Sponsored By

dragoi90

Members
  • Content Count

    4
  • Joined

  • Last visited

About dragoi90

  • Rank
    Member
  • Birthday 07/13/1998

Contact Methods

Profile Information

  • Gender
    Male
  • Location
    ALBANIA
  • Interests
    MUSIC,CHATING,DRIVING!

Previous Fields

  • Operating System
    WINDOWS 2000 SP4
  1. THANX!

    I'M GLAD I'M HERE!

  2. SCHRAUBER I GET AN ERROR TABLE: !!ALERT!! IT IS NOT SAFE TO CONTINUE. THE CONTENTS OF THE COMBOFIX HAS BEEN COMPROMISED! NOTE:YOU MAY BE INFECTED WITH A FILE PATCHING VIRUS "VIRUT" AND I GET ANOTHER TABLE WHEN THEY SAY THAT THE MEMORY COULD NOT BE WRITTEN AD COULD NOT BE READ! (2 ERROR WINDOWS)
  3. Rooter.exe (v1.0.2) by Eric_71 . SeDebugPrivilege granted successfully ... . Windows 2000 . (5.0.2195) Service Pack 4 [32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel . Error OpenService (wscsvc) : 1060 [sharedAccess] STOPPED (state:1) : Windows Firewall -> Disabled ! . Internet Explorer 5.00.3700.1000 . A:\ [Removable] C:\ [Fixed-NTFS] .. ( Total:8 Go - Free:3 Go ) D:\ [CD_Rom] . Scan : 17:25.15 Path : C:\Documents and Settings\sporteli\Desktop\New Folder (5)\Rooter.exe User : sporteli ( Administrator -> YES ) . ----------------------\\ Processes . Locked [system Process] (0) ______ System (8) ______ \SystemRoot\System32\smss.exe (156) ______ \??\C:\WINNT\system32\csrss.exe (176) ______ \??\C:\WINNT\system32\winlogon.exe (168) ______ C:\WINNT\system32\services.exe (228) ______ C:\WINNT\system32\lsass.exe (244) ______ C:\WINNT\system32\svchost.exe (428) ______ C:\WINNT\system32\spoolsv.exe (456) ______ C:\WINNT\system32\svchost.exe (500) ______ C:\WINNT\system32\hidserv.exe (516) ______ C:\WINNT\System32\svchost.exe (576) ______ C:\WINNT\system32\nvsvc32.exe (592) ______ C:\WINNT\System32\svchost.exe (640) ______ C:\WINNT\system32\regsvc.exe (660) ______ C:\WINNT\system32\MSTask.exe (676) ______ C:\WINNT\System32\snmp.exe (712) ______ C:\WINNT\system32\stisvc.exe (816) ______ C:\WINNT\system32\svchost.exe (876) ______ C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (916) ______ C:\WINNT\system32\mspmspsv.exe (808) ______ C:\WINNT\system32\svchost.exe (944) ______ C:\WINNT\system32\svchost.exe (960) ______ C:\Program Files\TeamViewer\Version4\TeamViewer.exe (1084) ______ C:\WINNT\Explorer.EXE (1112) ______ C:\WINNT\RTHDCPL.EXE (1240) ______ C:\WINNT\system32\RUNDLL32.EXE (1284) ______ C:\WINNT\system32\RUNDLL32.EXE (1312) ______ C:\WINNT\system32\RUNDLL32.EXE (1320) ______ C:\WINNT\system32\RUNDLL32.EXE (1208) ______ C:\Program Files\Skype\Phone\Skype.exe (1288) ______ C:\Documents and Settings\sporteli\Desktop\New Folder (5)\Rooter.exe (1052) . ----------------------\\ Device\Harddisk0\ . \Device\Harddisk0 [sectors : 63 x 512 Bytes] . ----------------------\\ Scheduled Tasks . C:\WINNT\Tasks\desktop.ini C:\WINNT\Tasks\SA.DAT . ----------------------\\ Registry . . ----------------------\\ Files & Folders . ----------------------\\ Scan completed at 17:25.27 . C:\Rooter$\Rooter_1.txt - (17/01/2010 | 17:25.27) --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- CKScanner - Additional Security Risks - These are not necessarily bad c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eat.nfo c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\file_id.diz c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\eat.nfo c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\eat_rls.2000-2009_1130.nfo c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\file_id.diz c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\eatvsp85\vuesca85_v8.5.39.exe c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\eatvsp85\crack\vuescan.exe scanner sequence 3.FA.11 ----- EOF ----- --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- OTL Extras logfile created on: 17/01/2010 5:44:40 PM - Run 1 OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\sporteli\Desktop\New Folder (5) Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation Internet Explorer (Version = 5.00.3700.1000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy 895.00 Mb Total Physical Memory | 674.00 Mb Available Physical Memory | 75.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 8.79 Gb Total Space | 3.48 Gb Free Space | 39.57% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: IMPERIAL-YJVVAC Current User Name: sporteli Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- %1 scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" %* txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DoNotAllowExceptions" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINNT\fonts\services.exe" = C:\WINNT\fonts\services.exe:*:Enabled:services.exe -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan "{3E713D52-C967-41FB-AA24-3A92CC1025A4}" = Remote Desktop Connection "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{5932C9AC-9049-11D4-8111-005004D78BE4}" = ImpulseStudio 3.04 "{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs "{7699B723-9718-41DE-8C18-549F341C02CE}" = Crystal Reports "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1 "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min "{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0 "{DCA1B4C0-98A5-418B-8293-45663180B6C5}" = DCA1B4C0-98A5-418B-8293-45663180B6C5 "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0 "{FFD44E90-AEA4-4D25-AF53-5CE2723E88DA}" = MarketingReg "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "AERP_4.0.0" = AERP 4.0.0 "Data Dynamics SharpGrid 2.0" = Data Dynamics SharpGrid 2.0 "EPSON Printer and Utilities" = EPSON Printer Software "LQ-300+II User's Guide" = LQ-300+II User's Guide "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft SQL Server 2000" = Microsoft SQL Server 2000 "NVIDIA Drivers" = NVIDIA Drivers "Q828026" = Windows Media Player Hotfix [see Q828026 for more information] "TeamViewer 4" = TeamViewer 4 "Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4 "VueScan" = VueScan "WinRAR archiver" = WinRAR archiver "WMP7" = Windows Media Player 7.1 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 19/12/2009 10:35:27 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 10005 Description = Product: ESET NOD32 Antivirus -- Error 5001. The computer has not been restarted after a program uninstallation. Please restart the computer and run the installer again. Error - 19/12/2009 10:38:26 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920 Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn) failed to start. Verify that you have sufficient privileges to start system services. Error - 19/12/2009 10:38:56 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920 Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn) failed to start. Verify that you have sufficient privileges to start system services. Error - 19/12/2009 10:39:35 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 10005 Description = Product: ESET NOD32 Antivirus -- Error 5001. The computer has not been restarted after a program uninstallation. Please restart the computer and run the installer again. Error - 19/12/2009 10:45:22 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920 Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn) failed to start. Verify that you have sufficient privileges to start system services. Error - 19/12/2009 10:45:55 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920 Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn) failed to start. Verify that you have sufficient privileges to start system services. Error - 19/12/2009 10:46:30 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920 Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn) failed to start. Verify that you have sufficient privileges to start system services. Error - 16/01/2010 9:07:54 PM | Computer Name = IMPERIAL-YJVVAC | Source = Userenv | ID = 1000 Description = Windows cannot unload your registry file. If you have a roaming profile, your settings are not replicated. Contact your administrator. DETAIL - Access is denied. , Build number ((2195)). Error - 16/01/2010 9:50:04 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920 Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ESET Service' (ekrn) failed to start. Verify that you have sufficient privileges to start system services. Error - 16/01/2010 9:50:34 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920 Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ESET Service' (ekrn) failed to start. Verify that you have sufficient privileges to start system services. [ System Events ] Error - 16/01/2010 8:48:20 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001 Description = The TCP/IP NetBIOS Helper Service service depends on the AFD Networking Support Environment service which failed to start because of the following error: %%1077 Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001 Description = The Messenger service depends on the NetBIOS Interface service which failed to start because of the following error: %%31 Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001 Description = The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: %%1077 Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001 Description = The Simple TCP/IP Services service depends on the AFD Networking Support Environment service which failed to start because of the following error: %%1077 Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001 Description = The Background Intelligent Transfer Service service depends on the Windows Management Instrumentation Driver Extensions service which failed to start because of the following error: %%1077 Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1077 Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: BIOS MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Error - 16/01/2010 8:50:53 PM | Computer Name = IMPERIAL-YJVVAC | Source = DCOM | ID = 10010 Description = The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register with DCOM within the required timeout. Error - 16/01/2010 8:54:00 PM | Computer Name = IMPERIAL-YJVVAC | Source = DCOM | ID = 10010 Description = The server {000C101C-0000-0000-C000-000000000046} did not register with DCOM within the required timeout. Error - 16/01/2010 9:06:54 PM | Computer Name = IMPERIAL-YJVVAC | Source = DCOM | ID = 10010 Description = The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register with DCOM within the required timeout. < End of report > --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- OTL logfile created on: 17/01/2010 5:44:40 PM - Run 1 OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\sporteli\Desktop\New Folder (5) Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation Internet Explorer (Version = 5.00.3700.1000) Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy 895.00 Mb Total Physical Memory | 674.00 Mb Available Physical Memory | 75.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files Drive C: | 8.79 Gb Total Space | 3.48 Gb Free Space | 39.57% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: IMPERIAL-YJVVAC Current User Name: sporteli Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/01/17 17:43:52 | 00,019,456 | ---- | M] () -- C:\WINNT\Temp\VRT3.tmp PRC - [2010/01/17 11:04:31 | 00,567,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sporteli\Desktop\New Folder (5)\OTL.exe PRC - [2009/06/02 10:56:00 | 24,264,488 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2008/12/23 08:04:10 | 03,950,376 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer.exe PRC - [2008/12/23 07:44:46 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe PRC - [2007/12/20 10:47:36 | 16,882,176 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINNT\RTHDCPL.exe PRC - [2007/11/27 21:26:00 | 00,176,128 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvsvc32.exe PRC - [2005/04/01 07:00:00 | 00,263,168 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe PRC - [2005/04/01 07:00:00 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\winmgmt.exe PRC - [2005/04/01 07:00:00 | 00,139,264 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe PRC - [2005/04/01 07:00:00 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe PRC - [2005/04/01 07:00:00 | 00,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\stisvc.exe PRC - [2005/04/01 07:00:00 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\snmp.exe PRC - [2003/06/19 12:05:04 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\hidserv.exe PRC - [2001/10/01 13:48:44 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mspmspsv.exe ========== Modules (SafeList) ========== MOD - [2010/01/17 17:35:58 | 00,036,865 | ---- | M] () -- C:\WINNT\system32\msnjkwfb.dll MOD - [2010/01/17 11:04:31 | 00,567,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sporteli\Desktop\New Folder (5)\OTL.exe MOD - [2010/01/16 14:46:20 | 00,036,865 | ---- | M] () -- C:\WINNT\system32\mssheatr.dll MOD - [2010/01/12 07:04:37 | 00,036,865 | ---- | M] () -- C:\WINNT\system32\msjuehus.dll MOD - [2010/01/09 07:11:20 | 00,036,864 | ---- | M] () -- C:\WINNT\system32\msjgjzcu.dll MOD - [2005/04/01 07:00:00 | 00,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll ========== Win32 Services (SafeList) ========== SRV - [2008/12/23 07:44:46 | 00,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4) SRV - [2007/11/27 21:26:00 | 00,176,128 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINNT\system32\nvsvc32.exe -- (NVSvc) SRV - [2007/03/11 21:35:02 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08) SRV - [2006/11/08 10:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINNT\system32\HPZipm12.dll -- (Pml Driver HPZ12) SRV - [2006/11/08 10:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINNT\system32\HPZinw12.dll -- (Net Driver HPZ12) SRV - [2005/04/01 07:00:00 | 00,217,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINNT\system32\wbem\winmgmt.exe -- (WinMgmt) SRV - [2005/04/01 07:00:00 | 00,167,424 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin) SRV - [2005/04/01 07:00:00 | 00,139,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mstask.exe -- (Schedule) SRV - [2005/04/01 07:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\faxsvc.exe -- (Fax) SRV - [2005/04/01 07:00:00 | 00,088,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry) SRV - [2005/04/01 07:00:00 | 00,081,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\stisvc.exe -- (StiSvc) SRV - [2005/04/01 07:00:00 | 00,080,384 | --S- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINNT\System32\1Bc.exe -- (TapiSrvIpripRemoteAccess) SRV - [2005/04/01 07:00:00 | 00,080,384 | --S- | M] () [Auto | Stopped] -- C:\WINNT\System32\12520437y.exe -- (TapiSrvIprip) SRV - [2005/04/01 07:00:00 | 00,050,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\snmp.exe -- (SNMP) SRV - [2005/04/01 07:00:00 | 00,045,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINNT\system32\tcpsvcs.exe -- (SimpTcp) SRV - [2005/04/01 07:00:00 | 00,042,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan) SRV - [2003/07/28 06:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003/06/19 12:05:04 | 00,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\hidserv.exe -- (HidServ) SRV - [2001/10/01 13:48:44 | 00,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mspmspsv.exe -- (WMDM PMSP Service) SRV - [1999/12/07 07:00:00 | 00,034,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\iprip.dll -- (Iprip) ========== Driver Services (SafeList) ========== DRV - [2008/01/07 04:32:06 | 00,029,096 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2007/12/20 12:00:06 | 04,637,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/11/27 21:26:00 | 06,866,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv) DRV - [2007/11/17 02:43:56 | 00,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007/11/17 02:43:36 | 00,050,304 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2007/10/12 02:53:10 | 00,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007/03/07 00:20:50 | 00,021,568 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HPZius12.sys -- (HPZius12) DRV - [2007/03/07 00:20:49 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HPZipr12.sys -- (HPZipr12) DRV - [2007/03/07 00:20:48 | 00,049,920 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HPZid412.sys -- (HPZid412) DRV - [2005/04/01 07:00:00 | 00,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot) DRV - [2005/04/01 07:00:00 | 00,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\dmio.sys -- (dmio) DRV - [2005/04/01 07:00:00 | 00,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel) DRV - [2005/04/01 07:00:00 | 00,049,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20) DRV - [2005/04/01 07:00:00 | 00,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\system32\drivers\efs.sys -- (EFS) DRV - [2005/04/01 07:00:00 | 00,024,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\openhci.sys -- (openhci) DRV - [2005/04/01 07:00:00 | 00,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA) DRV - [2005/04/01 07:00:00 | 00,017,680 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ptilink.sys -- (Ptilink) DRV - [2005/04/01 07:00:00 | 00,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect) DRV - [2005/04/01 07:00:00 | 00,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\diskperf.sys -- (Diskperf) DRV - [2005/04/01 07:00:00 | 00,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\dmload.sys -- (dmload) DRV - [2005/04/01 07:00:00 | 00,006,992 | ---- | M] (SGI) [Kernel | System | Stopped] -- C:\WINNT\system32\drivers\sglfb.sys -- (sglfb) DRV - [2005/03/16 01:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINNT\system32\drivers\BIOS.sys -- (BIOS) DRV - [2005/01/07 11:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Hdaudbus.sys -- (HDAudBus) DRV - [2004/07/08 22:26:38 | 00,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([1999/12/07 07:00:00 | 00,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (@msdxmLC.dll,[email protected],&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx () O4 - HKLM..\Run: [Alcmtr] C:\WINNT\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AlcWzrd] C:\WINNT\alcwzrd.exe (RealTek Semicoductor Corp.) O4 - HKLM..\Run: [gxwiyi] C:\WINNT\System32\msnjkwfb.DLL () O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe () O4 - HKLM..\Run: [qquaqe] C:\WINNT\System32\msjgjzcu.DLL () O4 - HKLM..\Run: [rscqdr] C:\WINNT\System32\mssheatr.DLL () O4 - HKLM..\Run: [RTHDCPL] C:\WINNT\RTHDCPL.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [skyTel] C:\WINNT\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [soundMan] C:\WINNT\SoundMan.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [synchronization Manager] C:\WINNT\System32\mobsync.exe (Microsoft Corporation) O4 - HKLM..\Run: [vkqzej] C:\WINNT\System32\msjuehus.DLL () O4 - HKCU..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKLM..\RunOnce: [[email protected]] Reg Error: Invalid data type. File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\related.htm () O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\related.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\rnr20.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229456552406 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229462185640 (MUWebControl Class) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?39798.4922337963 (Update Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx () O18 - Protocol\Filter\Class Install Handler - No CLSID value found O18 - Protocol\Filter\deflate - No CLSID value found O18 - Protocol\Filter\gzip - No CLSID value found O18 - Protocol\Filter\lzdhtml - No CLSID value found O18 - Protocol\Filter\text/webviewhtml - No CLSID value found O18 - Protocol\Filter\text/xml - No CLSID value found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Documents and Settings\sporteli\My Documents\My Pictures\5722_large.jpg O24 - Desktop BackupWallPaper: C:\WINNT\Zapotec.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/12/17 23:50:07 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: BtwSrv - File not found NetSvcs: Ias - C:\WINNT\system32\ias [2009/12/17 15:47:03 | 00,000,000 | ---D | M] NetSvcs: Iprip - C:\WINNT\system32\iprip.dll (Microsoft Corporation) NetSvcs: Irmon - C:\WINNT\system32\irmon.dll (Microsoft Corporation) NetSvcs: Nwsapagent - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: dmadmin - C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.) SafeBootMin: dmboot.sys - C:\WINNT\system32\drivers\dmboot.sys (VERITAS Software Corp.) SafeBootMin: dmio.sys - C:\WINNT\system32\DRIVERS\dmio.sys (VERITAS Software Corp.) SafeBootMin: dmload.sys - C:\WINNT\system32\drivers\dmload.sys (VERITAS Software Corp.) SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: sglfb.sys - C:\WINNT\system32\drivers\sglfb.sys (SGI) SafeBootMin: System Bus Extender - Driver Group SafeBootMin: tga.sys - File not found SafeBootMin: vga.sys - Driver SafeBootMin: WinMgmt - C:\WINNT\system32\wbem\winmgmt.exe (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: dmadmin - C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.) SafeBootNet: dmboot.sys - C:\WINNT\system32\drivers\dmboot.sys (VERITAS Software Corp.) SafeBootNet: dmio.sys - C:\WINNT\system32\DRIVERS\dmio.sys (VERITAS Software Corp.) SafeBootNet: dmload.sys - C:\WINNT\system32\drivers\dmload.sys (VERITAS Software Corp.) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NBF - Service SafeBootNet: nbf.sys - Driver SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: sglfb.sys - C:\WINNT\system32\drivers\sglfb.sys (SGI) SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: tga.sys - File not found SafeBootNet: vga.sys - Driver SafeBootNet: WinMgmt - C:\WINNT\system32\wbem\winmgmt.exe (Microsoft Corporation) SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML) ActiveX: {1b0357b8-e3fb-4918-915c-a8eb232c273e} - KB973354 ActiveX: {1d939273-21ce-4e7f-be14-490866ec66c2} - KB976325 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java ActiveX: {390e5bb4-1d89-4343-b62d-b76303708a1d} - KB969897 ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3c0d61fe-1db3-4d0b-8477-3cb53eab9469} - KB951066 ActiveX: {3e843540-63b3-42d7-9f4d-812ffd1e767a} - KB974455 ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Visual Basic Scripting Support ActiveX: {4fe13360-e1fd-11d2-83c7-0000f8051539} - Microsoft New ChangJie IME 98a ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {685e3910-1f77-49b9-9434-50bcd95c51ab} - KB905495 ActiveX: {6A5110B5-E14B-4268-A065-EF89FF33C325} - regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player 7 ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {7da6528e-45a6-4022-9e41-c45a8cf33eb5} - KB963027 ActiveX: {80b81c71-14cd-41c3-9e8c-08b9e06d02ef} - KB960714 ActiveX: {81aded60-e2d0-11d2-83c7-0000f8051539} - Microsoft New Phonetic IME 98a ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl ActiveX: {A00BF2EB-56EE-4fde-B5EA-6A8FA425B2A5} - W2KAppComp ActiveX: {b6609c7e-4ad5-4b8b-9da5-9edbc50f7592} - KB958869 ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {e41091c0-06d5-474f-836e-dd190348ea18} - KB958215 ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {f156e5b2-f52e-4094-800c-e7392fe62314} - KB938464 ActiveX: {f351bc8e-a11b-44ba-a436-cee0d27e3abb} - KB976749 ActiveX: {f3d9c2d1-579f-4d41-95ba-5354eeb398d0} - KB972260 ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\system32\setup\wmpocm.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - "%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - "%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigOE Drivers32: aux - C:\WINNT\System32\mmdrv.dll (Microsoft Corporation) Drivers32: aux3 - File not found Drivers32: aux4 - File not found Drivers32: aux5 - File not found Drivers32: aux6 - File not found Drivers32: aux7 - File not found Drivers32: aux8 - File not found Drivers32: aux9 - File not found Drivers32: midi2 - File not found Drivers32: midi3 - File not found Drivers32: midi4 - File not found Drivers32: midi5 - File not found Drivers32: midi6 - File not found Drivers32: midi7 - File not found Drivers32: midi8 - File not found Drivers32: midi9 - File not found Drivers32: mixer2 - File not found Drivers32: mixer3 - File not found Drivers32: mixer4 - File not found Drivers32: mixer5 - File not found Drivers32: mixer6 - File not found Drivers32: mixer7 - File not found Drivers32: mixer8 - File not found Drivers32: mixer9 - File not found Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\WINNT\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll () Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation) Drivers32: wave2 - File not found Drivers32: wave3 - File not found Drivers32: wave4 - File not found Drivers32: wave5 - File not found Drivers32: wave6 - File not found Drivers32: wave7 - File not found Drivers32: wave8 - File not found Drivers32: wave9 - File not found SystemRestore not available. ========== Files/Folders - Created Within 30 Days ========== [2010/01/17 17:25:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Desktop\New Folder (2) [2010/01/17 17:25:27 | 00,000,000 | ---D | C] -- C:\Rooter$ [2010/01/17 17:16:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Application Data\Malwarebytes [2010/01/17 17:16:37 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys [2010/01/17 17:16:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/01/17 17:16:35 | 00,018,520 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys [2010/01/17 17:16:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/01/17 17:11:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Desktop\REGYSTRI [2010/01/17 17:11:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Desktop\New Folder (5) [2010/01/14 07:34:17 | 00,245,520 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\winsrv.dll [2010/01/09 19:16:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Desktop\Avira AntiVir Premium v9.0.0.455 [2010/01/09 19:14:23 | 00,016,496 | R--- | C] (HP) -- C:\WINNT\System32\drivers\HPZipr12.sys [2010/01/09 19:14:13 | 00,049,920 | R--- | C] (HP) -- C:\WINNT\System32\drivers\HPZid412.sys [2010/01/09 19:14:11 | 00,364,544 | R--- | C] (Hewlett-Packard) -- C:\WINNT\System32\hppldcoi.dll [2010/01/09 19:14:11 | 00,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINNT\System32\difxapi.dll [2010/01/09 19:14:10 | 00,569,344 | R--- | C] (Hewlett-Packard Co.) -- C:\WINNT\System32\hpotscl3.dll [2010/01/09 19:14:10 | 00,303,104 | R--- | C] (Hewlett-Packard Co.) -- C:\WINNT\System32\hpovst10.dll [2010/01/09 19:14:10 | 00,229,376 | R--- | C] (Hewlett-Packard) -- C:\WINNT\System32\hpotpusd.dll [2010/01/09 19:14:08 | 00,021,568 | R--- | C] (HP) -- C:\WINNT\System32\drivers\HPZius12.sys [2010/01/06 15:02:08 | 00,052,496 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\mtxclu.dll [2010/01/04 15:06:42 | 01,735,808 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\NTKRPAMP.EXE [2010/01/04 15:06:42 | 01,714,496 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\NTKRNLMP.EXE [2010/01/04 15:06:42 | 01,713,536 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ntkrnlpa.exe [2010/01/04 15:06:42 | 01,690,880 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ntoskrnl.exe [2010/01/04 12:20:43 | 00,138,000 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\faxui.dll [2010/01/04 12:20:43 | 00,138,000 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\faxui.dll [2010/01/01 07:49:09 | 00,000,000 | ---D | C] -- C:\DrWatson [2009/12/19 21:30:48 | 00,000,000 | ---D | C] -- C:\Program Files\ESET [4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/01/17 17:46:23 | 00,033,280 | ---- | M] (Andreas Hausladen) -- C:\WINNT\System32\4633753.exe [2010/01/17 17:45:27 | 01,847,296 | -H-- | M] () -- C:\Documents and Settings\sporteli\NTUSER.DAT [2010/01/17 17:44:03 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2cc.dat [2010/01/17 17:43:44 | 00,000,032 | --S- | M] () -- C:\WINNT\System32\1755361127.dat [2010/01/17 17:43:38 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT [2010/01/17 17:37:21 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2c0.dat [2010/01/17 17:36:02 | 00,000,116 | ---- | M] () -- C:\WINNT\System32\757890.BAT [2010/01/17 17:35:58 | 00,048,640 | ---- | M] () -- C:\WINNT\System32\2561086.exe [2010/01/17 17:35:58 | 00,036,865 | ---- | M] () -- C:\WINNT\System32\msnjkwfb.dll [2010/01/17 17:24:12 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2c8.dat [2010/01/17 17:22:07 | 00,465,166 | -H-- | M] () -- C:\WINNT\ShellIconCache [2010/01/17 17:16:39 | 00,000,569 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/17 17:16:15 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_348.dat [2010/01/16 22:42:31 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_354.dat [2010/01/16 21:19:20 | 00,000,280 | -HS- | M] () -- C:\Documents and Settings\sporteli\ntuser.ini [2010/01/16 21:00:57 | 00,000,538 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\VueScan.lnk [2010/01/16 20:09:53 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_300.dat [2010/01/16 19:38:56 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_320.dat [2010/01/16 15:00:09 | 00,001,166 | -H-- | M] () -- C:\Documents and Settings\sporteli\My Documents\Default.rdp [2010/01/16 14:46:20 | 00,036,865 | ---- | M] () -- C:\WINNT\System32\mssheatr.dll [2010/01/16 14:43:43 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_34c.dat [2010/01/16 08:22:10 | 00,002,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2010/01/16 07:09:59 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_854.dat [2010/01/15 07:23:40 | 00,180,240 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT [2010/01/15 07:05:42 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_790.dat [2010/01/15 00:32:08 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_340.dat [2010/01/14 07:32:28 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_324.dat [2010/01/12 15:03:21 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_78c.dat [2010/01/12 07:04:37 | 00,036,865 | ---- | M] () -- C:\WINNT\System32\msjuehus.dll [2010/01/12 07:03:46 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_388.dat [2010/01/09 19:16:08 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2f8.dat [2010/01/09 07:11:20 | 00,036,864 | ---- | M] () -- C:\WINNT\System32\msjgjzcu.dll [2010/01/09 07:10:15 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_71c.dat [2010/01/08 07:03:18 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_72c.dat [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys [2010/01/07 16:07:04 | 00,018,520 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys [2010/01/07 07:18:47 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5b0.dat [2010/01/07 07:00:36 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_6bc.dat [2010/01/06 07:09:27 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_67c.dat [2010/01/05 07:40:36 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5f8.dat [2010/01/05 07:23:29 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5d8.dat [2010/01/04 07:16:18 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4e4.dat [2010/01/02 07:18:25 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4b0.dat [2009/12/30 07:40:15 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4d8.dat [2009/12/30 07:21:56 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_524.dat [2009/12/28 11:23:12 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2ec.dat [2009/12/27 15:13:48 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4d0.dat [2009/12/27 07:52:12 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_510.dat [2009/12/26 10:53:28 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_1c70.dat [2009/12/26 07:55:09 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_120c.dat [2009/12/26 07:53:56 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_274.dat [2009/12/25 12:46:14 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2e0.dat [2009/12/25 11:16:55 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_378.dat [2009/12/24 15:41:14 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_35c.dat [2009/12/24 07:59:33 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_47c.dat [2009/12/24 07:36:51 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_3c0.dat [2009/12/23 08:12:48 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_44c.dat [2009/12/22 07:48:10 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_394.dat [2009/12/22 07:25:25 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4c0.dat [2009/12/20 10:33:23 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4e8.dat [2009/12/20 08:11:06 | 00,000,120 | ---- | M] () -- C:\WINNT\System32\7138178.exe [2009/12/19 21:42:14 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2ac.dat [2009/12/19 21:39:43 | 00,000,629 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\E-MAILI I HOTELIT.lnk [2009/12/19 21:36:55 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2d0.dat [2009/12/19 21:36:53 | 00,170,656 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ndis.sys [2009/12/19 21:30:28 | 00,000,120 | ---- | M] () -- C:\WINNT\System32\7552737.exe [2009/12/19 21:28:45 | 00,107,520 | RHS- | M] () -- C:\WINNT\het7upd.exe [2009/12/19 21:28:40 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2dc.dat [4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/01/17 17:44:03 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2cc.dat [2010/01/17 17:37:21 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2c0.dat [2010/01/17 17:36:02 | 00,000,116 | ---- | C] () -- C:\WINNT\System32\757890.BAT [2010/01/17 17:35:58 | 00,048,640 | ---- | C] () -- C:\WINNT\System32\2561086.exe [2010/01/17 17:35:58 | 00,036,865 | ---- | C] () -- C:\WINNT\System32\msnjkwfb.dll [2010/01/17 17:24:12 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2c8.dat [2010/01/17 17:16:39 | 00,000,569 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/01/17 17:16:15 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_348.dat [2010/01/16 22:44:18 | 00,465,166 | -H-- | C] () -- C:\WINNT\ShellIconCache [2010/01/16 22:42:31 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_354.dat [2010/01/16 20:09:53 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_300.dat [2010/01/16 19:38:56 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_320.dat [2010/01/16 14:46:20 | 00,036,865 | ---- | C] () -- C:\WINNT\System32\mssheatr.dll [2010/01/16 14:43:43 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_34c.dat [2010/01/16 07:09:59 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_854.dat [2010/01/16 07:09:49 | 00,000,032 | --S- | C] () -- C:\WINNT\System32\1755361127.dat [2010/01/15 07:05:42 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_790.dat [2010/01/15 00:32:08 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_340.dat [2010/01/14 07:32:28 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_324.dat [2010/01/12 15:03:21 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_78c.dat [2010/01/12 07:04:37 | 00,036,865 | ---- | C] () -- C:\WINNT\System32\msjuehus.dll [2010/01/12 07:03:46 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_388.dat [2010/01/09 19:16:08 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2f8.dat [2010/01/09 07:11:20 | 00,036,864 | ---- | C] () -- C:\WINNT\System32\msjgjzcu.dll [2010/01/09 07:10:15 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_71c.dat [2010/01/08 07:03:18 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_72c.dat [2010/01/07 07:18:47 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5b0.dat [2010/01/07 07:00:36 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_6bc.dat [2010/01/06 07:09:27 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_67c.dat [2010/01/05 07:40:36 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5f8.dat [2010/01/05 07:23:29 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5d8.dat [2010/01/04 07:16:18 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4e4.dat [2010/01/02 07:18:25 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4b0.dat [2009/12/30 07:40:15 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4d8.dat [2009/12/30 07:21:56 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_524.dat [2009/12/28 11:23:12 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2ec.dat [2009/12/27 15:13:48 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4d0.dat [2009/12/27 07:52:12 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_510.dat [2009/12/26 10:53:28 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_1c70.dat [2009/12/26 07:55:09 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_120c.dat [2009/12/26 07:53:56 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_274.dat [2009/12/25 12:46:14 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2e0.dat [2009/12/25 11:16:55 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_378.dat [2009/12/24 15:41:14 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_35c.dat [2009/12/24 07:59:33 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_47c.dat [2009/12/24 07:36:51 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3c0.dat [2009/12/23 08:12:48 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_44c.dat [2009/12/22 07:48:10 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_394.dat [2009/12/22 07:25:25 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4c0.dat [2009/12/20 10:33:23 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4e8.dat [2009/12/20 08:11:06 | 00,000,120 | ---- | C] () -- C:\WINNT\System32\7138178.exe [2009/12/19 21:42:14 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2ac.dat [2009/12/19 21:36:55 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2d0.dat [2009/12/19 21:33:13 | 31,616,000 | ---- | C] () -- C:\Documents and Settings\sporteli\Desktop\eav_nt32_enu.msi [2009/12/19 21:30:28 | 00,000,120 | ---- | C] () -- C:\WINNT\System32\7552737.exe [2009/12/19 21:28:46 | 00,107,520 | RHS- | C] () -- C:\WINNT\het7upd.exe [2009/12/19 21:28:40 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2dc.dat [2009/07/24 23:04:29 | 00,000,025 | ---- | C] () -- C:\WINNT\CDELQ300+II_Eu.ini [2009/02/01 04:44:35 | 01,290,240 | ---- | C] () -- C:\WINNT\System32\wmploc.dll [2009/02/01 04:44:35 | 01,122,304 | ---- | C] () -- C:\WINNT\System32\wmpui.dll [2009/02/01 04:44:35 | 00,270,336 | ---- | C] () -- C:\WINNT\System32\pdbrowse.dll [2009/02/01 04:44:35 | 00,184,320 | ---- | C] () -- C:\WINNT\System32\wmpcd.dll [2009/02/01 04:44:34 | 00,147,456 | ---- | C] () -- C:\WINNT\System32\CEWMDM.dll [2009/01/27 13:45:14 | 00,001,298 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2008/12/16 16:21:09 | 00,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll [2008/12/16 16:20:59 | 00,173,056 | ---- | C] () -- C:\WINNT\System32\qasf.dll [2008/12/16 16:01:58 | 00,001,078 | ---- | C] () -- C:\WINNT\ODBC.INI [2008/12/16 14:20:30 | 00,021,952 | -H-- | C] () -- C:\Program Files\folder.htt [2007/11/27 21:26:00 | 01,703,936 | ---- | C] () -- C:\WINNT\System32\nvwdmcpl.dll [2007/11/27 21:26:00 | 01,474,560 | ---- | C] () -- C:\WINNT\System32\nview.dll [2007/11/27 21:26:00 | 01,019,904 | ---- | C] () -- C:\WINNT\System32\nvwimg.dll [2007/11/27 21:26:00 | 00,466,944 | ---- | C] () -- C:\WINNT\System32\nvshell.dll [2007/11/27 21:26:00 | 00,286,720 | ---- | C] () -- C:\WINNT\System32\nvnt4cpl.dll [2005/04/01 07:00:00 | 00,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll [2005/04/01 07:00:00 | 00,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll [2005/04/01 07:00:00 | 00,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini [2005/04/01 07:00:00 | 00,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini [2005/04/01 07:00:00 | 00,000,023 | ---- | C] () -- C:\WINNT\welcome.ini [2003/09/17 11:13:54 | 00,815,104 | ---- | C] () -- C:\WINNT\System32\wmpcore.dll [2003/01/07 09:05:08 | 00,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI [2000/10/25 20:15:00 | 00,017,920 | ---- | C] () -- C:\WINNT\System32\Implode.dll [1999/10/26 03:00:00 | 00,028,672 | ---- | C] () -- C:\WINNT\System32\CRInf9.dll [1999/09/25 05:36:24 | 00,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys [1999/09/25 05:36:22 | 00,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys [1999/03/12 03:00:00 | 00,299,008 | ---- | C] () -- C:\WINNT\System32\Crutl14.dll [1999/03/12 03:00:00 | 00,045,056 | ---- | C] () -- C:\WINNT\System32\Crsybdtc14.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2005/04/01 07:00:00 | 00,150,528 | RHS- | M] () -- C:\arcldr.exe [2005/04/01 07:00:00 | 00,163,840 | RHS- | M] () -- C:\arcsetup.exe [2009/12/17 23:50:07 | 00,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT [2009/12/17 22:30:30 | 00,000,192 | -HS- | M] () -- C:\boot.ini [2009/08/06 01:43:44 | 11,923,854 | ---- | M] () -- C:\br.bmp [2009/12/17 23:50:07 | 00,000,000 | -H-- | M] () -- C:\CONFIG.SYS [2008/12/16 14:20:56 | 00,000,000 | RHS- | M] () -- C:\IO.SYS [2008/12/16 14:20:56 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2008/12/16 16:31:37 | 00,000,206 | ---- | M] () -- C:\mylog.log [2009/07/05 03:31:31 | 00,374,112 | ---- | M] (Nitro PDF Software ) -- C:\nitro_pdf_professional.exe [2005/04/01 07:00:00 | 00,034,724 | RHS- | M] () -- C:\NTDETECT.COM [2005/04/01 07:00:00 | 00,214,432 | RHS- | M] () -- C:\ntldr [2010/01/17 17:43:28 | 14,092,86144 | -HS- | M] () -- C:\pagefile.sys [2008/12/16 16:31:37 | 00,000,573 | ---- | M] () -- C:\RHDSetup.log [2010/01/17 17:43:58 | 00,000,000 | ---- | M] () -- C:\RTHDCPL_Dump.txt < MD5 for: AGP440.SYS > [2005/04/01 07:00:00 | 06,553,075 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:AGP440.sys [2008/12/16 15:52:59 | 10,066,272 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:AGP440.sys [2003/06/19 14:05:04 | 00,021,008 | ---- | M] (Microsoft Corporation) MD5=CDDB71A90077C93BEA5C72507F0B1394 -- C:\WINNT\ServicePackFiles\i386\agp440.sys < MD5 for: ATAPI.SYS > [2005/04/01 07:00:00 | 06,553,075 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:atapi.sys [2008/12/16 15:52:59 | 10,066,272 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:atapi.sys [2003/06/19 14:05:04 | 00,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\ServicePackFiles\i386\atapi.sys [2005/04/01 07:00:00 | 00,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2003/06/19 14:05:04 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\$NtUpdateRollupPackUninstall$\eventlog.dll [2003/06/19 14:05:04 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\ServicePackFiles\i386\eventlog.dll [2005/04/01 07:00:00 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\system32\dllcache\eventlog.dll [2005/04/01 07:00:00 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\system32\eventlog.dll < MD5 for: NETLOGON.DLL > [2003/06/19 14:05:04 | 00,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\ServicePackFiles\i386\netlogon.dll [2005/04/01 07:00:00 | 00,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\system32\dllcache\netlogon.dll [2005/04/01 07:00:00 | 00,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2003/06/19 14:05:04 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\$NtUpdateRollupPackUninstall$\scecli.dll [2003/06/19 14:05:04 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\ServicePackFiles\i386\scecli.dll [2005/04/01 07:00:00 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\system32\dllcache\scecli.dll [2005/04/01 07:00:00 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\system32\scecli.dll < %systemroot%\system32\*.dll /lockedfiles > [4 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\*. /mp /s > < %PROGRAMFILES%\*. > [2008/12/16 18:49:22 | 00,000,000 | ---D | M] -- C:\Program Files\Accessories [2009/07/16 01:31:52 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe [2009/01/25 09:07:59 | 00,000,000 | ---D | M] -- C:\Program Files\BitComet [2009/07/24 23:05:07 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files [2008/12/16 14:19:33 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications [2009/05/23 01:58:28 | 00,000,000 | ---D | M] -- C:\Program Files\Data Dynamics [2008/12/16 16:29:43 | 00,000,000 | ---D | M] -- C:\Program Files\Driver [2009/07/05 03:11:25 | 00,000,000 | ---D | M] -- C:\Program Files\EPSON [2009/12/19 21:30:48 | 00,000,000 | ---D | M] -- C:\Program Files\ESET [2009/01/27 13:48:39 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard [2009/01/27 13:46:56 | 00,000,000 | ---D | M] -- C:\Program Files\HP [2009/05/23 01:58:08 | 00,000,000 | ---D | M] -- C:\Program Files\Ingenuware [2009/10/18 11:18:05 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information [2009/12/17 22:31:34 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer [2010/01/17 17:16:39 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/05/23 01:52:12 | 00,000,000 | ---D | M] -- C:\Program Files\MapInfo MapX [2008/12/16 16:00:51 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync [2008/12/16 14:21:22 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage [2008/12/16 16:00:17 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office [2009/05/23 01:35:50 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server [2008/12/16 16:00:56 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET [2009/01/29 03:16:45 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0 [2009/12/17 22:31:45 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting [2009/12/17 22:31:32 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express [2008/12/16 16:25:43 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek [2009/01/25 08:25:08 | 00,000,000 | ---D | M] -- C:\Program Files\Remote Desktop Control [2009/05/23 01:51:38 | 00,000,000 | ---D | M] -- C:\Program Files\Seagate Software [2009/06/10 23:09:36 | 00,000,000 | R--D | M] -- C:\Program Files\Skype [2009/01/25 08:34:58 | 00,000,000 | ---D | M] -- C:\Program Files\TeamViewer [2009/05/23 01:36:10 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information [2009/12/17 22:31:47 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player [2008/12/16 15:54:05 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT [2008/12/16 14:48:16 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate [2009/12/18 00:01:10 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR [2009/01/25 08:16:54 | 00,000,000 | ---D | M] -- C:\Program Files\WinZip < %userprofile%\Desktop\*.* > [2009/12/18 00:28:29 | 00,001,359 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Alpha Platinum.exe.lnk [2009/05/26 23:04:17 | 00,092,160 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Copy of Template_Artikuj_Celje.xls [2008/08/02 04:33:40 | 05,498,912 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\delete_setup.exe [2009/12/19 21:39:43 | 00,000,629 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\E-MAILI I HOTELIT.lnk [2009/12/12 16:02:46 | 31,616,000 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\eav_nt32_enu.msi [2009/12/13 14:46:10 | 09,099,811 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Hamrick[1].VueScan.Pro.v8.5.39..rar [2009/12/08 21:36:26 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Karboni C.doc [2009/07/05 22:59:11 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\KONTRATE E KLIENTIT ME IMPERIAL HOTEL.doc [2009/02/12 08:43:14 | 01,122,294 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\logo.bmp [2009/12/02 14:35:07 | 00,081,920 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\menuja e resorantit per seminaret.doc [2009/07/02 23:19:12 | 00,002,416 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Microsoft Office Excel 2003.lnk [2009/12/08 21:14:06 | 00,002,416 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Microsoft Office Word 2003.lnk [2009/06/24 19:06:06 | 00,233,064 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\myspace_cube.pdf [2009/07/05 03:31:31 | 00,374,112 | ---- | M] (Nitro PDF Software ) -- C:\Documents and Settings\sporteli\Desktop\nitro_pdf_professional.exe [2009/12/03 15:57:21 | 00,071,168 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\OFERTA.doc [2009/10/19 13:23:47 | 00,009,062 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\OFERTA.eml [2009/12/11 10:23:11 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Rasti 1.doc [2009/12/17 15:07:01 | 00,001,473 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Remote Desktop Connection.lnk [2009/01/25 08:29:37 | 07,345,754 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\TeamViewer[1].4.0.Build.5459_.rar [2009/09/23 13:47:46 | 00,228,864 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Vizioni.doc [2009/12/13 14:18:56 | 06,751,440 | ---- | M] (Hamrick Software) -- C:\Documents and Settings\sporteli\Desktop\vuesca85.exe [2010/01/16 21:00:57 | 00,000,538 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\VueScan.lnk [2009/05/22 22:13:25 | 01,144,168 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\sporteli\Desktop\wlsetup-custom.exe [2009/06/26 03:41:17 | 00,018,586 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\WM speech Tirana.rtf [2009/12/16 11:17:48 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\sporteli\Desktop\~$nuja e resorantit per seminaret.doc < %userprofile%\Desktop\*. > [2010/01/09 19:16:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\Avira AntiVir Premium v9.0.0.455 [2009/05/14 01:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\DR [2010/01/08 19:02:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\G.Kormaku [2010/01/16 13:37:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\Gazmira [2009/10/18 12:20:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\LPT TO USB [2009/12/06 20:14:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\New Folder [2010/01/17 17:42:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\New Folder (2) [2010/01/17 17:27:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\New Folder (5) [2010/01/17 17:11:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\REGYSTRI < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-17 20:10:26 ========== Files - Unicode (All) ========== [2008/12/16 16:05:18 | 00,000,000 | R--D | M](C:\Documents and Settings\sporteli\My Documents\??) -- C:\Documents and Settings\sporteli\My Documents\安装 [2008/12/16 16:05:17 | 00,000,000 | R--D | C](C:\Documents and Settings\sporteli\My Documents\??) -- C:\Documents and Settings\sporteli\My Documents\安装 [2008/12/16 16:05:08 | 00,000,000 | R--D | M](C:\Documents and Settings\sporteli\My Documents\????) -- C:\Documents and Settings\sporteli\My Documents\使用说明 [2008/12/16 16:05:07 | 00,000,000 | R--D | C](C:\Documents and Settings\sporteli\My Documents\????) -- C:\Documents and Settings\sporteli\My Documents\使用说明 ========== Alternate Data Streams ========== @Alternate Data Stream - 6584 bytes -> C:\Documents and Settings\sporteli\Desktop\logo.bmp:Q30lsldxJoudresxAaaqpcawXc < End of report > --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-17 17:31:07 Windows 5.0.2195 Service Pack 4 Running: gmer.exe; Driver: C:\DOCUME~1\sporteli\LOCALS~1\Temp\pwkiifod.sys ---- System - GMER 1.0.15 ---- INT 0x52 ? F9190044 INT 0x72 ? F925C844 INT 0xA2 ? F9190BE4 INT 0xA3 ? F91D6B64 INT 0xB1 ? F928F044 INT 0xB3 ? F91F5BE4 ---- Kernel code sections - GMER 1.0.15 ---- ? lljmn.sys The system cannot find the file specified. ! .reloc C:\WINNT\system32\drivers\NDIS.sys section is executable [0xF919B200, 0x2FBCA, 0xE0000060] .text C:\WINNT\system32\DRIVERS\nv4_mini.sys section is writeable [0xBF6AA360, 0x30AD87, 0xE8000020] .text ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] ---- User code sections - GMER 1.0.15 ---- .text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\WINNT\system32\services.exe[228] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FF947A4 .text C:\WINNT\system32\services.exe[228] ntdll.dll!NtCreateFile 77F8F9BA 3 Bytes CALL 7FF94715 .text C:\WINNT\system32\services.exe[228] ntdll.dll!NtCreateFile + 4 77F8F9BE 1 Byte [08] .text C:\WINNT\system32\services.exe[228] ntdll.dll!NtQueryInformationProcess 77F93351 3 Bytes CALL 7FF947F2 .text C:\WINNT\system32\services.exe[228] ntdll.dll!NtQueryInformationProcess + 4 77F93355 1 Byte [08] .text C:\WINNT\system32\services.exe[228] ntdll.dll!NtDeviceIoControlFile 77F950D4 5 Bytes CALL 7FF94A35 .text C:\WINNT\system32\services.exe[228] ntdll.dll!NtOpenFile 77F95337 5 Bytes CALL 7FF9479A .text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .reloc C:\WINNT\Explorer.EXE[1112] C:\WINNT\Explorer.EXE section is executable [0x0043C000, 0x7000, 0xE0000060] .reloc C:\WINNT\Explorer.EXE[1112] C:\WINNT\Explorer.EXE entry point in ".reloc" section [0x00442A0C] .text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] .text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4 .text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715 .text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2 .text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35 .text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08] .text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A .text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!LoadLibraryExA] [732E78DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WININET.dll [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WININET.dll [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WININET.dll [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \Driver\NDIS \Device\Ndis [F919F235] NDIS.sys[.reloc] ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] 0 ---- Files - GMER 1.0.15 ---- File C:\WINNT\system32\dllcache\ndis.sys (size mismatch) 200192/170656 bytes executable File C:\WINNT\system32\drivers\ndis.sys (size mismatch) 200192/170656 bytes executable File C:\WINNT\ServicePackFiles\i386\ndis.sys (size mismatch) 170928/170656 bytes executable ---- EOF - GMER 1.0.15 ---- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- LockSearch by jpshortstuff (05.11.09.1) Log created at 17:26 on 17/01/2010 (sporteli) Scanning C:\ C:\pagefile.sys ------------------------- C:\WINNT\system32\12520437y.exe ------------------------- C:\WINNT\system32\12520437y.exe [unable to get md5 : 80384 bytes] -=E.O.F=- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  4. DEAR schrauber HERE ARE MY LOGS! I HAVE ATTECHED THEM BELOW! THANK YOU FOR YOUR TIME AND HELP! PS. BY THE WAY I HAVE WINDOWS 2000! Rooter_1.txt ckfiles.txt Extras.Txt OTL.Txt GMER.txt LockSearch.txt mbam-log-2010-01-17 (17-42-22).txt
  5. Hello.

    Welcome to the forum.

  6. PLEASE HELP ME! I CANT OPEN ANYTHING WITH MY WORK COMPUTER! I CANT EVEN INSTALL AN ANTIVIRUS! MY COMP IS EVEN VERY SLOWLY! [PLEASE ANYONE HELP ME!