Solved virus help? [ebay login asking for personal info]

.text C:\WINDOWS\Explorer.EXE[1504] SHELL32.dll!ILFindChild + E8B 7C9F2BB4 4 Bytes [ 70, 04, 57, 01 ]
.text C:\WINDOWS\Explorer.EXE[1504] SHELL32.dll!ILFindChild + 175B 7C9F3484 4 Bytes [ 90, 03, E5, 01 ]
.text C:\WINDOWS\Explorer.EXE[1504] SHELL32.dll!ILFindChild + 177B 7C9F34A4 4 Bytes [ 70, 04, E5, 01 ]
.text C:\WINDOWS\Explorer.EXE[1504] SHELL32.dll!ILFindChild + 17B3 7C9F34DC 4 Bytes [ 00, 04, E5, 01 ]
.text C:\WINDOWS\Explorer.EXE[1504] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 1F38 7C9FE1C4 4 Bytes [ 00, 04, 57, 01 ]
.text C:\WINDOWS\Explorer.EXE[1504] SHELL32.dll!DllGetVersion + AC9 7CA00084 4 Bytes [ C0, 0C, E5, 01 ]
.text C:\WINDOWS\Explorer.EXE[1504] SHELL32.dll!ILLoadFromStream + 6D6 7CA06648 4 Bytes [ 10, 07, 57, 01 ]
.text C:\WINDOWS\Explorer.EXE[1504] SHELL32.dll!ILLoadFromStream + 9EE 7CA06960 4 Bytes [ F0, 00, 05, 02 ]
.text C:\WINDOWS\Explorer.EXE[1504] SHELL32.dll!ILLoadFromStream + BA6 7CA06B18 4 Bytes [ 10, 00, 57, 01 ]
.text C:\WINDOWS\Explorer.EXE[1504] SHELL32.dll!ILLoadFromStream + CB6 7CA06C28 4 Bytes [ 40, 02, 57, 01 ]
.text C:\WINDOWS\Explorer.EXE[1504] SHELL32.dll!DragQueryFileAorW + 3A07 7CA14934 4 Bytes [ D0, 08, 57, 01 ]
.text C:\WINDOWS\Explorer.EXE[1504] SHELL32.dll!DragQueryFileAorW + 40FF 7CA1502C 4 Bytes [ A0, 0D, 57, 01 ]
.text C:\WINDOWS\Explorer.EXE[1504] SHELL32.dll!DragQueryFileAorW + 41D7 7CA15104 4 Bytes [ B0, 09, 57, 01 ]
.text C:\WINDOWS\Explorer.EXE[1504] SHELL32.dll!DragQueryFileAorW + 4283 7CA151B0 4 Bytes [ 10, 0E, 57, 01 ]
.text C:\WINDOWS\Explorer.EXE[1504] SHELL32.dll!DragQueryFileAorW + 42A3 7CA151D0 4 Bytes [ 20, 0A, 57, 01 ]
.text ...

 

.text C:\WINDOWS\Explorer.EXE[1504] SHELL32.dll!InternalExtractIconListA + 2037 7CA1CF98 4 Bytes [ 60, 08, 57, 01 ]
.text C:\WINDOWS\Explorer.EXE[1504] SHELL32.dll!InternalExtractIconListA + 20F3 7CA1D054 4 Bytes [ 40, 09, 57, 01 ]
.text C:\WINDOWS\Explorer.EXE[1504] WS2_32.dll!send 71AB428A 5 Bytes JMP 01A62A1F
.text C:\WINDOWS\Explorer.EXE[1504] WS2_32.dll!WSARecv 71AB4318 5 Bytes JMP 01A62B11
.text C:\WINDOWS\Explorer.EXE[1504] WS2_32.dll!recv 71AB615A 5 Bytes JMP 01A62A57
.text C:\WINDOWS\Explorer.EXE[1504] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 01A62A8F
.text C:\WINDOWS\Explorer.EXE[1504] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 01A62B93
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1784] USER32.dll!VRipOutput + FFFA4DE7 7E412A78 2 Bytes [ D0, 11 ]
.text C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1784] USER32.dll!VRipOutput + FFFA4DEA 7E412A7B 1 Byte [ 30 ]
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] ADVAPI32.dll!CryptDestroyKey 77DEA544 7 Bytes JMP 01402C2D
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] ADVAPI32.dll!CryptDecrypt 77DEA7B1 7 Bytes JMP 01402BEA
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] ADVAPI32.dll!CryptEncrypt 77DF1558 7 Bytes JMP 01402BAE
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A1667 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A15E8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A162C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A1574 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A15AE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A16A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] SHELL32.dll!StrStrW + FFE28B75 7C9C5128 4 Bytes [ D0, 01, 1E, 7D ]
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] SHELL32.dll!StrStrW + FFE28B81 7C9C5134 4 Bytes [ 40, 02, 1E, 7D ]
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] SHELL32.dll!StrStrW + FFE2AB3D 7C9C70F0 4 Bytes [ F0, 07, 1E, 7D ]
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] SHELL32.dll!StrStrW + FFE2ABED 7C9C71A0 4 Bytes [ 60, 08, 1E, 7D ]
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] SHELL32.dll!StrStrW + FFE2CA1D 7C9C8FD0 4 Bytes [ 10, 07, 1E, 7D ]
.text ...
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] SHELL32.dll!ILFindChild + 80B 7C9F2534 4 Bytes [ 20, 03, 1E, 7D ]
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] SHELL32.dll!ILFindChild + 175B 7C9F3484 4 Bytes [ E0, 04, 1E, 7D ]
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] SHELL32.dll!ILFindChild + 177B 7C9F34A4 4 Bytes [ C0, 05, 1E, 7D ]
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] SHELL32.dll!ILFindChild + 17B3 7C9F34DC 4 Bytes [ 50, 05, 1E, 7D ]
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] WININET.dll!InternetCloseHandle 7805DA59 5 Bytes JMP 0140312E
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] WININET.dll!HttpOpenRequestA 78064341 5 Bytes JMP 01402E69
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] WININET.dll!InternetConnectA 7806499A 5 Bytes JMP 01402C48
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] WININET.dll!InternetReadFile 7806ABB4 5 Bytes JMP 014030DB
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] WININET.dll!HttpSendRequestA 7806CD40 5 Bytes JMP 01402FA9
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] WININET.dll!HttpSendRequestW 78080825 5 Bytes JMP 01403A64
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] CRYPT32.dll!CertGetCertificateChain 77A91243 5 Bytes JMP 0140360E
.text C:\Program Files\Internet Explorer\iexplore.exe[2540] CRYPT32.dll!CertVerifyCertificateChainPolicy 77A99A4C 5 Bytes JMP 01403617
? C:\Program Files\Viewpoint\Common\ViewpointService.exe[180] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\rundll32.exe[496] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\System32\hkcmd.exe[680] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\System32\hkcmd.exe[680] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-30475 "
DESC_StartMenuAdminTools= "@shell32.dll,-30476 "
DESC_StartMenuSmallIcons= "@shell32.dll,-30477 "
DESC_SHOWCONTROLPANEL = "@shell32.dll,-30497" ; IDS_ADV_FOLDER_SHOWCONTROLPANEL
DESC_FileFolder = "@shell32.dll,-
? C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[732] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\csrss.exe[736] C:\WINDOWS\system32\KERNEL32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\winlogon.exe[760] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\services.exe[804] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\lsass.exe[816] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\lsass.exe[816] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\lsass.exe[816] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-30475 "
DESC_StartMenuAdminTools= "@shell32.dll,-30476 "
DESC_StartMenuSmallIcons= "@shell32.dll,-30477 "
DESC_SHOWCONTROLPANEL = "@shell32.dll,-30497" ; IDS_ADV_FOLDER_SHOWCONTROLPANEL

 

DESC_FileFolder = "@shell32.dll,-
? C:\Program Files\dvd43\dvd43_tray.exe[936] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[972] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[980] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[980] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[980] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-30475 "
DESC_StartMenuAdminTools= "@shell32.dll,-30476 "
DESC_StartMenuSmallIcons= "@shell32.dll,-30477 "
DESC_SHOWCONTROLPANEL = "@shell32.dll,-30497" ; IDS_ADV_FOLDER_SHOWCONTROLPANEL
DESC_FileFolder = "@shell32.dll,-
? C:\WINDOWS\system32\svchost.exe[1044] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\System32\svchost.exe[1088] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\System32\svchost.exe[1148] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\System32\svchost.exe[1148] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\System32\svchost.exe[1148] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-30475 "
DESC_StartMenuAdminTools= "@shell32.dll,-30476 "
DESC_StartMenuSmallIcons= "@shell32.dll,-30477 "
DESC_SHOWCONTROLPANEL = "@shell32.dll,-30497" ; IDS_ADV_FOLDER_SHOWCONTROLPANEL
DESC_FileFolder = "@shell32.dll,-
? C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-30475 "
DESC_StartMenuAdminTools= "@shell32.dll,-30476 "
DESC_StartMenuSmallIcons= "@shell32.dll,-30477 "
DESC_SHOWCONTROLPANEL = "@shell32.dll,-30497" ; IDS_ADV_FOLDER_SHOWCONTROLPANEL
DESC_FileFolder = "@shell32.dll,-
? C:\WINDOWS\system32\ctfmon.exe[1260] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\ctfmon.exe[1260] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\ctfmon.exe[1260] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-30475 "
DESC_StartMenuAdminTools= "@shell32.dll,-30476 "
DESC_StartMenuSmallIcons= "@shell32.dll,-30477 "
DESC_SHOWCONTROLPANEL = "@shell32.dll,-30497" ; IDS_ADV_FOLDER_SHOWCONTROLPANEL
DESC_FileFolder = "@shell32.dll,-
? C:\Program Files\Canon\CAL\CALMAIN.exe[1448] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\Explorer.EXE[1504] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\Explorer.EXE[1504] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\Explorer.EXE[1504] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-30475 "
DESC_StartMenuAdminTools= "@shell32.dll,-30476 "
DESC_StartMenuSmallIcons= "@shell32.dll,-30477 "
DESC_SHOWCONTROLPANEL = "@shell32.dll,-30497" ; IDS_ADV_FOLDER_SHOWCONTROLPANEL
DESC_FileFolder = "@shell32.dll,-
? C:\WINDOWS\system32\spoolsv.exe[1672] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[1784] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[1804] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe[1828] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer[1].zip\gmer.exe[1908] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer[1].zip\gmer.exe[1908] C:\WINDOWS\system32\USER32.DLL time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\System32\svchost.exe[2028] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\Internet Explorer\iexplore.exe[2540] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\Internet Explorer\iexplore.exe[2540] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Program Files\Internet Explorer\iexplore.exe[2540] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: shell32.dll,-30475 "
DESC_StartMenuAdminTools= "@shell32.dll,-30476 "
DESC_StartMenuSmallIcons= "@shell32.dll,-30477 "
DESC_SHOWCONTROLPANEL = "@shell32.dll,-30497" ; IDS_ADV_FOLDER_SHOWCONTROLPANEL
DESC_FileFolder = "@shell32.dll,-
? C:\WINDOWS\System32\alg.exe[2680] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[2924] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch; unknown module: rasapi32.dll

 

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat klif.sys (spuper-ptor/Kaspersky Lab)

---- System - GMER 1.0.14 ----

Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

Device \Driver\Cdrom \Device\CdRom0 82873C86
Device \Driver\Cdrom \Device\CdRom1 82873C86
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort0 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort1 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\Disk \Device\Harddisk0\DR0 82873C86

---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior; MBR rootkit code detected <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 60: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior; malicious code @ sector 0x12a14c00 size 0x194
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR

---- Files - GMER 1.0.14 ----

File C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\PJMTZT19\showthread[1].htm 0 bytes

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\System32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] 82A89D10
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] 82A89DC0
IAT \SystemRoot\System32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] 82A89D10
IAT \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] 82A89DC0
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] 82A89D10
IAT \SystemRoot\System32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] 82A89D10
IAT \SystemRoot\System32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] 82A89D10
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] 82A89D10
IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] 82A89D10
IAT \SystemRoot\System32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] 82A89D10
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] 82A89D10
IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] 82A89D10
IAT \SystemRoot\system32\DRIVERS\usbccgp.sys[NTOSKRNL.EXE!IoCreateDevice] 82A89D10
IAT \SystemRoot\system32\DRIVERS\usbscan.sys[ntoskrnl.exe!IoCreateDevice] 82A89D10
IAT \SystemRoot\system32\DRIVERS\usbprint.sys[ntoskrnl.exe!IoCreateDevice] 82A89D10
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] 82A89D10
IAT \SystemRoot\System32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] 82A89D10
IAT \SystemRoot\System32\Drivers\ParVdm.SYS[ntoskrnl.exe!IoCreateDevice] 82A89D10
IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] 82A89D10
IAT \SystemRoot\System32\DRIVERS\ipfltdrv.sys[ntoskrnl.exe!IoCreateDevice] 82A89D10
IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] 82A89D10
IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] 82A89D10
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] 82A89D10
IAT \SystemRoot\System32\Drivers\Fastfat.SYS[ntoskrnl.exe!IoCreateDevice] 82A89D10
IAT \SystemRoot\system32\drivers\kmixer.sys[ntoskrnl.exe!IoCreateDevice] 82A89D10

 

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[180] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[180] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[180] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Viewpoint\Common\ViewpointService.exe[180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

 

IAT C:\WINDOWS\System32\hkcmd.exe[680] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Hardware\Mouse\point32.exe[696] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE[716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C883FB0] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[732] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C883FD8] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[732] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C883FC4] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[732] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C883F9C] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe[732] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C883FEC] C:\WINDOWS\system32\kernel32.dll (Windows NT BASE API Client DLL/Microsoft Corporation)

 

ok i did the rootkit thing but for the life of me i cant get all what it had scaned posted on here it says exceed then limit to shorten it so i had to copy and paste in sections and still not a quarter of way done so i gave up. is there a easier way for me to do it

 

You can stop there. Posts are limited to approximately 35,000 characters, which the log exceeds.

Download mbr.exe and save it to your desktop.
Double click mbr.exe to run it.
It will open and close very quickly and produce the file mbr.log on the desktop.
Double click mbr.log to open it and post it's contents.

 

here it is

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
MBR rootkit code detected !
malicious code @ sector 0x12a14c00 size 0x194 !
copy of MBR has been found in sector 62 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

 

mbr.exe MUST be on your desktop to complete the following.

Highlight and copy the following bolded command.

"%userprofile%\desktop\mbr.exe" -f

Click Start>Run, paste the command in the Run dialog then hit enter.
Reboot when the command window closes.
Check the mbr.log again to see if it has changed and post the contents here if it did.
If no change in the log, delete it, then double click mbr.exe to run it and post the new log.

 

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
MBR rootkit code detected !
malicious code @ sector 0x12a14c00 size 0x194 !
copy of MBR has been found in sector 62 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfully !

 

Please run gmer again as described above. When the scan completes, copy the results and save them to notepad. If the log is as big as the last, email it to me instead of posting, please. Put RE: smitRem in the subject line.

 

ok here it is


AttachedDevice \FileSystem\Ntfs \Ntfs klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \FileSystem\Fastfat \Fat klif.sys (spuper-ptor/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)

---- Threads - GMER 1.0.14 ----

Thread 4:428 82AA27D0
Thread 4:432 82AA27D0
Thread 4:436 82A73EB0
Thread 4:440 82A73EB0
Thread 4:444 82A73EB0

---- EOF - GMER 1.0.14 ----

 

Looks great. Please clear your temporary internet files again then see if the login behavior for ebay and aol persists.

 

I am happy to report this morning that all seem great. I can now long into both sites without any problems. I guess that last thing did the trick. I thank you for your kindness and patience and getting this resolved. I am glad you guys are here. This board is a great place to come to when you have problems.

 

That's great news! I recommend you run an online scan now, just to be sure.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC now button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Select the appropriate Yes or No to receiving marketing information
• Click the Free Online Scan button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the ActiveScan report along with a fresh HijackThis log.

 

ANALYSIS: 2008-06-19 18:11:21
PROTECTIONS: 2
MALWARE: 14
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Internet Security 8.0 No Yes
Kaspersky Anti-Virus 7.0.1.325 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00013869 adware/cydoor Adware No 0 Yes No c:\windows\cdmxtras
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
00139535 Application/Processor HackTools No 0 Yes No C:\RECYCLER\S-1-5-21-1482476501-2147157035-725345543-1003\Dc9\Process.exe
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[3].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt
02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes Yes C:\RECYCLER\S-1-5-21-1482476501-2147157035-725345543-1003\Dc9\Reboot.exe
;===================================================================================================================================================================================
SUSPECTS
Sent Location g
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description g
;===================================================================================================================================================================================
120815 HIGH MS06-022 g
;===================================================================================================================================================================================

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:16 PM, on 6/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Documents and Settings\Owner\Local Settings\Apps\2.0\3HE68H5T.BYG\47206TV7.7NQ\welc..tion_ed341256229a5208_0002.0000_4f8c4c808db87049\WelcomeHome.PRODUCTION.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800 "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe "
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe "
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.9.0.61/aces/aces-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.9.3.29/backgammon/backgammon-en_US.cab
O16 - DPF: Blackjack Carnival by pogo - http://game1.pogo.com/applet-6.8.1.38/vbjack2/vbjack2-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.8.0.32/cascade/cascade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.8.4.51/bowling/bowling-en_US.cab
O16 - DPF: Canasta by pogo - http://game1.pogo.com/applet-6.8.4.51/canasta/canasta-en_US.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.8.0.32/chess2/chess2-en_US.cab
O16 - DPF: Cribbage by pogo - http://game1.pogo.com/applet-6.8.0.32/cribbage/cribbage-en_US.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.7.5.28/domino/domino-en_US.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.8.1.30/firstclass2/firstclass2-en_US.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.9.0.43/superbingo/superbingo-en_US.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.7.5.21/harvest/harvest-en_US.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.8.4.51/drawpoker/drawpoker-en_US.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.8.4.51/pool2/pool-en_US.cab
O16 - DPF: Hog Heaven Slots by pogo - http://game1.pogo.com/applet-6.9.1.38/fancy/fancy-en_US.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.8.0.25/gin2/gin2-en_US.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.9.0.43/mhpoker/mhpoker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.8.4.51/lottso/lottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.7.5.21/mahjong/mahjong-en_US.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.9.0.43/paigow/paigow-en_US.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.9.0.43/freecell/freecell-en_US.cab
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.8.0.25/penguins/penguins-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.9.0.43/poppit2/poppit2-en_US.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.8.4.51/ride/ride-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.8.0.32/spider/spider-en_US.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.8.4.51/squelchies/squelchies-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.8.2.23/sweeper/sweeper-en_US.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.8.3.35/sweettooth/sweettooth-en_US.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.8.1.30/holdem/holdem-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.8.4.51/peaks/peaks-en_US.cab
O16 - DPF: Word Craft by pogo - http://game1.pogo.com/applet-6.8.3.35/babble/babble-en_US.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.9.3.29/worldclass/worldclass-en_US.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\IOGEAR\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10286 bytes

 

Looks good. Click Start>Run and type or paste the following command then hit enter to uninstall gmer.

%systemroot%\gmer_uninstall.cmd

Delete the folder C:\Deckard
Delete gmer.exe, mbr.exe and the logs we've saved on the desktop.
Run ATF Cleaner, making sure to clean all temp files, prefetch and empty the recycle bin.

If you're satisfied that the computer is working properly, clear the System Restore points, in case they are infected.

Clear past system restore points and create a new one.
Right click My Computer and select Properties. On the System Restore tab, check the box to turn System Restore off. Click Apply. Now, uncheck the box and click Apply to turn System Restore back on. Click OK, then OK to close the System Properties dialog.

Verify a new restore point was created.
Click Start>All Programs>Accessories>System Tools>System Restore
Select 'Restore my computer to an earlier time', then click next.
You should have a newly created System Checkpoint available. If so, click Cancel. If not, click Back and select 'Create a restore point' then click Next. Give the restore point a name and click next.


Restart the computer to complete the uninstallation of gmer.


That should wrap things up.

 

everything is all good now and created a new restore point. Thanks again. Oh and can you tell me the best antivirus to have I had avg but i dont think it was very good in stopping this.