-29 17:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-11-29 17:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
    2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
    2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
    2010-10-16 18:55:00 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
    2010-10-16 18:55:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
    2010-10-16 18:55:00 4837480 ----a-w- c:\windows\system32\nvcuda.dll
    2010-10-16 18:55:00 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-10-16 18:55:00 1719912 ----a-w- c:\windows\system32\nvapi.dll
    2010-10-16 18:55:00 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
    2010-10-16 18:55:00 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-10-16 18:55:00 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
    2010-10-16 12:42:20 600680 ----a-w- c:\windows\system32\nvvsvc.exe
    2010-10-16 12:42:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
    2010-10-16 12:42:16 3420776 ----a-w- c:\windows\system32\nvcpl.dll
    2010-10-16 12:42:12 2079336 ----a-w- c:\windows\system32\nvsvc.dll
    2010-10-14 23:44:02 4280320 ----a-w- c:\windows\system32\GPhotos.scr

    ============= FINISH: 11:26:24.41 ===============

    ARK.TKT
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-12 12:11:49
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-7 SAMSUNG_SP0612N rev.RV100-26
    Running: 1jxjsj79.exe; Driver: C:\Users\FLEXAC~1\AppData\Local\Temp\uxlyapow.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    ? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
    .text USBPORT.SYS!DllUnload 87DE241B 5 Bytes JMP 869481C8
    ? System32\Drivers\avyl5ghj.SYS The system cannot find the path specified. !
    PAGE [email protected]@3PADA + 1ABF 9DE5203F 91 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
    PAGE [email protected]@3PADA + 1B1B 9DE5209B 18 Bytes [9D, 85, C9, 7C, 18, 8D, 41, ...]
    PAGE [email protected]@3PADA + 1B2F 9DE520AF 1 Byte [16]
    PAGE [email protected]@3PADA + 1B2F 9DE520AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...]
    PAGE [email protected]@3PADA + 1BB0 9DE52130 6 Bytes [0E, 83, 78, 14, 01, 75]
    PAGE ...
    ? C:\Users\FLEXAC~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1692] USER32.dll!TrackPopupMenu 757C14F3 5 Bytes JMP 5DAD2342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe[3468] USER32.dll!SetScrollRange 757AD185 5 Bytes JMP 7578001E
    .text C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe[3468] USER32.dll!ShowScrollBar 757AF8AE 5 Bytes JMP 75770000
    .text C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe[3468] USER32.dll!SetScrollInfo 757B71D8 7 Bytes JMP 75790014
    .text C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe[3468] USER32.dll!GetScrollRange 757D34A5 5 Bytes JMP 75790000
    .text C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe[3468] USER32.dll!SetScrollPos 757D3602 5 Bytes JMP 75780000
    .text C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe[3468] USER32.dll!MessageBoxW 757FD6CF 5 Bytes JMP 75770028
    .text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3684] kernel32.dll!SetUnhandledExceptionFilter 76A0A84F 5 Bytes JMP 5B5D54C1 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
    .text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3684] ole32.dll!OleLoadFromStream 76751E80 5 Bytes JMP 5C08D62A C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[5408] ntdll.dll!LdrLoadDll 77119390 5 Bytes JMP 002E13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8060E61E] \SystemRoot\System32\Drivers\sptd.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8060DAD4] \SystemRoot\System32\Drivers\sptd.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8060E748] \SystemRoot\System32\Drivers\sptd.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8060DB9C] \SystemRoot\System32\Drivers\sptd.sys
    IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060DC1A] \SystemRoot\System32\Drivers\sptd.sys
    IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [8D53E0C2] \??\C:\Windows\system32\Drivers\AfwCore.sys

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73367817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [733BA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7336BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7335F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [733675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7335E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73398395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7336DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7335FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7335FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [733571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [733ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7338C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7335D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73356853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7335687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73362AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73367817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [733BA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7336BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7335F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [733675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7335E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73398395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7336DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [7335FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [7335FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [733571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [733ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [7338C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [7335D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73356853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [7335687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73362AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 848B31E8
    Device \FileSystem\fastfat \FatCdrom 820587A0
    Device \Driver\netbt \Device\NetBT_Tcpip_{4F88B0D8-A578-424D-B8DE-07F33B24D19E} 8D02F1E8
    Device \Driver\volmgr \Device\VolMgrControl 848B01E8
    Device \Driver\usbohci \Device\USBPDO-0 869521E8
    Device \Driver\PCI_NTPNP6014 \Device\00000051 sptd.sys
    Device \Driver\usbehci \Device\USBPDO-1 869547A0
    Device \Driver\usbohci \Device\USBPDO-2 869521E8
    Device \Driver\usbehci \Device\USBPDO-3 869547A0
    Device \Driver\volmgr \Device\HarddiskVolume1 848B01E8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

    Device \Driver\volmgr \Device\HarddiskVolume2 848B01E8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

    Device \Driver\cdrom \Device\CdRom0 869937A0
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 848B21E8
    Device \Driver\atapi \Device\Ide\IdePort0 848B21E8
    Device \Driver\atapi \Device\Ide\IdePort1 848B21E8
    Device \Driver\atapi \Device\Ide\IdePort2 848B21E8
    Device \Driver\atapi \Device\Ide\IdePort3 848B21E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-7 848B21E8
    Device \Driver\volmgr \Device\HarddiskVolume3 848B01E8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

    Device \Driver\cdrom \Device\CdRom1 869937A0
    Device \Driver\USBSTOR \Device\00000076 907E71E8
    Device \Driver\USBSTOR \Device\00000077 907E71E8
    Device \Driver\netbt \Device\NetBt_Wins_Export 8D02F1E8
    Device \Driver\USBSTOR \Device\00000078 907E71E8
    Device \Driver\USBSTOR \Device\00000079 907E71E8
    Device \Driver\netbt \Device\NetBT_Tcpip_{C29AECFA-8A76-4037-BA69-0D5AB96FDC13} 8D02F1E8
    Device \Driver\nsiproxy \Device\Nsi AfwCore.sys
    Device \Driver\iScsiPrt \Device\RaidPort0 86AF31E8
    Device \Driver\usbohci \Device\USBFDO-0 869521E8
    Device \Driver\usbehci \Device\USBFDO-1 869547A0
    Device \Driver\usbohci \Device\USBFDO-2 869521E8
    Device \Driver\usbehci \Device\USBFDO-3 869547A0
    Device \Driver\avyl5ghj \Device\Scsi\avyl5ghj1Port5Path0Target0Lun0 86A041E8
    Device \Driver\avyl5ghj \Device\Scsi\avyl5ghj1 86A041E8
    Device \FileSystem\fastfat \Fat 820587A0

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x1E 0x5C 0xE9 0xAC ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0xF2 0xB8 0xD8 0x2B ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x55 0x98 0x08 0x55 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xEF 0x77 0x10 0x24 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x9F 0x8B 0xC0 0x53 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x1E 0x5C 0xE9 0xAC ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0xF2 0xB8 0xD8 0x2B ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x55 0x98 0x08 0x55 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xEF 0x77 0x10 0x24 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x9F 0x8B 0xC0 0x53 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[email protected]
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected]
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected]
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected]

    ---- Files - GMER 1.0.15 ----

    File C:\Users\Gray\Documents\Downloads\Peek 0 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1 0 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra 0 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\Four into One.docx 23928 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\CIMG2132.JPG 1682652 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\CIMG2133.JPG 2216793 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01077.JPG 1273470 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01167.JPG 1496611 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01168.JPG 1464696 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01169.JPG 1043253 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01170.JPG 1424334 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01171.JPG 1498758 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01172.JPG 1502155 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01173.JPG 1489928 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01174.JPG 1487438 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01175.JPG 1357912 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01176.JPG 1490882 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01177.JPG 1405975 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01178.JPG 1414875 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01181.JPG 1378693 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01185.JPG 1380995 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01186.JPG 1408540 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01187.JPG 1543687 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\f1417152.avi 28093448 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\f2727808.jpg 2910719 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\IMG00166-20100929-1729.jpg 201034 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\IMG00167-20100929-1730.jpg 224484 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\Kalas calling card.docx 24943 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\PDR_0001.JPG 369806 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\PDR_0002.JPG 392734 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\PDR_0003.JPG 376182 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\PDR_0004.JPG 644638 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\PDR_0005.JPG 338178 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\PDR_0006.JPG 355402 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\PDR_0007.JPG 363070 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\PDR_0008.JPG 356146 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\PDR_0009.JPG 323454 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\PDR_0010.JPG 319700 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\smile for the camera.doc 52224 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\Thumbs.db 15360 bytes
    File C:\Users\Gray\Documents\Downloads\Peek\Peek1\~$ile for the camera.doc 162 bytes

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. grayflan

    grayflan Thread Starter

    Joined:
    Jan 12, 2011
    Messages:
    2
    Hello,
    any solutions to this please ?
    cheers
    Gray.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/974210

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice