1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Malware corrupting Photo

Discussion in 'Malware and Virus Removal Archive' started by Fredb38, 2010/10/12.

  1. 2010/10/12
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    [Inactive] Malware corrupting Photo

    I have a problem with my photo's getting corrupted when downloaded to my computer.


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-10.03)

    Microsoft Windows 7 Enterprise
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/10/2010 6:23:27 PM
    System Uptime: 10/12/2010 7:03:12 AM (4 hours ago)

    Motherboard: ECS | | Nettle2
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket M2 | 2600/201mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 326 GiB total, 200.869 GiB free.
    D: is FIXED (NTFS) - 9 GiB total, 1.204 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is Removable
    H: is FIXED (NTFS) - 466 GiB total, 235.373 GiB free.
    I: is FIXED (NTFS) - 466 GiB total, 331.948 GiB free.
    J: is FIXED (NTFS) - 932 GiB total, 293.15 GiB free.
    K: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0000
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter
    PNP Device ID: ROOT\*ISATAP\0000
    Service: tunnel

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Teredo Tunneling Adapter
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel

    ==== System Restore Points ===================

    RP280: 10/10/2010 5:38:46 PM - Removed Disney Interactive Studios
    RP281: 10/11/2010 9:29:38 PM - Removed Scan
    RP282: 10/11/2010 9:30:22 PM - Removed Destinations
    RP283: 10/11/2010 9:30:41 PM - Installed Scan
    RP284: 10/11/2010 9:31:07 PM - Installed Destinations
    RP285: 10/12/2010 8:07:35 AM - Windows Update

    ==== Installed Programs ======================


    1st Free Solitaire 1.7.1
    2010 Hallmark Mother's/Father's Day Card Pack
    32 Bit HP CIO Components Installer
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.0
    Aimersoft Audio Converter(Build 2.2.0.37)
    Aimersoft DVD Copy(Build 2.0.0.16)
    Aimersoft DVD Creator(Build 2.1.1.0)
    Aimersoft DVD Ripper(Build 2.2.0.27)
    Aimersoft DVD Studio Pack(Build 2.2.0.19)
    Aimersoft Video Converter(Build 2.2.0.19)
    AIO_CDA_ProductContext
    AIO_CDA_Software
    AIO_Scan
    All Media Fixer 2008 9.07
    All Media Fixer 9.06
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Software Update
    ArcSoft Collage Creator
    Ashampoo Burning Studio 10.0.4
    Ashampoo ClipFisher1.21
    Ashampoo Movie Shrink & Burn 3 3.03
    Ashampoo Music Studio 3 3.51
    Ashampoo Office 2010
    Ashampoo Photo Commander 8.0.0
    Ashampoo Slideshow Studio HD 1.0.3
    Ashampoo Snap 4.1.0
    Ashampoo WinOptimizer 7.10
    Audacity 1.2.6
    Avidemux 2.5
    AviSynth 2.5
    AVS Update Manager 1.0
    AVS Video Converter 7
    AVS4YOU Software Navigator 1.4
    Backup4all Professional 4
    Belltech Business Card Designer Pro 5.2.3
    Boilosft AVI to VCD SVCD DVD Converter 3.81
    BufferChm
    C4100
    c4100_Help
    Candy Land - Dora the Explorer Edition 1.00
    CCleaner
    CDex - Open Source Digital Audio CD Extractor
    Collage Maker
    Compatibility Pack for the 2007 Office system
    Convert VOB to AVI 1.7
    ConvertXtoDVD 4.1.2.336
    Cool MP3 Splitter 3.0
    Copy
    Coupon Printer for Windows
    DesignPro 5
    Destinations
    DeviceDiscovery
    DocProc
    Dora Fairytale Adventure
    DriverAgent by eSupport.com
    DVD Shrink 3.2
    ESET Smart Security
    Fax
    ffdshow (remove only)
    Foxit PDF Editor
    Foxit Phantom
    Free Audio CD Burner version 1.2
    Free YouTube to MP3 Converter version 3.3
    Garmin City Navigator North America 2009
    Garmin MapSource
    Garmin USB Drivers
    Google Earth Plug-in
    Google Gmail Notifier
    Google Update Helper
    GPBaseService2
    Hallmark Card Studio 2010 Deluxe
    HP Customer Participation Program 13.0
    HP Imaging Device Functions 13.0
    HP Photosmart All-In-One Driver Software 13.0 Rel. A
    HP Photosmart Essential 3.5
    HP Smart Web Printing 4.51
    HP Solution Center 13.0
    HP Update
    HPPhotoGadget
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    HPProductAssistant
    HPSSupply
    ImgBurn
    IrfanView (remove only)
    iSkysoft Video Converter Ultimate(Build 2.3.2.2)
    Java Auto Updater
    Java(TM) 6 Update 20
    Jungle Games
    Junk Mail filter update
    K-Lite Codec Pack 6.1.0 (Basic)
    Karen's Directory Printer
    Lernout & Hauspie TruVoice American English TTS Engine
    LimeWire PRO 4.17.0
    Magic FLAC to MP3 Converter 3.71
    Malwarebytes' Anti-Malware
    MarketResearch
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office Access database engine 2007 (English)
    Microsoft Office Professional Edition 2003
    Microsoft Research AutoCollage 2008 version 1.1
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Streets & Trips 2010
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable Package
    Microsoft Visual C++ Run Time Lib Setup
    Mindful version 2
    Morpheus Photo Animation Suite v3.11
    Mozilla Firefox (3.6.10)
    mp3Tag 5.9.0.406
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Network
    Nitro PDF Professional
    NVIDIA Display Control Panel
    NVIDIA Drivers
    OCR Software by I.R.I.S. 13.0
    OGA Notifier 2.0.0048.0
    OJOsoft Audio Converter
    OJOsoft Total Video Converter
    Peggle Deluxe 1.0
    Photodex Presenter
    Picasa 3
    Picture Collage Maker Pro 2.2.5
    PowerISO
    ProShow Gold
    PVSonyDll
    Quicken 2010
    QuickTime
    Realtek High Definition Audio Driver
    RegCure
    RenameMaestro v5.0 - the easy way to rename files and folders -
    Sansa Updater
    Scan
    SceneGrabber.NET
    Scrabble Plus 1.00
    ScrabblePLUS v1.0
    SeaTools for Windows
    Serif PagePlus X4
    Serif PagePlus X4 Resources
    Serif PagePlus: Business Card Template Pack 1
    Serif PhotoPlus X4
    Shop for HP Supplies
    SmartWebPrinting
    Snagit 10
    SolutionCenter
    Spybot - Search & Destroy
    Status
    Striata Reader
    SyncBackPro
    System Requirements Lab
    Toolbox
    Trailer Life Directory Campground Navigator 2009 - SP1
    TravelTrak Ver. 3.14
    TrayApp
    TurboTax 2009
    TurboTax 2009 wgaiper
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wrapper
    Ultra Video Joiner 5.2.0108
    Uniblue DriverScanner
    Uniblue PowerSuite
    Uniblue RegistryBooster
    Uniblue SpeedUpMyPC
    UnloadSupport
    Video-AVI to GIF-JPEG 3.1
    VirtualDubMOD 1.5.10.3 US
    Visual C++ 9.0 CRT (x86) WinSXS MSM
    Visual C++ 9.0 OpenMP (x86) WinSXS MSM
    VLC media player 1.1.4
    WebReg
    Win7codecs
    WinAVI Video Converter
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Mail
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Encoder 9 Series
    Windows Media Player Firefox Plugin
    WinRAR archiver
    WinZip 14.5
    XviD Video Codec (remove only)
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    10/12/2010 7:04:08 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    10/12/2010 7:03:49 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The system cannot find the path specified.
    10/11/2010 9:00:33 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.
    10/11/2010 8:54:50 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4.

    ==== End Of File ===========================



    DDS (Ver_10-10-10.03) - NTFSx86
    Run by Fredb38 at 11:23:11.50 on Tue 10/12/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.3454.2220 [GMT -4:00]

    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
    C:\Windows\system32\NLSSRV32.EXE
    C:\Windows\system32\NMSAccessU.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Felitec\Mindful 2\Mindful.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Users\Fredb38\AppData\Roaming\userwin.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Streets & Trips 2010\StreetsOlkShim.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Windows\system32\DllHost.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    c:\program files\windows defender\MpCmdRun.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Fredb38\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://search.babylon.com/home?AF=14797
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: {00c6482d-c502-44c8-8409-fce54ad9c208} - SnagIt Toolbar Loader
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} -
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [userwin] "c:\users\fredb38\appdata\roaming\userwin.exe" /silent
    mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
    mRun: [Mindful 2] "c:\program files\felitec\mindful 2\Mindful.exe "
    mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    AppInit_DLLs: WLControl.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\fredb38\appdata\roaming\mozilla\firefox\profiles\3zifenak.fred user\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
    FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
    FF - component: c:\program files\mozilla firefox\extensions\{c79fd05a-0976-7fed-df06-e6249b98e346}\components\5fcd49b7.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
    FF - plugin: c:\program files\win7codecs\rm\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\win7codecs\rm\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\wat\npWatWeb.dll
    FF - HiddenExtension: LoudMo Contextual Ad Assistant: No Registry Reference - c:\program files\mozilla firefox\extensions\{8c67aaa4-a39e-e2d9-3ed6-4b5088d3d8ce}
    FF - HiddenExtension: z: No Registry Reference - c:\program files\mozilla firefox\extensions\{c79fd05a-0976-7fed-df06-e6249b98e346}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);

    ============= SERVICES / DRIVERS ===============

    R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-4-27 731840]
    R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-4-27 38240]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-10-11 304464]
    R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\nitro pdf\professional\NitroPDFDriverService.exe [2010-2-2 188736]
    R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-2-2 65856]
    R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-3-10 20952]
    R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-1 136176]
    S2 SBSDWSCService;SBSD Security Center Service; [x]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2010-9-30 23456]
    S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-11 1343400]

    ============== File Associations ===============

    JSEFile=NOTEPAD.EXE %1

    =============== Created Last 30 ================

    2010-10-12 12:07:56 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{cc1d367b-353f-4f4f-abfa-f63481a7aace}\mpengine.dll
    2010-10-12 11:17:35 -------- d-----w- c:\program files\common files\HP
    2010-10-11 00:47:03 -------- d-----w- c:\program files\Photodex
    2010-10-05 18:21:51 676352 ----a-w- c:\users\fredb38\appdata\roaming\init.exe
    2010-10-05 13:59:03 676352 ----a-w- c:\users\fredb38\appdata\roaming\userwin.exe
    2010-10-04 12:26:38 59496 ----a-w- c:\windows\system32\RtkCoInst.dll
    2010-10-04 12:26:38 367208 ----a-w- c:\windows\system32\RtkApoApi.dll
    2010-10-04 12:26:38 3596392 ----a-w- c:\windows\system32\RtkAPO.dll
    2010-10-04 12:26:38 1798248 ----a-w- c:\windows\system32\RtkPgExt.dll
    2010-10-04 12:26:37 3112360 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
    2010-10-04 12:26:37 1084008 ----a-w- c:\windows\system32\RTSndMgr.cpl
    2010-09-30 16:26:05 -------- d-----w- c:\users\fredb38\appdata\roaming\WinBatch
    2010-09-30 11:41:00 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
    2010-09-30 02:35:05 -------- d-----w- c:\progra~2\Driver Whiz
    2010-09-30 00:35:40 -------- d-----w- c:\progra~2\NVIDIA Corporation
    2010-09-30 00:35:30 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-09-30 00:34:42 56936 ----a-w- c:\windows\system32\OpenCL.dll
    2010-09-30 00:34:42 11008040 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2010-09-30 00:34:41 4553832 ----a-w- c:\windows\system32\nvcuda.dll
    2010-09-30 00:34:41 2892904 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-09-30 00:34:41 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-09-30 00:34:41 14092904 ----a-w- c:\windows\system32\nvoglv32.dll
    2010-09-30 00:34:39 236136 ----a-w- c:\windows\system32\nvcod1922.dll
    2010-09-30 00:34:39 236136 ----a-w- c:\windows\system32\nvcod.dll
    2010-09-30 00:34:39 1625192 ----a-w- c:\windows\system32\nvapi.dll
    2010-09-30 00:34:39 10267240 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-09-30 00:34:35 -------- d-----w- C:\NVIDIA
    2010-09-30 00:02:27 -------- d-----w- c:\program files\SystemRequirementsLab
    2010-09-29 03:59:26 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2010-09-28 17:57:18 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-28 17:57:11 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
    2010-09-28 11:52:00 -------- d-----w- c:\windows\pss
    2010-09-23 02:13:32 -------- d-----w- c:\users\fredb38\appdata\roaming\The Lion King
    2010-09-23 02:04:10 -------- d-----w- C:\DISNEY
    2010-09-23 00:19:02 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
    2010-09-23 00:12:58 -------- d-----w- c:\program files\Disney Interactive Studios
    2010-09-22 22:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2010-09-22 22:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
    2010-09-22 21:31:00 -------- d-----w- c:\program files\PowerISO
    2010-09-22 18:03:26 -------- d-----w- c:\program files\PopCap Games
    2010-09-22 12:43:18 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol500.dll
    2010-09-22 12:43:18 466944 ----a-w- c:\program files\mozilla firefox\plugins\NPcol400.dll
    2010-09-22 12:43:18 -------- d-----w- c:\users\fredb38\appdata\roaming\Catalina Marketing Corp
    2010-09-22 12:43:15 521760 ----a-w- c:\users\fredb38\appdata\roaming\microsoft\windows\start menu\programs\catalina marketing corp\UninstallCouponActivator.exe
    2010-09-21 13:47:56 -------- d-----w- c:\progra~2\Reflexive
    2010-09-21 13:47:20 -------- d-----w- c:\windows\Peggle Deluxe
    2010-09-21 13:28:41 720896 ----a-w- c:\windows\iun6002ev.exe
    2010-09-21 13:21:21 -------- d-----w- c:\progra~2\PopCap Games
    2010-09-21 02:05:39 43906011 ----a-w- c:\windows\system32\xa11797388.exe
    2010-09-21 02:05:37 43906011 ----a-w- c:\windows\system32\xa11795235.exe
    2010-09-20 22:49:57 -------- d-----w- c:\program files\Alcohol Soft
    2010-09-20 22:48:12 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-09-20 22:34:26 -------- d-----w- c:\program files\common files\Vivendi Universal Games
    2010-09-20 22:34:26 -------- d-----w- c:\progra~2\Vivendi Universal Games
    2010-09-20 20:54:05 -------- d-----w- c:\program files\common files\Barbie
    2010-09-20 20:40:37 -------- d-----w- c:\progra~2\Trymedia
    2010-09-18 21:53:24 87608 ----a-w- c:\users\fredb38\appdata\roaming\inst.exe
    2010-09-15 11:40:05 34308 ----a-w- c:\progra~2\mazuki.dll
    2010-09-15 11:19:37 316928 ----a-w- c:\windows\system32\spoolsv.exe

    ==================== Find3M ====================

    2010-09-18 21:53:24 47360 ----a-w- c:\users\fredb38\appdata\roaming\pcouffin.sys
    2010-09-09 22:39:14 2826240 ----a-w- c:\windows\system32\GPhotos.scr
    2010-09-08 15:17:46 94208 ------w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 15:17:46 69632 ------w- c:\windows\system32\QuickTime.qts
    2010-08-30 00:38:35 34310 ------w- c:\windows\system32\Chip.dll
    2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
    2010-07-23 15:46:54 153600 ------w- c:\windows\system32\IS_ContextMenu.dll
    2010-07-19 23:19:18 153600 ------w- c:\windows\system32\AI_ContextMenu.dll

    ============= FINISH: 11:23:43.15 ===============
     
    Fredb38,
    #1
  2. 2010/10/12
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them, and read the links above for educational value!

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.

    And I did see some Malware already...
     
    Admin.,
    #2


  3. to hide this advert.

  4. 2010/10/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Be more specific, please.

    ==================================================================

    STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt


    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.


    STEP 3. Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.



    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #3
  5. 2010/10/12
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4806

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    10/12/2010 9:09:32 PM
    mbam-log-2010-10-12 (21-09-32).txt

    Scan type: Full scan (C:\|D:\|H:\|I:\|J:\|)
    Objects scanned: 308926
    Time elapsed: 1 hour(s), 8 minute(s), 4 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 8

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Microwsoft (Malware.Trace) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Users\Fredb38\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SQ8FV0JP\faggot[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    C:\Users\Fredb38\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SQ8FV0JP\XRSHIT[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    C:\Users\Fredb38\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T7PUH1CA\ILoveYou[1].exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
    C:\Users\Fredb38\AppData\Roaming\2051.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    C:\Users\Fredb38\AppData\Roaming\7838.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    C:\Users\Fredb38\AppData\Roaming\8515.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
    C:\Users\Fredb38\AppData\Roaming\dthwdiggm.exe (Trojan.Dialer.Gen) -> Quarantined and deleted successfully.
    C:\Users\Fredb38\AppData\Roaming\Newcrypt.exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-10-12 21:34:27
    Windows 6.1.7600
    Running: spd7ibyw.exe; Driver: C:\Users\Fredb38\AppData\Local\Temp\kwldyfob.sys


    ---- System - GMER 1.0.15 ----

    INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83047AF8
    INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83047104
    INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830473F4
    INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F634
    INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8302F898
    INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830471DC
    INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83047958
    INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830476F8
    INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83047F2C
    INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830481A8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C60599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C84F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    ? System32\drivers\gdqibme.sys The system cannot find the path specified. !
    ? System32\Drivers\spxe.sys The system cannot find the path specified. !
    PAGE PCIIDEX.SYS!DllUnload 8C1F5606 5 Bytes JMP 85A251D8
    PAGE ataport.SYS!DllUnload + 1 8C222AD7 4 Bytes JMP 85A221D9
    .text USBPORT.SYS!DllUnload 91C4BCA0 5 Bytes JMP 870BD1D8
    .text aiunptej.SYS 941A7000 12 Bytes [44, 28, 03, 83, EE, 26, 03, ...] {INC ESP; SUB [EBX], AL; SUB ESI, 0x26; ADD EAX, [EBX-0x7cfcf860]}
    .text aiunptej.SYS 941A700D 188 Bytes [07, 03, 83, 48, 2B, 03, 83, ...]
    .text aiunptej.SYS 941A70CA 28 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text aiunptej.SYS 941A70E7 23 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]
    .text aiunptej.SYS 941A70FF 27 Bytes [4E, 0E, 10, 0F, D2, 0D, 94, ...]
    .text ...
    .text peauth.sys A1606C9D 28 Bytes [55, 23, CC, 91, 62, C6, 29, ...]
    .text peauth.sys A1606CC1 28 Bytes [55, 23, CC, 91, 62, C6, 29, ...]
    PAGE peauth.sys A160CB9B 72 Bytes [CE, 19, C0, 2D, 06, 38, 28, ...]
    PAGE peauth.sys A160CBEC 111 Bytes [A7, 96, 93, D6, 5A, 3A, 71, ...]
    PAGE peauth.sys A160CE20 101 Bytes [8B, 51, 70, C3, 8B, 24, CC, ...]
    PAGE ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[908] ntdll.dll!LdrLoadDll 7773F625 5 Bytes JMP 012413F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
    .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1672] kernel32.dll!SetUnhandledExceptionFilter 775B3162 4 Bytes [C2, 04, 00, 00]

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8C01B90E] \SystemRoot\System32\Drivers\spxe.sys
    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8C01BF9C] \SystemRoot\System32\Drivers\spxe.sys
    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8C01B3E6] \SystemRoot\System32\Drivers\spxe.sys
    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8C01C178] \SystemRoot\System32\Drivers\spxe.sys
    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8C01B1D4] \SystemRoot\System32\Drivers\spxe.sys
    IAT \SystemRoot\System32\Drivers\aiunptej.SYS[USBD.SYS!USBD_CreateConfigurationRequestEx] 6A1A6A00

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74332494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74315624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743156E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7433250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74328573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74324D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743250CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743251A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [743266D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743282CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74328819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7432907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7432E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3060] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74324C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\system32\RunDll32.exe[3692] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75785E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\RunDll32.exe[3692] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75785E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\RunDll32.exe[3692] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75785E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\RunDll32.exe[3692] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75785E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\RunDll32.exe[3692] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75785E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\system32\RunDll32.exe[3692] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75785E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 866DE1F8

    AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

    Device \Driver\usbohci \Device\USBPDO-0 870CE1F8
    Device \Driver\usbehci \Device\USBPDO-1 87070470
    Device \Driver\PCI_PNP5600 \Device\00000056 spxe.sys
    Device \Driver\nvstor \Device\00000063 866DC1F8
    Device \Driver\volmgr \Device\HarddiskVolume1 85A241F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\nvstor \Device\00000064 866DC1F8
    Device \Driver\USBSTOR \Device\00000071 85A5B3D0
    Device \Driver\volmgr \Device\HarddiskVolume2 85A241F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\cdrom \Device\CdRom0 86E3D1F8
    Device \Driver\volmgr \Device\HarddiskVolume3 85A241F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\NetBT \Device\NetBT_Tcpip_{AD093BE0-7CCC-4BFD-8479-78CD661C9FFE} 86E251F8
    Device \Driver\cdrom \Device\CdRom1 86E3D1F8
    Device \Driver\atapi \Device\Ide\IdePort0 85A271F8
    Device \Driver\atapi \Device\Ide\IdePort1 85A271F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 85A271F8
    Device \Driver\volmgr \Device\HarddiskVolume4 85A241F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\cdrom \Device\CdRom2 86E3D1F8
    Device \Driver\USBSTOR \Device\00000074 85A5B3D0
    Device \Driver\volmgr \Device\HarddiskVolume5 85A241F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\volmgr \Device\HarddiskVolume6 85A241F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\USBSTOR \Device\00000076 85A5B3D0
    Device \Driver\volmgr \Device\HarddiskVolume7 85A241F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\USBSTOR \Device\00000077 85A5B3D0
    Device \Driver\NetBT \Device\NetBt_Wins_Export 86E251F8
    Device \Driver\USBSTOR \Device\00000078 85A5B3D0
    Device \Driver\USBSTOR \Device\00000079 85A5B3D0
    Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    Device \Driver\nvstor \Device\RaidPort0 866DC1F8
    Device \Driver\nvstor \Device\RaidPort1 866DC1F8
    Device \Driver\usbohci \Device\USBFDO-0 870CE1F8
    Device \Driver\USBSTOR \Device\0000007a 85A5B3D0
    Device \Driver\usbehci \Device\USBFDO-1 87070470
    Device \Driver\USBSTOR \Device\0000007b 85A5B3D0
    Device \Driver\sptd \Device\2618809600 spxe.sys
    Device \Driver\aiunptej \Device\Scsi\aiunptej1 869321F8
    Device \Driver\aiunptej \Device\Scsi\aiunptej1Port4Path0Target0Lun0 869321F8

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3D 0x60 0x91 0xD0 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xFB 0xB0 0xA7 0x80 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x58 0x10 0x6A 0xC5 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3D 0x60 0x91 0xD0 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xFB 0xB0 0xA7 0x80 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x58 0x10 0x6A 0xC5 ...
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Fredb38\Downloads\Ashampoo AIO Updated 2010\Ashampoo\xae Slideshow Studio HD\ashampoo_slideshow_studio_hd_1.0.2_sm.exe 1
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Fredb38\Downloads\Ashampoo AIO Updated 2010\Ashampoo\xae Burning Studio 9 Theme Pack\ashampoo_burning_studio_9_theme_pack_100_sm.exe 1

    ---- EOF - GMER 1.0.15 ----

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Enterprise Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: ECS
    BIOS Manufacturer: Phoenix Technologies, LTD
    System Manufacturer: HP-Pavilion
    System Product Name: GN556AAR-ABA a6200n
    Logical Drives Mask: 0x000007fc

    Kernel Drivers (total 196):
    0x82C1D000 \SystemRoot\system32\ntkrnlpa.exe
    0x8302D000 \SystemRoot\system32\halmacpi.dll
    0x80B9A000 \SystemRoot\system32\kdcom.dll
    0x83213000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x8321E000 \SystemRoot\system32\PSHED.dll
    0x8322F000 \SystemRoot\system32\BOOTVID.dll
    0x83237000 \SystemRoot\system32\CLFS.SYS
    0x83279000 \SystemRoot\system32\CI.dll
    0x83324000 \SystemRoot\System32\drivers\gdqibme.sys
    0x83332000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x833A3000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8C019000 \SystemRoot\System32\Drivers\spxe.sys
    0x8C112000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x8C11B000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x8C141000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x8C189000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x8C191000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x8C19C000 \SystemRoot\system32\DRIVERS\pci.sys
    0x8C1C6000 \SystemRoot\System32\drivers\partmgr.sys
    0x8C1D7000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x833B1000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8C1E7000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x8C1EE000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x8C000000 \SystemRoot\System32\drivers\mountmgr.sys
    0x83200000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x8C20D000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x8C230000 \SystemRoot\system32\DRIVERS\nvstor.sys
    0x8C255000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8C29C000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x8C2A5000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8C2D9000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8C435000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8C564000 \SystemRoot\System32\Drivers\msrpc.sys
    0x8C58F000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8C5A2000 \SystemRoot\System32\Drivers\cng.sys
    0x8C400000 \SystemRoot\System32\drivers\pcw.sys
    0x8C40E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x8C2EA000 \SystemRoot\system32\drivers\ndis.sys
    0x8C3A1000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8C611000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x8C636000 \SystemRoot\System32\drivers\tcpip.sys
    0x8C77F000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8C7B0000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x8C7B9000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x8C7F8000 \SystemRoot\System32\Drivers\spldr.sys
    0x8C83D000 \SystemRoot\System32\drivers\rdyboost.sys
    0x8C86A000 \SystemRoot\System32\Drivers\mup.sys
    0x8C87A000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x8C882000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8C8B4000 \SystemRoot\system32\DRIVERS\disk.sys
    0x8C8C5000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x8C937000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8C956000 \SystemRoot\System32\Drivers\Null.SYS
    0x8C95D000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8C964000 \SystemRoot\system32\DRIVERS\ehdrv.sys
    0x8C981000 \SystemRoot\System32\drivers\vga.sys
    0x8C98D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8C9AE000 \SystemRoot\System32\drivers\watchdog.sys
    0x8C9BB000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8C9C3000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8C9CB000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x8C9D3000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8C9DE000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8C800000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8C817000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x92004000 \SystemRoot\system32\drivers\afd.sys
    0x9205E000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x92090000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x92097000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x920B6000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x920C4000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x920D7000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x920E7000 \SystemRoot\System32\Drivers\SCDEmu.SYS
    0x920F5000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x92136000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x92140000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x9214A000 \SystemRoot\System32\drivers\discache.sys
    0x92156000 \SystemRoot\system32\drivers\csc.sys
    0x921BA000 \SystemRoot\System32\Drivers\dfsc.sys
    0x921D2000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x921E0000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x8C822000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x921F2000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8C9EC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8C600000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x91C27000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x91C72000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x91C81000 \SystemRoot\system32\DRIVERS\VSTBS23.SYS
    0x91CCD000 \SystemRoot\system32\DRIVERS\ks.sys
    0x9082A000 \SystemRoot\system32\DRIVERS\VSTDPV3.SYS
    0x9092C000 \SystemRoot\system32\DRIVERS\VSTCNXT3.SYS
    0x909E1000 \SystemRoot\system32\drivers\modem.sys
    0x91D01000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x90800000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x91D2D000 \SystemRoot\system32\DRIVERS\nvm62x32.sys
    0x93636000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x940B4000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x940B6000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x9416D000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x941A6000 \SystemRoot\System32\Drivers\aiunptej.SYS
    0x941DD000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x941EA000 \SystemRoot\system32\DRIVERS\Epfwndis.sys
    0x93600000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x93612000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x9362A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x91D82000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x91DA4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x91DBC000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x91DD3000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x941F5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x9081F000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x909EE000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x97609000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x9764D000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x9921C000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x99513000 \SystemRoot\system32\drivers\portcls.sys
    0x99542000 \SystemRoot\system32\drivers\drmk.sys
    0x9A870000 \SystemRoot\System32\win32k.sys
    0x9955B000 \SystemRoot\System32\drivers\Dxapi.sys
    0x99565000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x99572000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x9957C000 \SystemRoot\System32\Drivers\dump_nvstor.sys
    0x995A1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x995B2000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x9AAD0000 \SystemRoot\System32\TSDDD.dll
    0x995BD000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x995D4000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x995D6000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0x995E4000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0x995EF000 \SystemRoot\system32\DRIVERS\dot4usb.sys
    0x9765E000 \SystemRoot\system32\DRIVERS\Dot4.sys
    0x9AB00000 \SystemRoot\System32\cdd.dll
    0x99200000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x97682000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
    0x9768B000 \SystemRoot\system32\drivers\luafv.sys
    0x976A6000 \SystemRoot\system32\drivers\WudfPf.sys
    0x976C0000 \SystemRoot\system32\DRIVERS\epfw.sys
    0x976E3000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x976F3000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x97706000 \SystemRoot\system32\drivers\HTTP.sys
    0x9778B000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x977A4000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x977B6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x8C8EA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x977D9000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x91C18000 \SystemRoot\system32\DRIVERS\epfwwfp.sys
    0xA1601000 \SystemRoot\system32\drivers\peauth.sys
    0xA1698000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA16A2000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xA16C3000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA16D0000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA171F000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA202A000 \SystemRoot\system32\DRIVERS\eamon.sys
    0xA2107000 \??\C:\Windows\system32\drivers\mbam.sys
    0xA2175000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0xA217E000 \??\C:\Users\Fredb38\AppData\Local\Temp\kwldyfob.sys
    0x776E0000 \Windows\System32\ntdll.dll
    0x47890000 \Windows\System32\smss.exe
    0x77920000 \Windows\System32\apisetschema.dll
    0x00910000 \Windows\System32\autochk.exe
    0x10000000 \Program Files\Alcohol Soft\Alcohol 120\Alcoholx.dll
    0x77870000 \Windows\System32\advapi32.dll
    0x77640000 \Windows\System32\usp10.dll
    0x77860000 \Windows\System32\normaliz.dll
    0x77560000 \Windows\System32\kernel32.dll
    0x774B0000 \Windows\System32\rpcrt4.dll
    0x77420000 \Windows\System32\clbcatq.dll
    0x77850000 \Windows\System32\lpk.dll
    0x772C0000 \Windows\System32\ole32.dll
    0x771C0000 \Windows\System32\wininet.dll
    0x77170000 \Windows\System32\gdi32.dll
    0x770A0000 \Windows\System32\user32.dll
    0x77830000 \Windows\System32\sechost.dll
    0x77010000 \Windows\System32\oleaut32.dll
    0x76FE0000 \Windows\System32\imagehlp.dll
    0x76390000 \Windows\System32\shell32.dll
    0x76190000 \Windows\System32\iertutil.dll
    0x76170000 \Windows\System32\imm32.dll
    0x76110000 \Windows\System32\shlwapi.dll
    0x76040000 \Windows\System32\msctf.dll
    0x75F00000 \Windows\System32\urlmon.dll
    0x75EA0000 \Windows\System32\difxapi.dll
    0x77820000 \Windows\System32\psapi.dll
    0x75E90000 \Windows\System32\nsi.dll
    0x75CF0000 \Windows\System32\setupapi.dll
    0x75C70000 \Windows\System32\comdlg32.dll
    0x75BC0000 \Windows\System32\msvcrt.dll
    0x75B80000 \Windows\System32\ws2_32.dll
    0x75B30000 \Windows\System32\Wldap32.dll
    0x75A10000 \Windows\System32\crypt32.dll
    0x759C0000 \Windows\System32\KernelBase.dll
    0x75930000 \Windows\System32\comctl32.dll
    0x75900000 \Windows\System32\cfgmgr32.dll
    0x758E0000 \Windows\System32\devobj.dll
    0x758B0000 \Windows\System32\wintrust.dll
    0x758A0000 \Windows\System32\msasn1.dll

    Processes (total 60):
    0 System Idle Process
    4 System
    380 C:\Windows\System32\smss.exe
    524 csrss.exe
    584 C:\Windows\System32\wininit.exe
    596 csrss.exe
    640 C:\Windows\System32\services.exe
    656 C:\Windows\System32\lsass.exe
    664 C:\Windows\System32\lsm.exe
    720 C:\Windows\System32\winlogon.exe
    804 C:\Windows\System32\svchost.exe
    888 C:\Windows\System32\svchost.exe
    976 C:\Windows\System32\svchost.exe
    1012 C:\Windows\System32\svchost.exe
    1044 C:\Windows\System32\svchost.exe
    1228 C:\Windows\System32\svchost.exe
    1364 C:\Windows\System32\svchost.exe
    1516 C:\Windows\System32\spoolsv.exe
    1552 C:\Windows\System32\svchost.exe
    1672 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    1704 C:\Windows\System32\svchost.exe
    1760 C:\Windows\System32\svchost.exe
    1784 C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
    1824 C:\Windows\System32\svchost.exe
    1888 C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
    1916 C:\Windows\System32\NLSSRV32.EXE
    1956 C:\Windows\System32\NMSAccessU.exe
    2044 C:\Windows\System32\svchost.exe
    420 C:\Program Files\Photodex\ProShowGold\scsiaccess.exe
    412 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    756 C:\Windows\System32\svchost.exe
    1876 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2332 C:\Windows\System32\SearchIndexer.exe
    2412 C:\Windows\System32\svchost.exe
    2684 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2916 C:\Windows\System32\taskhost.exe
    3008 C:\Windows\System32\dwm.exe
    3060 C:\Windows\explorer.exe
    3360 C:\Program Files\ESET\ESET Smart Security\egui.exe
    3368 C:\Program Files\Felitec\Mindful 2\Mindful.exe
    3376 C:\Program Files\Google\Gmail Notifier\gnotify.exe
    3404 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    3464 C:\Program Files\Windows Sidebar\sidebar.exe
    3556 C:\Users\Fredb38\AppData\Roaming\userwin.exe
    3580 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    2388 C:\Windows\System32\svchost.exe
    2804 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
    212 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    2908 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    3280 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    3752 C:\Windows\System32\svchost.exe
    908 C:\Program Files\Mozilla Firefox\firefox.exe
    3884 C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
    2872 dllhost.exe
    1924 C:\Windows\servicing\TrustedInstaller.exe
    3124 C:\Windows\System32\svchost.exe
    1140 C:\Windows\System32\audiodg.exe
    2596 C:\Users\Fredb38\Downloads\MBRCheck.exe
    4004 C:\Windows\System32\conhost.exe
    4076 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000051`9e997600 (NTFS)
    \\.\H: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)
    \\.\I: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
    \\.\J: --> \\.\PhysicalDrive4 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: ST3360320AS, Rev: 3.CH
    PhysicalDrive3 Model Number: SeagateFreeAgent, Rev: 102D
    PhysicalDrive2 Model Number: WDC WD5000AACS-00ZUB0, Rev:
    PhysicalDrive4 Model Number: SeagateFreeAgent, Rev: 0132

    Size Device Name MBR Status
    --------------------------------------------
    335 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    465 GB \\.\PhysicalDrive3 RE: Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    465 GB \\.\PhysicalDrive2 RE: Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
    931 GB \\.\PhysicalDrive4 RE: Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
    Fredb38,
    #4
  6. 2010/10/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You didn't answer my question regarding corrupted images.
     
    broni,
    #5
  7. 2010/10/12
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    Fredb38,
    #6
  8. 2010/10/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK. Where are those pictures from?
    Do they look fine on a website?
    What program do you open them with?
    Do they open fully and then they start to gray out, or....?
     
    broni,
    #7
  9. 2010/10/12
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    I am sending you this note from my laptop as my desktop just quiet. My desktop for some reason rebooted and never came back. When trying to start the computer it gets to the HP screen and then stops. Something inside I guess quiet.
     
    Fredb38,
    #8
  10. 2010/10/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    See, if you can boot into Safe Mode, or Last known Good Config.
     
    broni,
    #9
  11. 2010/10/12
    Fredb38

    Fredb38 Well-Known Member Thread Starter

    Joined:
    2003/05/30
    Messages:
    182
    Likes Received:
    0
    No nothing works. I think its finished. It won't boot from recovery disk. Maybe my problem all along was it was trying to die. I really felt that my problem was a hard ware problem.
    Thanks for the help
     
    Fredb38,
    #10
  12. 2010/10/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're welcome :)

    Try to start new topic in Windows, or hardware forum....
     
    broni,
    #11

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...