1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Virtual Memory out of control

Discussion in 'Malware and Virus Removal Archive' started by carmex1, 2009/12/26.

  1. 2009/12/26
    carmex1

    carmex1 Inactive Thread Starter

    Joined:
    2009/12/26
    Messages:
    4
    Likes Received:
    0
    [Inactive] Virtual Memory out of control

    My virtual memory for the process "SERVICES.EXE" is sitting at about 900,000k and it has dramatically slowed down my laptop. I am not sure if this is a virus or maybe something wrong with my laptop itself. I am unable to do a system restore. Any help would be greatly appreciated it. thanks!

    DDS (Ver_09-12-01.01) - FAT32x86
    Run by Acer at 10:17:04.26 on Sat 12/26/2009
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.190 [GMT -6:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    SVCHOST.EXE
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    SVCHOST.EXE
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    SVCHOST.EXE
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\acer\epm\epm-dm.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Acer\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    mDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Page = hxxp://www.google.com
    mStart Page = hxxp://www.google.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    mURLSearchHooks: H - No File
    BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - AskBar BHO
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &ESPN: {ae6f2894-af10-4c9c-b16e-1dfc6ff8c0c6} - c:\program files\espn\toolbar\DIGToolBar.dll
    TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [LaunchApp] Alaunch
    mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [LManager] c:\program files\launch manager\QtZgAcer.EXE
    mRun: [EPSON Stylus CX4200 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200 "
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [epm-dm] c:\acer\epm\epm-dm.exe
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    uPolicies-explorer: NoViewOnDrive = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1005.cab
    DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} - hxxp://nba.tom.com/video/tcastV1.cab
    DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\acer\applic~1\mozilla\firefox\profiles\olzai0nb.default\
    FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - plugin: c:\documents and settings\acer\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-9 64288]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-23 333192]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-23 28424]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-23 360584]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-12-23 906520]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-23 285392]
    R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-3-17 1174152]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]

    =============== Created Last 30 ================

    2009-12-24 22:37:57 0 d-----w- c:\windows\system32\NtmsData
    2009-12-23 13:28:56 0 d--h--w- C:\$AVG
    2009-12-23 13:28:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-12-23 13:28:15 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-12-23 13:27:57 0 d-----w- c:\windows\system32\drivers\Avg
    2009-12-23 13:27:47 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-12-23 13:27:15 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
    2009-12-21 13:00:25 61952 ------w- c:\windows\system32\dllcache\tdc.ocx
    2009-12-19 16:23:29 0 d-----w- c:\program files\ABC
    2009-12-09 17:40:33 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2009-12-09 16:34:34 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-12-09 16:30:14 0 d--h--w- c:\docume~1\alluse~1\applic~1\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
    2009-12-08 21:23:53 0 d-----w- c:\program files\Trend Micro
    2009-12-08 19:01:56 0 d-----w- c:\docume~1\acer\applic~1\uTorrent
    2009-12-08 16:04:17 0 d-----w- c:\program files\uTorrent

    ==================== Find3M ====================

    2009-12-16 14:11:20 18030130 ----a-w- c:\docume~1\alluse~1\applic~1\vlc-1.0.3-win32.exe
    2009-12-08 13:03:56 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-10-29 19:08:22 3070976 ------w- c:\windows\system32\dllcache\mshtml.dll
    2009-10-29 05:38:24 667136 ----a-w- c:\windows\system32\WININET.DLL
    2009-10-29 05:38:24 667136 ------w- c:\windows\system32\dllcache\wininet.dll
    2009-10-29 05:38:22 627712 ------w- c:\windows\system32\dllcache\urlmon.dll
    2009-10-29 05:38:22 1509888 ------w- c:\windows\system32\dllcache\shdocvw.dll
    2009-10-28 13:12:52 18527244 ----a-w- c:\docume~1\alluse~1\applic~1\vlc-1.0.2-win32.exe
    2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:38:36 75776 ------w- c:\windows\system32\dllcache\strmfilt.dll
    2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-21 05:38:36 25088 ------w- c:\windows\system32\dllcache\httpapi.dll
    2009-10-20 16:20:16 265728 ------w- c:\windows\system32\dllcache\http.sys
    2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
    2009-10-13 10:30:16 270336 ------w- c:\windows\system32\dllcache\oakley.dll
    2009-10-12 13:38:20 149504 ----a-w- c:\windows\system32\rastls.dll
    2009-10-12 13:38:20 149504 ------w- c:\windows\system32\dllcache\rastls.dll
    2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
    2009-10-12 13:38:18 79872 ------w- c:\windows\system32\dllcache\raschap.dll
    2009-10-11 10:17:28 411368 ----a-w- c:\windows\system32\deploytk.dll
    2008-11-10 14:55:26 10860 ----a-w- c:\program files\common files\sogepumomy._sy
    2008-11-10 14:55:26 10126 ----a-w- c:\program files\common files\oxoqi.sys

    ============= FINISH: 10:17:22.89 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/15/2006 6:47:45 PM
    System Uptime: 12/26/2009 9:19:12 AM (1 hours ago)

    Motherboard: Acer, Inc. | | Crane II
    Processor: Intel(R) Pentium(R) M processor 1.60GHz | U1 | 1596/400mhz

    ==== Disk Partitions =========================

    C: is FIXED (FAT32) - 75 GiB total, 0.581 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/Wireless 2200BG Network Connection
    Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27018086&REV_05\4&1D3F0FBB&0&18F0
    Manufacturer: Intel(R) Corporation
    Name: Intel(R) PRO/Wireless 2200BG Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27018086&REV_05\4&1D3F0FBB&0&18F0
    Service: w29n51

    ==== System Restore Points ===================

    RP937: 11/30/2009 4:46:10 PM - System Checkpoint
    RP938: 12/2/2009 8:29:22 AM - System Checkpoint
    RP939: 12/3/2009 3:27:56 PM - System Checkpoint
    RP940: 12/4/2009 4:40:53 PM - System Checkpoint
    RP941: 12/7/2009 4:07:10 PM - System Checkpoint
    RP942: 12/9/2009 7:10:58 AM - Software Distribution Service 3.0
    RP943: 12/9/2009 10:20:36 AM - Removed Ad-Aware
    RP944: 12/10/2009 1:28:01 PM - System Checkpoint
    RP945: 12/12/2009 2:35:51 PM - System Checkpoint
    RP946: 12/14/2009 4:04:58 PM - System Checkpoint
    RP947: 12/16/2009 1:27:03 PM - System Checkpoint
    RP948: 12/17/2009 9:50:23 AM - Avira AntiVir Personal - 12/17/2009 9:50
    RP949: 12/18/2009 12:54:10 PM - System Checkpoint
    RP950: 12/21/2009 7:15:54 AM - System Checkpoint
    RP951: 12/22/2009 7:02:24 AM - Software Distribution Service 3.0
    RP952: 12/22/2009 2:35:34 PM - Restore Operation
    RP953: 12/22/2009 2:54:20 PM - Restore Operation
    RP954: 12/23/2009 7:27:15 AM - Installed AVG Free 9.0
    RP955: 12/23/2009 7:58:05 AM - Avg8 Update

    ==== Installed Programs ======================

    µTorrent
    ABC (remove only)
    Acer eManager for Notebook
    Acer ePowerManagement
    Ad-Aware
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.1.0
    Adobe Shockwave Player 11
    Advanced SystemCare 3
    AIM 6
    Arcade 3.0
    ArcSoft PhotoImpression 5
    Ask Toolbar
    AutoUpdate
    AVG Free 9.0
    CCleaner (remove only)
    Conexant AC-Link Audio
    Critical Update for Windows Media Player 11 (KB959772)
    DAEMON Tools Toolbar
    DivX
    DivX Web Player
    EPSON CX 4200 4800 Guide
    EPSON Printer Software
    EPSON Scan
    ESPN RunTime
    Full Tilt Poker
    Google Chrome
    Google Toolbar for Internet Explorer
    HijackThis 2.0.2
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Intel(R) Graphics Media Accelerator Driver for Mobile
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 3
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 8
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 17
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6 Update 1
    Launch Manager
    Malwarebytes' Anti-Malware
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft IntelliPoint 6.3
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Move Networks Media Player for Internet Explorer
    Mozilla Firefox (3.0.5)
    MSN Messenger 7.5
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NTI Backup NOW! 3
    NTI CD & DVD-Maker
    NTI CD & DVD-Maker Gold
    Octoshape add-in for Adobe Flash Player
    PowerDVD
    PowerProducer
    Primo
    QuickTime
    Runtime
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB976325)
    Smart Defrag 1.11
    SoftV92 Data Fax Modem with SmartCP
    Sonic UDF Reader
    Sony Picture Utility
    Sports Interaction Poker
    Starcraft
    Symantec KB-DocID:2003093015493306
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515 drivers.
    TIxx21/x515
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Ventrilo Client
    VLC media player 0.9.2
    WebFldrs XP
    Winamp (remove only)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver

    ==== Event Viewer Messages From Past Week ========

    12/26/2009 9:25:34 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Notebook Manager Service service to connect.
    12/26/2009 9:03:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep eeCtrl
    12/26/2009 8:59:04 AM, error: Dhcp [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 00C09FAA0E52 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

    ==== End Of File ===========================
     
    carmex1,
    #1
  2. 2009/12/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I can see some Norton's leftovers.
    Please, run Norton Removal Tool: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

    ===================================================================

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Installer under Version 2.0.2
    [DO NOT download version 2.0.3 (beta)]
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

  4. 2009/12/28
    carmex1

    carmex1 Inactive Thread Starter

    Joined:
    2009/12/26
    Messages:
    4
    Likes Received:
    0
    i apologize for my delayed response.. but here is the logs.

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 12/28/2009 at 10:04 AM

    Application Version : 4.32.1000

    Core Rules Database Version : 4411
    Trace Rules Database Version: 2243

    Scan type : Quick Scan
    Total Scan Time : 00:39:51

    Memory items scanned : 419
    Memory threats detected : 0
    Registry items scanned : 473
    Registry threats detected : 0
    File items scanned : 33255
    File threats detected : 0


    Malwarebytes' Anti-Malware 1.41
    Database version: 2775
    Windows 5.1.2600 Service Pack 3

    12/27/2009 4:46:23 PM
    mbam-log-2009-12-27 (16-46-23).txt

    Scan type: Quick Scan
    Objects scanned: 96377
    Time elapsed: 3 minute(s), 56 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2009-12-28 11:04:16
    Windows 5.1.2600 Service Pack 3
    Running: f4uk4fnc.exe; Driver: C:\DOCUME~1\Acer\LOCALS~1\Temp\awnyapoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF86F387E]
    SSDT spkp.sys ZwEnumerateKey [0xF8580CA4]
    SSDT spkp.sys ZwEnumerateValueKey [0xF8581032]
    SSDT spkp.sys ZwOpenKey [0xF85620C0]
    SSDT spkp.sys ZwQueryKey [0xF858110A]
    SSDT spkp.sys ZwQueryValueKey [0xF8580F8A]
    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF86F3BFE]

    INT 0x62 ? 82F8ABF8
    INT 0x63 ? 82B5EDF8
    INT 0x73 ? 82B5EDF8
    INT 0xA4 ? 82B5EDF8
    INT 0xB4 ? 82B5EDF8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!_abnormal_termination + 169 804E27C5 3 Bytes [0C, 58, F8] {OR AL, 0x58; CLC }
    .text ntoskrnl.exe!_abnormal_termination + 228 804E2884 2 Bytes [C0, 20]
    .text ntoskrnl.exe!_abnormal_termination + 22B 804E2887 1 Byte [F8]
    ? spkp.sys The system cannot find the file specified. !
    .text USBPORT.SYS!DllUnload F82278AC 5 Bytes JMP 82B5E3D8
    init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF820C23F]
    .text aj26tcw7.SYS F7BE4386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
    .text aj26tcw7.SYS F7BE43AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text aj26tcw7.SYS F7BE43C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
    .text aj26tcw7.SYS F7BE43C9 1 Byte [30]
    .text aj26tcw7.SYS F7BE43C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[788] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 010C299A
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[788] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 010C294A
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[788] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 010C290E
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[788] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 010C28F2
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[788] WS2_32.dll!send 71AB4C27 5 Bytes JMP 010C277E
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[788] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 010C2870
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[788] WS2_32.dll!recv 71AB676F 5 Bytes JMP 010C27B6
    .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[788] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 010C27EE
    .text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 0162299A
    .text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 0162294A
    .text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 0162290E
    .text C:\WINDOWS\Explorer.EXE[1472] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 016228F2
    .text C:\WINDOWS\Explorer.EXE[1472] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0162277E
    .text C:\WINDOWS\Explorer.EXE[1472] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01622870
    .text C:\WINDOWS\Explorer.EXE[1472] WS2_32.dll!recv 71AB676F 5 Bytes JMP 016227B6
    .text C:\WINDOWS\Explorer.EXE[1472] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 016227EE
    .text C:\Program Files\Messenger\msmsgs.exe[3352] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00D8299A
    .text C:\Program Files\Messenger\msmsgs.exe[3352] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00D8294A
    .text C:\Program Files\Messenger\msmsgs.exe[3352] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00D8290E
    .text C:\Program Files\Messenger\msmsgs.exe[3352] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D828F2
    .text C:\Program Files\Messenger\msmsgs.exe[3352] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D8277E
    .text C:\Program Files\Messenger\msmsgs.exe[3352] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00D82870
    .text C:\Program Files\Messenger\msmsgs.exe[3352] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D827B6
    .text C:\Program Files\Messenger\msmsgs.exe[3352] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D827EE
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3712] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00DC299A
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3712] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00DC294A
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3712] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00DC290E
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3712] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DC28F2
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3712] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DC277E
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3712] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DC2870
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3712] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DC27B6
    .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[3712] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DC27EE
    .text C:\Program Files\AVG\AVG9\avgemc.exe[3788] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 0242299A
    .text C:\Program Files\AVG\AVG9\avgemc.exe[3788] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 0242294A
    .text C:\Program Files\AVG\AVG9\avgemc.exe[3788] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 0242290E
    .text C:\Program Files\AVG\AVG9\avgemc.exe[3788] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 024228F2
    .text C:\Program Files\AVG\AVG9\avgemc.exe[3788] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0242277E
    .text C:\Program Files\AVG\AVG9\avgemc.exe[3788] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02422870
    .text C:\Program Files\AVG\AVG9\avgemc.exe[3788] WS2_32.dll!recv 71AB676F 5 Bytes JMP 024227B6
    .text C:\Program Files\AVG\AVG9\avgemc.exe[3788] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 024227EE
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 0113299A
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 0113294A
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 0113290E
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 011328F2
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0113277E
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01132870
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] WS2_32.dll!recv 71AB676F 5 Bytes JMP 011327B6
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3844] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 011327EE

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82F8F2D8
    IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8593C4C] spkp.sys
    IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8593CA0] spkp.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8563042] spkp.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F856313E] spkp.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F85630C0] spkp.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8563800] spkp.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F85636D6] spkp.sys
    IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82B5E4D8
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8572E9C] spkp.sys
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!swprintf] 001CB286
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8186
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C83
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8E868801
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CAA86
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!MmUnmapIoSpace] 80968B00
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IofCompleteRequest] 001C9C96
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IofCallDriver] 001CB986
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] BA86880C
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB86
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!sprintf] 968D5140
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C90
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!ObfDereferenceObject] 2266E852
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!ZwClose] 1CAC8E8D
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00002254
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoCreateDevice] 00001C98
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 2242E850
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!ZwOpenKey] 1CB4968D
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoStartTimer] 00002230
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoInitializeTimer] 001CBB8E
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CBD8688
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CBB86
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C90
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2202E851
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CAC868D
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!MmUnlockPages] 000021F0
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CBB8E
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CBD8688
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CBB96
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!KeSetTimer] F6317300
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!_allmul] 74070647
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CBD
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!_aulldiv] 03087408
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!strstr] 72F93B3F
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CBD
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CBE8E
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC086
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoAllocateIrp] 81E85000
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000021
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB88E
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!MmLockPagableDataSection] BC968B00
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CC48E
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!ExFreePoolWithTag] C8968900
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!InitSafeBootMode] CCC68150
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!PoCallDriver] 002157E8
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!memmove] 18C48300
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[HAL.dll!KfRaiseIrql] 00001CA9
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[HAL.dll!KfLowerIrql] 0E798366
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
    IAT \SystemRoot\System32\Drivers\aj26tcw7.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Fastfat \FatCdrom 82F881F8

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    Device \Driver\sptd \Device\3469400718 spkp.sys

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    Device \Driver\ACPI \Device\00000050 82C87D80
    Device \Driver\usbuhci \Device\USBPDO-0 82B5D1F8
    Device \Driver\usbuhci \Device\USBPDO-1 82B5D1F8
    Device \Driver\ACPI \Device\00000045 82C87D80
    Device \Driver\ACPI \Device\00000046 82C87D80
    Device \Driver\usbuhci \Device\USBPDO-2 82B5D1F8
    Device \Driver\ACPI \Device\00000047 82C87D80
    Device \Driver\usbuhci \Device\USBPDO-3 82B5D1F8
    Device \Driver\ACPI \Device\00000054 82C87D80
    Device \Driver\usbehci \Device\USBPDO-4 82B30500
    Device \Driver\ACPI \Device\00000061 82C87D80
    Device \Driver\ACPI \Device\00000055 82C87D80
    Device \Driver\ACPI \Device\00000048 82C87D80

    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\ACPI \Device\00000056 82C87D80
    Device \Driver\ACPI \Device\00000049 82C87D80
    Device \Driver\ACPI \Device\00000057 82C87D80
    Device \Driver\Ftdisk \Device\HarddiskVolume1 82F8B1F8
    Device \Driver\ACPI \Device\00000058 82C87D80
    Device \Driver\Cdrom \Device\CdRom0 82AF51F8
    Device \Driver\Cdrom \Device\CdRom1 82AF51F8
    Device \Driver\atapi \Device\Ide\IdePort0 [F84BEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F84BEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F84BEB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
    Device \Driver\ACPI \Device\00000066 82C87D80
    Device \Driver\ACPI \Device\00000069 82C87D80
    Device \Driver\NetBT \Device\NetBt_Wins_Export 82B64500
    Device \Driver\ACPI \Device\0000004a 82C87D80
    Device \Driver\ACPI \Device\0000004b 82C87D80
    Device \Driver\NetBT \Device\NetbiosSmb 82B64500
    Device \Driver\ACPI \Device\0000004c 82C87D80
    Device \Driver\NetBT \Device\NetBT_Tcpip_{1C5BB177-3B7D-4876-B5FB-DBC9BFED6470} 82B64500
    Device \Driver\PCI_PNP9468 \Device\0000004e spkp.sys
    Device \Driver\ACPI \Device\0000005b 82C87D80
    Device \Driver\ACPI \Device\0000005c 82C87D80

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\ACPI \Device\0000006a 82C87D80
    Device \Driver\ACPI \Device\0000006b 82C87D80
    Device \Driver\ACPI \Device\0000005f 82C87D80
    Device \Driver\usbuhci \Device\USBFDO-0 82B5D1F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{584033F4-FA00-45C7-B342-9D303B47A3E7} 82B64500
    Device \Driver\usbuhci \Device\USBFDO-1 82B5D1F8
    Device \Driver\ACPI \Device\0000006d 82C87D80
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 82B9A500
    Device \Driver\usbuhci \Device\USBFDO-2 82B5D1F8
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 82B9A500
    Device \Driver\usbuhci \Device\USBFDO-3 82B5D1F8
    Device \Driver\usbehci \Device\USBFDO-4 82B30500
    Device \Driver\Ftdisk \Device\FtControl 82F8B1F8
    Device \Driver\ACPI \Device\0000007e 82C87D80
    Device \Driver\ACPI \Device\0000007f 82C87D80
    Device \Driver\aj26tcw7 \Device\Scsi\aj26tcw71 82AE81F8
    Device \Driver\aj26tcw7 \Device\Scsi\aj26tcw71Port1Path0Target0Lun0 82AE81F8
    Device \FileSystem\Fastfat \Fat 82F881F8

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs 82CC0500
    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b6b595237
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1921339756
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1477173389
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5F 0x4F 0xAF 0x89 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDF 0x49 0xDB 0xD9 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xED 0xDE 0xAC 0x7F ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEB 0x48 0x8F 0xFD ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x32 0x29 0xFF 0x9C ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD7 0x8B 0xE1 0xB8 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x6D 0x18 0x46 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBE 0xB4 0x41 0xC6 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x24 0x8B 0x82 0xE9 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x19 0xA0 0x0D 0x5B ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBE 0xB4 0x41 0xC6 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000b6b595237 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5F 0x4F 0xAF 0x89 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDF 0x49 0xDB 0xD9 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xED 0xDE 0xAC 0x7F ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xEB 0x48 0x8F 0xFD ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x32 0x29 0xFF 0x9C ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xD7 0x8B 0xE1 0xB8 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x6D 0x18 0x46 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBE 0xB4 0x41 0xC6 ...

    ---- EOF - GMER 1.0.15 ----
     
    carmex1,
    #3
  5. 2009/12/28
    carmex1

    carmex1 Inactive Thread Starter

    Joined:
    2009/12/26
    Messages:
    4
    Likes Received:
    0
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:30:41 AM, on 12/28/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\acer\epm\epm-dm.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Acer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://r.office.microsoft.com/r/rlidOfficeUpdate?clid=1033
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
    O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [EPSON Stylus CX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE /P26 "EPSON Stylus CX4200 Series" /O6 "USB001" /M "Stylus CX4200 "
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe "
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {9CA74596-B5BB-4634-971C-F0224115A15F} (tcast control) - http://nba.tom.com/video/tcastV1.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

    --
    End of file - 7432 bytes
     
    carmex1,
    #4
  6. 2009/12/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I don't see any security issues here. All logs are clean.
     
    broni,
    #5
  7. 2009/12/28
    carmex1

    carmex1 Inactive Thread Starter

    Joined:
    2009/12/26
    Messages:
    4
    Likes Received:
    0
    hmm.. i see.. thanks for your help.. im still having the virtual memory problem as well as a slow startup. I think i may have to reformat.
     
    carmex1,
    #6
  8. 2009/12/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You still may want to repost at Windows forum to get more attention.
     
    broni,
    #7

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...