hi-jack possibility -newbie - help appreciated.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

grayflan

Thread Starter
Joined
Jan 12, 2011
Messages
2
hi all,
vista home premium, amd athlon x64 dual core 5000, 60gb HD with remote 500gb HD.

not sure if i've been hi-jacked, but wifi keeps dropping signal on my home network (have 3 pc's and 1 in particular is troublesome).
my IP is reporting all OK on its network etc.
tried a new router and it does the same.
wirelss dongle detects a rather suspicious "network" which has garbled wording as its I.D.

hope i've uploaded info correctly and any assistance greatly appreciated, and, apologies if this is post is in wrong section or indeed turns out to be something of my own "dabbling".
cheers.

HiJack This Log
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:21:40, on 12/01/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\windows\vsnpstd2.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
G:\Programmes\Software\Software Downloads\HiJack This\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BGAntiphishingBHO - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe" -boot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\Programmes\Software\ITunes\iTunesHelper.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL BgGamingMonitor.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BgRaSvc - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: WTService - Unknown owner - C:\Windows\system32\atwtusb.exe

--
End of file - 8123 bytes

DDS Log
DDS (Ver_10-12-12.02) - NTFSx86
Run by Flexaccom at 11:25:12.81 on 12/01/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1791.613 [GMT 0:00]

AV: BullGuard Antivirus *Enabled/Updated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}
SP: BullGuard Antispyware *Enabled/Updated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: BullGuard Firewall *Enabled* {68747E43-7A47-EA26-053F-CB84640E3E67}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\SvcHost.exe -k BullGuard_Main
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\SvcHost.exe -k BullGuard_LowPriv
C:\Windows\System32\SvcHost.exe -k BullGuard
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\fsproflt.exe
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Soluto\soluto.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\taskeng.exe
C:\windows\vsnpstd2.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
G:\Programmes\Software\Software Downloads\HiJack This\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
G:\Flexaccom\Flexaccom System\Flexaccom\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: BGAntiphishingBHO Class: {fc872b94-35e3-4b94-b028-184a2a1c7cce} - c:\program files\bullguard ltd\bullguard\antiphishing\ie\BGAntiphishingIEBHO.dll
mRun: [BullGuard] "c:\program files\bullguard ltd\bullguard\BullGuard.exe" -boot
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "g:\programmes\software\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - c:\program files\bullguard ltd\bullguard\antiphishing\ie\BGAntiphishingIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~1\google\go333c~1\GOEC62~1.DLL BgGamingMonitor.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\flexac~1\appdata\roaming\mozilla\firefox\profiles\h5z74suj.default\
FF - component: c:\program files\bullguard ltd\bullguard\antiphishing\ff\[email protected]\components\BGFFComponent.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1441.4352\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: g:\programmes\software\itunes\mozilla plugins\npitunes.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: BullGuard Antiphishing Toolbar: [email protected] - c:\program files\bullguard ltd\bullguard\antiphishing\ff\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Xmarks: [email protected] - %profile%\extensions\[email protected]

============= SERVICES / DRIVERS ===============

R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2009-10-11 43792]
R1 afw;Agnitum Firewall Driver;c:\windows\system32\drivers\Afw.sys [2007-11-28 29208]
R1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys [2010-3-12 58592]
R2 BsBrowser;BullGuard antiphishing service;c:\windows\system32\SvcHost.exe -k BullGuard_LowPriv [2008-8-24 21504]
R2 BsFileScan;BullGuard on-access service;c:\windows\system32\SvcHost.exe -k BullGuard [2008-8-24 21504]
R2 BsFire;BullGuard firewall service;c:\windows\system32\SvcHost.exe -k BullGuard [2008-8-24 21504]
R2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\system32\SvcHost.exe -k BullGuard [2008-8-24 21504]
R2 BsMain;BullGuard main service;c:\windows\system32\SvcHost.exe -k BullGuard_Main [2008-8-24 21504]
R2 BsUpdate;BullGuard update service;c:\program files\bullguard ltd\bullguard\BullGuardUpdate.exe [2010-9-22 355720]
R2 Cubase32;Cubase32;c:\windows\system32\drivers\Cubase32.sys [2009-9-11 11808]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-10-11 142648]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2010-10-12 330784]
R3 AfwCore;Agnitum Firewall Core Driver;c:\windows\system32\drivers\AfwCore.sys [2008-11-13 318488]
R3 BsScanner;BullGuard scanning service;c:\program files\bullguard ltd\bullguard\BullGuardScanner.exe [2010-3-3 305032]
R3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [2010-9-7 29824]
R3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\drivers\L6TPortA.sys [2010-9-7 579456]
S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [2010-11-2 181704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BgRaSvc;BgRaSvc;c:\program files\bullguard ltd\bullguard\support\BgRaSvc.exe [2010-3-3 122760]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2010-2-5 28048]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-24 21504]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-12-8 30192]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-28 133104]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-2-21 16472]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WTService;WTService;c:\windows\system32\atwtusb.exe -s --> c:\windows\system32\atwtusb.exe -s [?]

=============== Created Last 30 ================

2011-01-12 11:16:32 388096 ----a-r- c:\users\flexac~1\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-07 14:49:27 292696 ----a-w- c:\windows\system32\XceedFtp.dll
2011-01-07 14:49:22 -------- d-----w- c:\windows\OutlookBackupPro
2011-01-07 14:49:22 -------- d-----w- c:\program files\OutlookBackupPro
2011-01-07 12:13:25 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-01-06 11:24:53 -------- d-----w- c:\users\flexac~1\appdata\local\Apple Computer
2011-01-06 11:24:31 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-01-06 11:24:31 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-01-06 11:23:06 -------- d-----w- c:\program files\iPod
2010-12-23 15:05:01 -------- d-----w- c:\users\flexac~1\appdata\roaming\LimeWire
2010-12-22 10:42:33 -------- d-----w- c:\program files\Belkin
2010-12-22 09:48:10 -------- d-----w- c:\program files\BT VY1055
2010-12-22 09:47:56 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2010-12-22 09:47:56 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2010-12-22 09:47:56 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2010-12-22 09:47:56 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2010-12-22 09:47:56 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2010-12-22 09:47:56 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2010-12-22 09:47:55 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2010-12-21 11:43:06 -------- d-----w- c:\users\flexac~1\appdata\roaming\zohocrm
2010-12-20 13:49:33 -------- d-----w- c:\users\flexac~1\appdata\local\Microsoft Help
2010-12-17 09:55:21 -------- d-----w- c:\progra~2\TAS
2010-12-15 09:10:57 638232 ----a-w- c:\program files\internet explorer\iexplore.exe
2010-12-15 09:10:52 515584 ----a-w- c:\program files\windows mail\wab.exe
2010-12-15 09:10:51 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2010-12-15 09:10:51 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2010-12-15 09:10:46 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 09:10:42 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-15 09:10:42 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 09:10:42 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 09:10:24 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 09:06:22 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-12-13 13:05:08 -------- d-----w- c:\users\flexac~1\appdata\roaming\DVD Flick

==================== Find3M ====================

2010-12-24 13:48:17 32 ----a-w- c:\windows\system32\msvcsv60.dll
2010-11-29 17:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-16 18:55:00 888424 ----a-w- c:\windows\system32\nvdispco322050.dll
2010-10-16 18:55:00 813672 ----a-w- c:\windows\system32\nvgenco322030.dll
2010-10-16 18:55:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2010-10-16 18:55:00 4837480 ----a-w- c:\windows\system32\nvcuda.dll
2010-10-16 18:55:00 2912360 ----a-w- c:\windows\system32\nvcuvid.dll
2010-10-16 18:55:00 2666600 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-10-16 18:55:00 1719912 ----a-w- c:\windows\system32\nvapi.dll
2010-10-16 18:55:00 14899816 ----a-w- c:\windows\system32\nvoglv32.dll
2010-10-16 18:55:00 13019752 ----a-w- c:\windows\system32\nvcompiler.dll
2010-10-16 18:55:00 10023528 ----a-w- c:\windows\system32\nvd3dum.dll
2010-10-16 12:42:20 600680 ----a-w- c:\windows\system32\nvvsvc.exe
2010-10-16 12:42:20 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-10-16 12:42:16 3420776 ----a-w- c:\windows\system32\nvcpl.dll
2010-10-16 12:42:12 2079336 ----a-w- c:\windows\system32\nvsvc.dll
2010-10-14 23:44:02 4280320 ----a-w- c:\windows\system32\GPhotos.scr

============= FINISH: 11:26:24.41 ===============

ARK.TKT
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-12 12:11:49
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-7 SAMSUNG_SP0612N rev.RV100-26
Running: 1jxjsj79.exe; Driver: C:\Users\FLEXAC~1\AppData\Local\Temp\uxlyapow.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload 87DE241B 5 Bytes JMP 869481C8
? System32\Drivers\avyl5ghj.SYS The system cannot find the path specified. !
PAGE [email protected]@3PADA + 1ABF 9DE5203F 91 Bytes [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE [email protected]@3PADA + 1B1B 9DE5209B 18 Bytes [9D, 85, C9, 7C, 18, 8D, 41, ...]
PAGE [email protected]@3PADA + 1B2F 9DE520AF 1 Byte [16]
PAGE [email protected]@3PADA + 1B2F 9DE520AF 128 Bytes [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE [email protected]@3PADA + 1BB0 9DE52130 6 Bytes [0E, 83, 78, 14, 01, 75]
PAGE ...
? C:\Users\FLEXAC~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1692] USER32.dll!TrackPopupMenu 757C14F3 5 Bytes JMP 5DAD2342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe[3468] USER32.dll!SetScrollRange 757AD185 5 Bytes JMP 7578001E
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe[3468] USER32.dll!ShowScrollBar 757AF8AE 5 Bytes JMP 75770000
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe[3468] USER32.dll!SetScrollInfo 757B71D8 7 Bytes JMP 75790014
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe[3468] USER32.dll!GetScrollRange 757D34A5 5 Bytes JMP 75790000
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe[3468] USER32.dll!SetScrollPos 757D3602 5 Bytes JMP 75780000
.text C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe[3468] USER32.dll!MessageBoxW 757FD6CF 5 Bytes JMP 75770028
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3684] kernel32.dll!SetUnhandledExceptionFilter 76A0A84F 5 Bytes JMP 5B5D54C1 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE[3684] ole32.dll!OleLoadFromStream 76751E80 5 Bytes JMP 5C08D62A C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5408] ntdll.dll!LdrLoadDll 77119390 5 Bytes JMP 002E13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8060E61E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8060DAD4] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8060E748] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8060DB9C] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060DC1A] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [8D53E0C2] \??\C:\Windows\system32\Drivers\AfwCore.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73367817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [733BA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7336BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7335F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [733675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7335E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73398395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7336DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7335FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7335FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [733571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [733ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7338C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7335D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73356853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7335687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3208] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73362AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73367817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [733BA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7336BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7335F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [733675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7335E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73398395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7336DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [7335FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [7335FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [733571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [733ECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [7338C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [7335D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73356853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [7335687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[5784] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73362AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 848B31E8
Device \FileSystem\fastfat \FatCdrom 820587A0
Device \Driver\netbt \Device\NetBT_Tcpip_{4F88B0D8-A578-424D-B8DE-07F33B24D19E} 8D02F1E8
Device \Driver\volmgr \Device\VolMgrControl 848B01E8
Device \Driver\usbohci \Device\USBPDO-0 869521E8
Device \Driver\PCI_NTPNP6014 \Device\00000051 sptd.sys
Device \Driver\usbehci \Device\USBPDO-1 869547A0
Device \Driver\usbohci \Device\USBPDO-2 869521E8
Device \Driver\usbehci \Device\USBPDO-3 869547A0
Device \Driver\volmgr \Device\HarddiskVolume1 848B01E8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

Device \Driver\volmgr \Device\HarddiskVolume2 848B01E8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

Device \Driver\cdrom \Device\CdRom0 869937A0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 848B21E8
Device \Driver\atapi \Device\Ide\IdePort0 848B21E8
Device \Driver\atapi \Device\Ide\IdePort1 848B21E8
Device \Driver\atapi \Device\Ide\IdePort2 848B21E8
Device \Driver\atapi \Device\Ide\IdePort3 848B21E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-7 848B21E8
Device \Driver\volmgr \Device\HarddiskVolume3 848B01E8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

Device \Driver\cdrom \Device\CdRom1 869937A0
Device \Driver\USBSTOR \Device\00000076 907E71E8
Device \Driver\USBSTOR \Device\00000077 907E71E8
Device \Driver\netbt \Device\NetBt_Wins_Export 8D02F1E8
Device \Driver\USBSTOR \Device\00000078 907E71E8
Device \Driver\USBSTOR \Device\00000079 907E71E8
Device \Driver\netbt \Device\NetBT_Tcpip_{C29AECFA-8A76-4037-BA69-0D5AB96FDC13} 8D02F1E8
Device \Driver\nsiproxy \Device\Nsi AfwCore.sys
Device \Driver\iScsiPrt \Device\RaidPort0 86AF31E8
Device \Driver\usbohci \Device\USBFDO-0 869521E8
Device \Driver\usbehci \Device\USBFDO-1 869547A0
Device \Driver\usbohci \Device\USBFDO-2 869521E8
Device \Driver\usbehci \Device\USBFDO-3 869547A0
Device \Driver\avyl5ghj \Device\Scsi\avyl5ghj1Port5Path0Target0Lun0 86A041E8
Device \Driver\avyl5ghj \Device\Scsi\avyl5ghj1 86A041E8
Device \FileSystem\fastfat \Fat 820587A0

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x1E 0x5C 0xE9 0xAC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0xF2 0xB8 0xD8 0x2B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x55 0x98 0x08 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xEF 0x77 0x10 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x9F 0x8B 0xC0 0x53 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x1E 0x5C 0xE9 0xAC ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0xF2 0xB8 0xD8 0x2B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x55 0x98 0x08 0x55 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0xEF 0x77 0x10 0x24 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0x9F 0x8B 0xC0 0x53 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[email protected]
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected]
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected]
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\[email protected]

---- Files - GMER 1.0.15 ----

File C:\Users\Gray\Documents\Downloads\Peek 0 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1 0 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra 0 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\Four into One.docx 23928 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\CIMG2132.JPG 1682652 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\CIMG2133.JPG 2216793 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01077.JPG 1273470 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01167.JPG 1496611 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01168.JPG 1464696 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01169.JPG 1043253 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01170.JPG 1424334 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01171.JPG 1498758 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01172.JPG 1502155 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01173.JPG 1489928 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01174.JPG 1487438 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01175.JPG 1357912 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01176.JPG 1490882 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01177.JPG 1405975 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01178.JPG 1414875 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01181.JPG 1378693 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01185.JPG 1380995 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01186.JPG 1408540 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\DSC01187.JPG 1543687 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\f1417152.avi 28093448 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\f2727808.jpg 2910719 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\IMG00166-20100929-1729.jpg 201034 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\IMG00167-20100929-1730.jpg 224484 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\Kalas calling card.docx 24943 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\PDR_0001.JPG 369806 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\PDR_0002.JPG 392734 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\PDR_0003.JPG 376182 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\PDR_0004.JPG 644638 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\PDR_0005.JPG 338178 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\PDR_0006.JPG 355402 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\PDR_0007.JPG 363070 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\PDR_0008.JPG 356146 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\PDR_0009.JPG 323454 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\PDR_0010.JPG 319700 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\PeekExtra\smile for the camera.doc 52224 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\Thumbs.db 15360 bytes
File C:\Users\Gray\Documents\Downloads\Peek\Peek1\~$ile for the camera.doc 162 bytes

---- EOF - GMER 1.0.15 ----
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top