BestTechie Forums: urgent help - BestTechie Forums

Jump to content

Sign In »

Register Now!

Help

Recommended Software

Page 1 of 1

You cannot start a new topic
You cannot reply to this topic

urgent help CANT OPEN ANYTHING!

Tweet

#1 dragoi

Member

Group: Members
Posts: 4
Joined: 16-January 10
Location:ALBANIA
Operating System:WINDOWS 2000 SP4

Posted 16 January 2010 - 03:13 PM

PLEASE HELP ME!
I CANT OPEN ANYTHING WITH MY WORK COMPUTER!
I CANT EVEN INSTALL AN ANTIVIRUS!
MY COMP IS EVEN VERY SLOWLY!
[PLEASE ANYONE HELP ME!

#2 schrauber

Malware Remover

Group: Trusted Helpers
Posts: 68
Joined: 10-January 09
Location:Germany

Posted 16 January 2010 - 03:37 PM

Hi and welcome to BestTechie! I'll be assisting you to clean up your computer. The first thing I need you to do is follow the steps in this thread. Make sure you go through all of the procedures, and post back here with the logs you get back.

#3 dragoi

Member

Group: Members
Posts: 4
Joined: 16-January 10
Location:ALBANIA
Operating System:WINDOWS 2000 SP4

Posted 17 January 2010 - 02:50 PM

DEAR schrauber HERE ARE MY LOGS!
I HAVE ATTECHED THEM BELOW!
THANK YOU FOR YOUR TIME AND HELP!
PS.
BY THE WAY I HAVE WINDOWS 2000!

Attached File(s)

Rooter_1.txt (2.39K)
Number of downloads: 1
ckfiles.txt (1.11K)
Number of downloads: 1
Extras.Txt (23.46K)
Number of downloads: 1
OTL.Txt (113.83K)
Number of downloads: 1
GMER.txt (47.07K)
Number of downloads: 1
LockSearch.txt (586bytes)
Number of downloads: 1
mbam-log-2010-01-17 (17-42-22).txt (2.86K)
Number of downloads: 1

This post has been edited by dragoi: 17 January 2010 - 02:58 PM

#4 dragoi

Member

Group: Members
Posts: 4
Joined: 16-January 10
Location:ALBANIA
Operating System:WINDOWS 2000 SP4

Posted 17 January 2010 - 03:46 PM

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 2000 . (5.0.2195) Service Pack 4
[32_bits] - x86 Family 6 Model 15 Stepping 13, GenuineIntel
.
Error OpenService (wscsvc) : 1060
[SharedAccess] STOPPED (state:1) : Windows Firewall -> Disabled !
.
Internet Explorer 5.00.3700.1000
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:8 Go - Free:3 Go )
D:\ [CD_Rom]
.
Scan : 17:25.15
Path : C:\Documents and Settings\sporteli\Desktop\New Folder (5)\Rooter.exe
User : sporteli ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (8)
______ \SystemRoot\System32\smss.exe (156)
______ \??\C:\WINNT\system32\csrss.exe (176)
______ \??\C:\WINNT\system32\winlogon.exe (168)
______ C:\WINNT\system32\services.exe (228)
______ C:\WINNT\system32\lsass.exe (244)
______ C:\WINNT\system32\svchost.exe (428)
______ C:\WINNT\system32\spoolsv.exe (456)
______ C:\WINNT\system32\svchost.exe (500)
______ C:\WINNT\system32\hidserv.exe (516)
______ C:\WINNT\System32\svchost.exe (576)
______ C:\WINNT\system32\nvsvc32.exe (592)
______ C:\WINNT\System32\svchost.exe (640)
______ C:\WINNT\system32\regsvc.exe (660)
______ C:\WINNT\system32\MSTask.exe (676)
______ C:\WINNT\System32\snmp.exe (712)
______ C:\WINNT\system32\stisvc.exe (816)
______ C:\WINNT\system32\svchost.exe (876)
______ C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe (916)
______ C:\WINNT\system32\mspmspsv.exe (808)
______ C:\WINNT\system32\svchost.exe (944)
______ C:\WINNT\system32\svchost.exe (960)
______ C:\Program Files\TeamViewer\Version4\TeamViewer.exe (1084)
______ C:\WINNT\Explorer.EXE (1112)
______ C:\WINNT\RTHDCPL.EXE (1240)
______ C:\WINNT\system32\RUNDLL32.EXE (1284)
______ C:\WINNT\system32\RUNDLL32.EXE (1312)
______ C:\WINNT\system32\RUNDLL32.EXE (1320)
______ C:\WINNT\system32\RUNDLL32.EXE (1208)
______ C:\Program Files\Skype\Phone\Skype.exe (1288)
______ C:\Documents and Settings\sporteli\Desktop\New Folder (5)\Rooter.exe (1052)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
----------------------\\ Scheduled Tasks
.
C:\WINNT\Tasks\desktop.ini
C:\WINNT\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 17:25.27
.
C:\Rooter$\Rooter_1.txt - (17/01/2010 | 17:25.27)

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eat.nfo
c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\file_id.diz
c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\eat.nfo
c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\eat_rls.2000-2009_1130.nfo
c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\file_id.diz
c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\eatvsp85\vuesca85_v8.5.39.exe
c:\documents and settings\sporteli\my documents\hamrick.vuescan.pro.v8.5.39.multilingual.cracked.happy.9th.birthday-eat\eatvs85a\eatvsp85\crack\vuescan.exe
scanner sequence 3.FA.11
----- EOF -----

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 17/01/2010 5:44:40 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\sporteli\Desktop\New Folder (5)
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 5.00.3700.1000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

895.00 Mb Total Physical Memory | 674.00 Mb Available Physical Memory | 75.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 8.79 Gb Total Space | 3.48 Gb Free Space | 39.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IMPERIAL-YJVVAC
Current User Name: sporteli
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINNT\fonts\services.exe" = C:\WINNT\fonts\services.exe:*:Enabled:services.exe -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3E713D52-C967-41FB-AA24-3A92CC1025A4}" = Remote Desktop Connection
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5932C9AC-9049-11D4-8111-005004D78BE4}" = ImpulseStudio 3.04
"{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
"{7699B723-9718-41DE-8C18-549F341C02CE}" = Crystal Reports
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{DCA1B4C0-98A5-418B-8293-45663180B6C5}" = DCA1B4C0-98A5-418B-8293-45663180B6C5
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FFD44E90-AEA4-4D25-AF53-5CE2723E88DA}" = MarketingReg
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AERP_4.0.0" = AERP 4.0.0
"Data Dynamics SharpGrid 2.0" = Data Dynamics SharpGrid 2.0
"EPSON Printer and Utilities" = EPSON Printer Software
"LQ-300+II User's Guide" = LQ-300+II User's Guide
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2000" = Microsoft SQL Server 2000
"NVIDIA Drivers" = NVIDIA Drivers
"Q828026" = Windows Media Player Hotfix [See Q828026 for more information]
"TeamViewer 4" = TeamViewer 4
"Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4
"VueScan" = VueScan
"WinRAR archiver" = WinRAR archiver
"WMP7" = Windows Media Player 7.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19/12/2009 10:35:27 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 10005
Description = Product: ESET NOD32 Antivirus -- Error 5001. The computer has not
been restarted after a program uninstallation. Please restart the computer and run
the installer again.

Error - 19/12/2009 10:38:26 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920
Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn)
failed to start. Verify that you have sufficient privileges to start system services.

Error - 19/12/2009 10:38:56 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920
Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn)
failed to start. Verify that you have sufficient privileges to start system services.

Error - 19/12/2009 10:39:35 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 10005
Description = Product: ESET NOD32 Antivirus -- Error 5001. The computer has not
been restarted after a program uninstallation. Please restart the computer and run
the installer again.

Error - 19/12/2009 10:45:22 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920
Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn)
failed to start. Verify that you have sufficient privileges to start system services.

Error - 19/12/2009 10:45:55 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920
Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn)
failed to start. Verify that you have sufficient privileges to start system services.

Error - 19/12/2009 10:46:30 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920
Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ekrn' (ekrn)
failed to start. Verify that you have sufficient privileges to start system services.

Error - 16/01/2010 9:07:54 PM | Computer Name = IMPERIAL-YJVVAC | Source = Userenv | ID = 1000
Description = Windows cannot unload your registry file. If you have a roaming profile,
your settings are not replicated. Contact your administrator. DETAIL - Access
is denied. , Build number ((2195)).

Error - 16/01/2010 9:50:04 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920
Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ESET Service'
(ekrn) failed to start. Verify that you have sufficient privileges to start system
services.

Error - 16/01/2010 9:50:34 PM | Computer Name = IMPERIAL-YJVVAC | Source = MsiInstaller | ID = 11920
Description = Product: ESET NOD32 Antivirus -- Error 1920. Service 'ESET Service'
(ekrn) failed to start. Verify that you have sufficient privileges to start system
services.

[ System Events ]
Error - 16/01/2010 8:48:20 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper Service service depends on the AFD Networking
Support Environment service which failed to start because of the following error:
%%1077

Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001
Description = The Messenger service depends on the NetBIOS Interface service which
failed to start because of the following error: %%31

Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001
Description = The System Event Notification service depends on the COM+ Event System
service which failed to start because of the following error: %%1077

Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001
Description = The Simple TCP/IP Services service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%1077

Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001
Description = The Background Intelligent Transfer Service service depends on the
Windows Management Instrumentation Driver Extensions service which failed to start
because of the following error: %%1077

Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1077

Error - 16/01/2010 8:48:21 PM | Computer Name = IMPERIAL-YJVVAC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BIOS MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 16/01/2010 8:50:53 PM | Computer Name = IMPERIAL-YJVVAC | Source = DCOM | ID = 10010
Description = The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register
with DCOM within the required timeout.

Error - 16/01/2010 8:54:00 PM | Computer Name = IMPERIAL-YJVVAC | Source = DCOM | ID = 10010
Description = The server {000C101C-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 16/01/2010 9:06:54 PM | Computer Name = IMPERIAL-YJVVAC | Source = DCOM | ID = 10010
Description = The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register
with DCOM within the required timeout.

< End of report >

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

OTL logfile created on: 17/01/2010 5:44:40 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\sporteli\Desktop\New Folder (5)
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 5.00.3700.1000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

895.00 Mb Total Physical Memory | 674.00 Mb Available Physical Memory | 75.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 8.79 Gb Total Space | 3.48 Gb Free Space | 39.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IMPERIAL-YJVVAC
Current User Name: sporteli
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/17 17:43:52 | 00,019,456 | ---- | M] () -- C:\WINNT\Temp\VRT3.tmp
PRC - [2010/01/17 11:04:31 | 00,567,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sporteli\Desktop\New Folder (5)\OTL.exe
PRC - [2009/06/02 10:56:00 | 24,264,488 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2008/12/23 08:04:10 | 03,950,376 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer.exe
PRC - [2008/12/23 07:44:46 | 00,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2007/12/20 10:47:36 | 16,882,176 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINNT\RTHDCPL.exe
PRC - [2007/11/27 21:26:00 | 00,176,128 | ---- | M] (NVIDIA Corporation) -- C:\WINNT\system32\nvsvc32.exe
PRC - [2005/04/01 07:00:00 | 00,263,168 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2005/04/01 07:00:00 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\winmgmt.exe
PRC - [2005/04/01 07:00:00 | 00,139,264 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe
PRC - [2005/04/01 07:00:00 | 00,088,064 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe
PRC - [2005/04/01 07:00:00 | 00,081,408 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\stisvc.exe
PRC - [2005/04/01 07:00:00 | 00,050,176 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\snmp.exe
PRC - [2003/06/19 12:05:04 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\hidserv.exe
PRC - [2001/10/01 13:48:44 | 00,073,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mspmspsv.exe

========== Modules (SafeList) ==========

MOD - [2010/01/17 17:35:58 | 00,036,865 | ---- | M] () -- C:\WINNT\system32\msnjkwfb.dll
MOD - [2010/01/17 11:04:31 | 00,567,808 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sporteli\Desktop\New Folder (5)\OTL.exe
MOD - [2010/01/16 14:46:20 | 00,036,865 | ---- | M] () -- C:\WINNT\system32\mssheatr.dll
MOD - [2010/01/12 07:04:37 | 00,036,865 | ---- | M] () -- C:\WINNT\system32\msjuehus.dll
MOD - [2010/01/09 07:11:20 | 00,036,864 | ---- | M] () -- C:\WINNT\system32\msjgjzcu.dll
MOD - [2005/04/01 07:00:00 | 00,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll

========== Win32 Services (SafeList) ==========

SRV - [2008/12/23 07:44:46 | 00,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2007/11/27 21:26:00 | 00,176,128 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINNT\system32\nvsvc32.exe -- (NVSvc)
SRV - [2007/03/11 21:35:02 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2006/11/08 10:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINNT\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2006/11/08 10:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINNT\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2005/04/01 07:00:00 | 00,217,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINNT\system32\wbem\winmgmt.exe -- (WinMgmt)
SRV - [2005/04/01 07:00:00 | 00,167,424 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2005/04/01 07:00:00 | 00,139,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mstask.exe -- (Schedule)
SRV - [2005/04/01 07:00:00 | 00,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\faxsvc.exe -- (Fax)
SRV - [2005/04/01 07:00:00 | 00,088,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)
SRV - [2005/04/01 07:00:00 | 00,081,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\stisvc.exe -- (StiSvc)
SRV - [2005/04/01 07:00:00 | 00,080,384 | --S- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINNT\System32\1Bc.exe -- (TapiSrvIpripRemoteAccess)
SRV - [2005/04/01 07:00:00 | 00,080,384 | --S- | M] () [Auto | Stopped] -- C:\WINNT\System32\12520437y.exe -- (TapiSrvIprip)
SRV - [2005/04/01 07:00:00 | 00,050,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\snmp.exe -- (SNMP)
SRV - [2005/04/01 07:00:00 | 00,045,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINNT\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2005/04/01 07:00:00 | 00,042,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2003/07/28 06:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 12:05:04 | 00,039,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\hidserv.exe -- (HidServ)
SRV - [2001/10/01 13:48:44 | 00,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mspmspsv.exe -- (WMDM PMSP Service)
SRV - [1999/12/07 07:00:00 | 00,034,064 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\iprip.dll -- (Iprip)

========== Driver Services (SafeList) ==========

DRV - [2008/01/07 04:32:06 | 00,029,096 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2007/12/20 12:00:06 | 04,637,696 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/11/27 21:26:00 | 06,866,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/11/17 02:43:56 | 00,022,016 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2007/11/17 02:43:36 | 00,050,304 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2007/10/12 02:53:10 | 00,013,312 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/03/07 00:20:50 | 00,021,568 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007/03/07 00:20:49 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007/03/07 00:20:48 | 00,049,920 | R--- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2005/04/01 07:00:00 | 00,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2005/04/01 07:00:00 | 00,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\DRIVERS\dmio.sys -- (dmio)
DRV - [2005/04/01 07:00:00 | 00,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel)
DRV - [2005/04/01 07:00:00 | 00,049,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20)
DRV - [2005/04/01 07:00:00 | 00,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\system32\drivers\efs.sys -- (EFS)
DRV - [2005/04/01 07:00:00 | 00,024,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\openhci.sys -- (openhci)
DRV - [2005/04/01 07:00:00 | 00,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)
DRV - [2005/04/01 07:00:00 | 00,017,680 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2005/04/01 07:00:00 | 00,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [2005/04/01 07:00:00 | 00,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\diskperf.sys -- (Diskperf)
DRV - [2005/04/01 07:00:00 | 00,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\system32\drivers\dmload.sys -- (dmload)
DRV - [2005/04/01 07:00:00 | 00,006,992 | ---- | M] (SGI) [Kernel | System | Stopped] -- C:\WINNT\system32\drivers\sglfb.sys -- (sglfb)
DRV - [2005/03/16 01:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINNT\system32\drivers\BIOS.sys -- (BIOS)
DRV - [2005/01/07 11:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/07/08 22:26:38 | 00,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\System32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([1999/12/07 07:00:00 | 00,000,734 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
O4 - HKLM..\Run: [Alcmtr] C:\WINNT\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINNT\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [gxwiyi] C:\WINNT\System32\msnjkwfb.DLL ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe ()
O4 - HKLM..\Run: [qquaqe] C:\WINNT\System32\msjgjzcu.DLL ()
O4 - HKLM..\Run: [rscqdr] C:\WINNT\System32\mssheatr.DLL ()
O4 - HKLM..\Run: [RTHDCPL] C:\WINNT\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINNT\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINNT\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Synchronization Manager] C:\WINNT\System32\mobsync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [vkqzej] C:\WINNT\System32\msjuehus.DLL ()
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKLM..\RunOnce: [X0@] Reg Error: Invalid data type. File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\related.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\rnr20.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1229456552406 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229462185640 (MUWebControl Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupd...9798.4922337963 (Update Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O18 - Protocol\Filter\text/xml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\sporteli\My Documents\My Pictures\5722_large.jpg
O24 - Desktop BackupWallPaper: C:\WINNT\Zapotec.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/17 23:50:07 | 00,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: BtwSrv - File not found
NetSvcs: Ias - C:\WINNT\system32\ias [2009/12/17 15:47:03 | 00,000,000 | ---D | M]
NetSvcs: Iprip - C:\WINNT\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - C:\WINNT\system32\irmon.dll (Microsoft Corporation)
NetSvcs: Nwsapagent - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: dmadmin - C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.)
SafeBootMin: dmboot.sys - C:\WINNT\system32\drivers\dmboot.sys (VERITAS Software Corp.)
SafeBootMin: dmio.sys - C:\WINNT\system32\DRIVERS\dmio.sys (VERITAS Software Corp.)
SafeBootMin: dmload.sys - C:\WINNT\system32\drivers\dmload.sys (VERITAS Software Corp.)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: sglfb.sys - C:\WINNT\system32\drivers\sglfb.sys (SGI)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: tga.sys - File not found
SafeBootMin: vga.sys - Driver
SafeBootMin: WinMgmt - C:\WINNT\system32\wbem\winmgmt.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: dmadmin - C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.)
SafeBootNet: dmboot.sys - C:\WINNT\system32\drivers\dmboot.sys (VERITAS Software Corp.)
SafeBootNet: dmio.sys - C:\WINNT\system32\DRIVERS\dmio.sys (VERITAS Software Corp.)
SafeBootNet: dmload.sys - C:\WINNT\system32\drivers\dmload.sys (VERITAS Software Corp.)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NBF - Service
SafeBootNet: nbf.sys - Driver
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: sglfb.sys - C:\WINNT\system32\drivers\sglfb.sys (SGI)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: tga.sys - File not found
SafeBootNet: vga.sys - Driver
SafeBootNet: WinMgmt - C:\WINNT\system32\wbem\winmgmt.exe (Microsoft Corporation)
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1b0357b8-e3fb-4918-915c-a8eb232c273e} - KB973354
ActiveX: {1d939273-21ce-4e7f-be14-490866ec66c2} - KB976325
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {390e5bb4-1d89-4343-b62d-b76303708a1d} - KB969897
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3c0d61fe-1db3-4d0b-8477-3cb53eab9469} - KB951066
ActiveX: {3e843540-63b3-42d7-9f4d-812ffd1e767a} - KB974455
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Visual Basic Scripting Support
ActiveX: {4fe13360-e1fd-11d2-83c7-0000f8051539} - Microsoft New ChangJie IME 98a
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {685e3910-1f77-49b9-9434-50bcd95c51ab} - KB905495
ActiveX: {6A5110B5-E14B-4268-A065-EF89FF33C325} - regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player 7
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {7da6528e-45a6-4022-9e41-c45a8cf33eb5} - KB963027
ActiveX: {80b81c71-14cd-41c3-9e8c-08b9e06d02ef} - KB960714
ActiveX: {81aded60-e2d0-11d2-83c7-0000f8051539} - Microsoft New Phonetic IME 98a
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl
ActiveX: {A00BF2EB-56EE-4fde-B5EA-6A8FA425B2A5} - W2KAppComp
ActiveX: {b6609c7e-4ad5-4b8b-9da5-9edbc50f7592} - KB958869
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {e41091c0-06d5-474f-836e-dd190348ea18} - KB958215
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {f156e5b2-f52e-4094-800c-e7392fe62314} - KB938464
ActiveX: {f351bc8e-a11b-44ba-a436-cee0d27e3abb} - KB976749
ActiveX: {f3d9c2d1-579f-4d41-95ba-5354eeb398d0} - KB972260
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\system32\setup\wmpocm.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - "%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - "%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigOE

Drivers32: aux - C:\WINNT\System32\mmdrv.dll (Microsoft Corporation)
Drivers32: aux3 - File not found
Drivers32: aux4 - File not found
Drivers32: aux5 - File not found
Drivers32: aux6 - File not found
Drivers32: aux7 - File not found
Drivers32: aux8 - File not found
Drivers32: aux9 - File not found
Drivers32: midi2 - File not found
Drivers32: midi3 - File not found
Drivers32: midi4 - File not found
Drivers32: midi5 - File not found
Drivers32: midi6 - File not found
Drivers32: midi7 - File not found
Drivers32: midi8 - File not found
Drivers32: midi9 - File not found
Drivers32: mixer2 - File not found
Drivers32: mixer3 - File not found
Drivers32: mixer4 - File not found
Drivers32: mixer5 - File not found
Drivers32: mixer6 - File not found
Drivers32: mixer7 - File not found
Drivers32: mixer8 - File not found
Drivers32: mixer9 - File not found
Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINNT\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINNT\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave2 - File not found
Drivers32: wave3 - File not found
Drivers32: wave4 - File not found
Drivers32: wave5 - File not found
Drivers32: wave6 - File not found
Drivers32: wave7 - File not found
Drivers32: wave8 - File not found
Drivers32: wave9 - File not found
SystemRestore not available.

========== Files/Folders - Created Within 30 Days ==========

[2010/01/17 17:25:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Desktop\New Folder (2)
[2010/01/17 17:25:27 | 00,000,000 | ---D | C] -- C:\Rooter$
[2010/01/17 17:16:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Application Data\Malwarebytes
[2010/01/17 17:16:37 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/01/17 17:16:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/17 17:16:35 | 00,018,520 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010/01/17 17:16:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/17 17:11:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Desktop\REGYSTRI
[2010/01/17 17:11:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Desktop\New Folder (5)
[2010/01/14 07:34:17 | 00,245,520 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\winsrv.dll
[2010/01/09 19:16:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sporteli\Desktop\Avira AntiVir Premium v9.0.0.455
[2010/01/09 19:14:23 | 00,016,496 | R--- | C] (HP) -- C:\WINNT\System32\drivers\HPZipr12.sys
[2010/01/09 19:14:13 | 00,049,920 | R--- | C] (HP) -- C:\WINNT\System32\drivers\HPZid412.sys
[2010/01/09 19:14:11 | 00,364,544 | R--- | C] (Hewlett-Packard) -- C:\WINNT\System32\hppldcoi.dll
[2010/01/09 19:14:11 | 00,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINNT\System32\difxapi.dll
[2010/01/09 19:14:10 | 00,569,344 | R--- | C] (Hewlett-Packard Co.) -- C:\WINNT\System32\hpotscl3.dll
[2010/01/09 19:14:10 | 00,303,104 | R--- | C] (Hewlett-Packard Co.) -- C:\WINNT\System32\hpovst10.dll
[2010/01/09 19:14:10 | 00,229,376 | R--- | C] (Hewlett-Packard) -- C:\WINNT\System32\hpotpusd.dll
[2010/01/09 19:14:08 | 00,021,568 | R--- | C] (HP) -- C:\WINNT\System32\drivers\HPZius12.sys
[2010/01/06 15:02:08 | 00,052,496 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\mtxclu.dll
[2010/01/04 15:06:42 | 01,735,808 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\NTKRPAMP.EXE
[2010/01/04 15:06:42 | 01,714,496 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\NTKRNLMP.EXE
[2010/01/04 15:06:42 | 01,713,536 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ntkrnlpa.exe
[2010/01/04 15:06:42 | 01,690,880 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ntoskrnl.exe
[2010/01/04 12:20:43 | 00,138,000 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\faxui.dll
[2010/01/04 12:20:43 | 00,138,000 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\faxui.dll
[2010/01/01 07:49:09 | 00,000,000 | ---D | C] -- C:\DrWatson
[2009/12/19 21:30:48 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/17 17:46:23 | 00,033,280 | ---- | M] (Andreas Hausladen) -- C:\WINNT\System32\4633753.exe
[2010/01/17 17:45:27 | 01,847,296 | -H-- | M] () -- C:\Documents and Settings\sporteli\NTUSER.DAT
[2010/01/17 17:44:03 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2cc.dat
[2010/01/17 17:43:44 | 00,000,032 | --S- | M] () -- C:\WINNT\System32\1755361127.dat
[2010/01/17 17:43:38 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2010/01/17 17:37:21 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2c0.dat
[2010/01/17 17:36:02 | 00,000,116 | ---- | M] () -- C:\WINNT\System32\757890.BAT
[2010/01/17 17:35:58 | 00,048,640 | ---- | M] () -- C:\WINNT\System32\2561086.exe
[2010/01/17 17:35:58 | 00,036,865 | ---- | M] () -- C:\WINNT\System32\msnjkwfb.dll
[2010/01/17 17:24:12 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2c8.dat
[2010/01/17 17:22:07 | 00,465,166 | -H-- | M] () -- C:\WINNT\ShellIconCache
[2010/01/17 17:16:39 | 00,000,569 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/17 17:16:15 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_348.dat
[2010/01/16 22:42:31 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_354.dat
[2010/01/16 21:19:20 | 00,000,280 | -HS- | M] () -- C:\Documents and Settings\sporteli\ntuser.ini
[2010/01/16 21:00:57 | 00,000,538 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\VueScan.lnk
[2010/01/16 20:09:53 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_300.dat
[2010/01/16 19:38:56 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_320.dat
[2010/01/16 15:00:09 | 00,001,166 | -H-- | M] () -- C:\Documents and Settings\sporteli\My Documents\Default.rdp
[2010/01/16 14:46:20 | 00,036,865 | ---- | M] () -- C:\WINNT\System32\mssheatr.dll
[2010/01/16 14:43:43 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_34c.dat
[2010/01/16 08:22:10 | 00,002,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/01/16 07:09:59 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_854.dat
[2010/01/15 07:23:40 | 00,180,240 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2010/01/15 07:05:42 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_790.dat
[2010/01/15 00:32:08 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_340.dat
[2010/01/14 07:32:28 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_324.dat
[2010/01/12 15:03:21 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_78c.dat
[2010/01/12 07:04:37 | 00,036,865 | ---- | M] () -- C:\WINNT\System32\msjuehus.dll
[2010/01/12 07:03:46 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_388.dat
[2010/01/09 19:16:08 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2f8.dat
[2010/01/09 07:11:20 | 00,036,864 | ---- | M] () -- C:\WINNT\System32\msjgjzcu.dll
[2010/01/09 07:10:15 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_71c.dat
[2010/01/08 07:03:18 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_72c.dat
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,018,520 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2010/01/07 07:18:47 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5b0.dat
[2010/01/07 07:00:36 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_6bc.dat
[2010/01/06 07:09:27 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_67c.dat
[2010/01/05 07:40:36 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5f8.dat
[2010/01/05 07:23:29 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5d8.dat
[2010/01/04 07:16:18 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4e4.dat
[2010/01/02 07:18:25 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4b0.dat
[2009/12/30 07:40:15 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4d8.dat
[2009/12/30 07:21:56 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_524.dat
[2009/12/28 11:23:12 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2ec.dat
[2009/12/27 15:13:48 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4d0.dat
[2009/12/27 07:52:12 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_510.dat
[2009/12/26 10:53:28 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_1c70.dat
[2009/12/26 07:55:09 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_120c.dat
[2009/12/26 07:53:56 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_274.dat
[2009/12/25 12:46:14 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2e0.dat
[2009/12/25 11:16:55 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_378.dat
[2009/12/24 15:41:14 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_35c.dat
[2009/12/24 07:59:33 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_47c.dat
[2009/12/24 07:36:51 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_3c0.dat
[2009/12/23 08:12:48 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_44c.dat
[2009/12/22 07:48:10 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_394.dat
[2009/12/22 07:25:25 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4c0.dat
[2009/12/20 10:33:23 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4e8.dat
[2009/12/20 08:11:06 | 00,000,120 | ---- | M] () -- C:\WINNT\System32\7138178.exe
[2009/12/19 21:42:14 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2ac.dat
[2009/12/19 21:39:43 | 00,000,629 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\E-MAILI I HOTELIT.lnk
[2009/12/19 21:36:55 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2d0.dat
[2009/12/19 21:36:53 | 00,170,656 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\dllcache\ndis.sys
[2009/12/19 21:30:28 | 00,000,120 | ---- | M] () -- C:\WINNT\System32\7552737.exe
[2009/12/19 21:28:45 | 00,107,520 | RHS- | M] () -- C:\WINNT\het7upd.exe
[2009/12/19 21:28:40 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2dc.dat
[4 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/17 17:44:03 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2cc.dat
[2010/01/17 17:37:21 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2c0.dat
[2010/01/17 17:36:02 | 00,000,116 | ---- | C] () -- C:\WINNT\System32\757890.BAT
[2010/01/17 17:35:58 | 00,048,640 | ---- | C] () -- C:\WINNT\System32\2561086.exe
[2010/01/17 17:35:58 | 00,036,865 | ---- | C] () -- C:\WINNT\System32\msnjkwfb.dll
[2010/01/17 17:24:12 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2c8.dat
[2010/01/17 17:16:39 | 00,000,569 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/17 17:16:15 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_348.dat
[2010/01/16 22:44:18 | 00,465,166 | -H-- | C] () -- C:\WINNT\ShellIconCache
[2010/01/16 22:42:31 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_354.dat
[2010/01/16 20:09:53 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_300.dat
[2010/01/16 19:38:56 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_320.dat
[2010/01/16 14:46:20 | 00,036,865 | ---- | C] () -- C:\WINNT\System32\mssheatr.dll
[2010/01/16 14:43:43 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_34c.dat
[2010/01/16 07:09:59 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_854.dat
[2010/01/16 07:09:49 | 00,000,032 | --S- | C] () -- C:\WINNT\System32\1755361127.dat
[2010/01/15 07:05:42 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_790.dat
[2010/01/15 00:32:08 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_340.dat
[2010/01/14 07:32:28 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_324.dat
[2010/01/12 15:03:21 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_78c.dat
[2010/01/12 07:04:37 | 00,036,865 | ---- | C] () -- C:\WINNT\System32\msjuehus.dll
[2010/01/12 07:03:46 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_388.dat
[2010/01/09 19:16:08 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2f8.dat
[2010/01/09 07:11:20 | 00,036,864 | ---- | C] () -- C:\WINNT\System32\msjgjzcu.dll
[2010/01/09 07:10:15 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_71c.dat
[2010/01/08 07:03:18 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_72c.dat
[2010/01/07 07:18:47 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5b0.dat
[2010/01/07 07:00:36 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_6bc.dat
[2010/01/06 07:09:27 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_67c.dat
[2010/01/05 07:40:36 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5f8.dat
[2010/01/05 07:23:29 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5d8.dat
[2010/01/04 07:16:18 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4e4.dat
[2010/01/02 07:18:25 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4b0.dat
[2009/12/30 07:40:15 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4d8.dat
[2009/12/30 07:21:56 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_524.dat
[2009/12/28 11:23:12 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2ec.dat
[2009/12/27 15:13:48 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4d0.dat
[2009/12/27 07:52:12 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_510.dat
[2009/12/26 10:53:28 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_1c70.dat
[2009/12/26 07:55:09 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_120c.dat
[2009/12/26 07:53:56 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_274.dat
[2009/12/25 12:46:14 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2e0.dat
[2009/12/25 11:16:55 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_378.dat
[2009/12/24 15:41:14 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_35c.dat
[2009/12/24 07:59:33 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_47c.dat
[2009/12/24 07:36:51 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3c0.dat
[2009/12/23 08:12:48 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_44c.dat
[2009/12/22 07:48:10 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_394.dat
[2009/12/22 07:25:25 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4c0.dat
[2009/12/20 10:33:23 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4e8.dat
[2009/12/20 08:11:06 | 00,000,120 | ---- | C] () -- C:\WINNT\System32\7138178.exe
[2009/12/19 21:42:14 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2ac.dat
[2009/12/19 21:36:55 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2d0.dat
[2009/12/19 21:33:13 | 31,616,000 | ---- | C] () -- C:\Documents and Settings\sporteli\Desktop\eav_nt32_enu.msi
[2009/12/19 21:30:28 | 00,000,120 | ---- | C] () -- C:\WINNT\System32\7552737.exe
[2009/12/19 21:28:46 | 00,107,520 | RHS- | C] () -- C:\WINNT\het7upd.exe
[2009/12/19 21:28:40 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2dc.dat
[2009/07/24 23:04:29 | 00,000,025 | ---- | C] () -- C:\WINNT\CDELQ300+II_Eu.ini
[2009/02/01 04:44:35 | 01,290,240 | ---- | C] () -- C:\WINNT\System32\wmploc.dll
[2009/02/01 04:44:35 | 01,122,304 | ---- | C] () -- C:\WINNT\System32\wmpui.dll
[2009/02/01 04:44:35 | 00,270,336 | ---- | C] () -- C:\WINNT\System32\pdbrowse.dll
[2009/02/01 04:44:35 | 00,184,320 | ---- | C] () -- C:\WINNT\System32\wmpcd.dll
[2009/02/01 04:44:34 | 00,147,456 | ---- | C] () -- C:\WINNT\System32\CEWMDM.dll
[2009/01/27 13:45:14 | 00,001,298 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/12/16 16:21:09 | 00,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2008/12/16 16:20:59 | 00,173,056 | ---- | C] () -- C:\WINNT\System32\qasf.dll
[2008/12/16 16:01:58 | 00,001,078 | ---- | C] () -- C:\WINNT\ODBC.INI
[2008/12/16 14:20:30 | 00,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2007/11/27 21:26:00 | 01,703,936 | ---- | C] () -- C:\WINNT\System32\nvwdmcpl.dll
[2007/11/27 21:26:00 | 01,474,560 | ---- | C] () -- C:\WINNT\System32\nview.dll
[2007/11/27 21:26:00 | 01,019,904 | ---- | C] () -- C:\WINNT\System32\nvwimg.dll
[2007/11/27 21:26:00 | 00,466,944 | ---- | C] () -- C:\WINNT\System32\nvshell.dll
[2007/11/27 21:26:00 | 00,286,720 | ---- | C] () -- C:\WINNT\System32\nvnt4cpl.dll
[2005/04/01 07:00:00 | 00,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[2005/04/01 07:00:00 | 00,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[2005/04/01 07:00:00 | 00,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[2005/04/01 07:00:00 | 00,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[2005/04/01 07:00:00 | 00,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
[2003/09/17 11:13:54 | 00,815,104 | ---- | C] () -- C:\WINNT\System32\wmpcore.dll
[2003/01/07 09:05:08 | 00,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI
[2000/10/25 20:15:00 | 00,017,920 | ---- | C] () -- C:\WINNT\System32\Implode.dll
[1999/10/26 03:00:00 | 00,028,672 | ---- | C] () -- C:\WINNT\System32\CRInf9.dll
[1999/09/25 05:36:24 | 00,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 05:36:22 | 00,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[1999/03/12 03:00:00 | 00,299,008 | ---- | C] () -- C:\WINNT\System32\Crutl14.dll
[1999/03/12 03:00:00 | 00,045,056 | ---- | C] () -- C:\WINNT\System32\Crsybdtc14.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/04/01 07:00:00 | 00,150,528 | RHS- | M] () -- C:\arcldr.exe
[2005/04/01 07:00:00 | 00,163,840 | RHS- | M] () -- C:\arcsetup.exe
[2009/12/17 23:50:07 | 00,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2009/12/17 22:30:30 | 00,000,192 | -HS- | M] () -- C:\boot.ini
[2009/08/06 01:43:44 | 11,923,854 | ---- | M] () -- C:\br.bmp
[2009/12/17 23:50:07 | 00,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2008/12/16 14:20:56 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/16 14:20:56 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/16 16:31:37 | 00,000,206 | ---- | M] () -- C:\mylog.log
[2009/07/05 03:31:31 | 00,374,112 | ---- | M] (Nitro PDF Software ) -- C:\nitro_pdf_professional.exe
[2005/04/01 07:00:00 | 00,034,724 | RHS- | M] () -- C:\NTDETECT.COM
[2005/04/01 07:00:00 | 00,214,432 | RHS- | M] () -- C:\ntldr
[2010/01/17 17:43:28 | 14,092,86144 | -HS- | M] () -- C:\pagefile.sys
[2008/12/16 16:31:37 | 00,000,573 | ---- | M] () -- C:\RHDSetup.log
[2010/01/17 17:43:58 | 00,000,000 | ---- | M] () -- C:\RTHDCPL_Dump.txt

< MD5 for: AGP440.SYS >
[2005/04/01 07:00:00 | 06,553,075 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:AGP440.sys
[2008/12/16 15:52:59 | 10,066,272 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:AGP440.sys
[2003/06/19 14:05:04 | 00,021,008 | ---- | M] (Microsoft Corporation) MD5=CDDB71A90077C93BEA5C72507F0B1394 -- C:\WINNT\ServicePackFiles\i386\agp440.sys

< MD5 for: ATAPI.SYS >
[2005/04/01 07:00:00 | 06,553,075 | ---- | M] () .cab file -- C:\WINNT\Driver Cache\i386\sp4.cab:atapi.sys
[2008/12/16 15:52:59 | 10,066,272 | ---- | M] () .cab file -- C:\WINNT\ServicePackFiles\i386\sp4.cab:atapi.sys
[2003/06/19 14:05:04 | 00,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\ServicePackFiles\i386\atapi.sys
[2005/04/01 07:00:00 | 00,086,672 | ---- | M] (Microsoft Corporation) MD5=8C718AA8C77041B3285D55A0CE980867 -- C:\WINNT\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2003/06/19 14:05:04 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\$NtUpdateRollupPackUninstall$\eventlog.dll
[2003/06/19 14:05:04 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\ServicePackFiles\i386\eventlog.dll
[2005/04/01 07:00:00 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\system32\dllcache\eventlog.dll
[2005/04/01 07:00:00 | 00,047,888 | ---- | M] (Microsoft Corporation) MD5=5738D5804F61A1D30D86FA24DEE56E0C -- C:\WINNT\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2003/06/19 14:05:04 | 00,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\ServicePackFiles\i386\netlogon.dll
[2005/04/01 07:00:00 | 00,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\system32\dllcache\netlogon.dll
[2005/04/01 07:00:00 | 00,371,984 | ---- | M] (Microsoft Corporation) MD5=11B91C26925F56F577089FF88AA0BEC0 -- C:\WINNT\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2003/06/19 14:05:04 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\$NtUpdateRollupPackUninstall$\scecli.dll
[2003/06/19 14:05:04 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\ServicePackFiles\i386\scecli.dll
[2005/04/01 07:00:00 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\system32\dllcache\scecli.dll
[2005/04/01 07:00:00 | 00,114,448 | ---- | M] (Microsoft Corporation) MD5=FF11B32A906D75CD96957B66E318DAD0 -- C:\WINNT\system32\scecli.dll

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINNT\system32\*.tmp files -> C:\WINNT\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*. /mp /s >

< %PROGRAMFILES%\*. >
[2008/12/16 18:49:22 | 00,000,000 | ---D | M] -- C:\Program Files\Accessories
[2009/07/16 01:31:52 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/01/25 09:07:59 | 00,000,000 | ---D | M] -- C:\Program Files\BitComet
[2009/07/24 23:05:07 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/12/16 14:19:33 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/05/23 01:58:28 | 00,000,000 | ---D | M] -- C:\Program Files\Data Dynamics
[2008/12/16 16:29:43 | 00,000,000 | ---D | M] -- C:\Program Files\Driver
[2009/07/05 03:11:25 | 00,000,000 | ---D | M] -- C:\Program Files\EPSON
[2009/12/19 21:30:48 | 00,000,000 | ---D | M] -- C:\Program Files\ESET
[2009/01/27 13:48:39 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/01/27 13:46:56 | 00,000,000 | ---D | M] -- C:\Program Files\HP
[2009/05/23 01:58:08 | 00,000,000 | ---D | M] -- C:\Program Files\Ingenuware
[2009/10/18 11:18:05 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/12/17 22:31:34 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/01/17 17:16:39 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/23 01:52:12 | 00,000,000 | ---D | M] -- C:\Program Files\MapInfo MapX
[2008/12/16 16:00:51 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2008/12/16 14:21:22 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/12/16 16:00:17 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/05/23 01:35:50 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2008/12/16 16:00:56 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2009/01/29 03:16:45 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/12/17 22:31:45 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/12/17 22:31:32 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/12/16 16:25:43 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/01/25 08:25:08 | 00,000,000 | ---D | M] -- C:\Program Files\Remote Desktop Control
[2009/05/23 01:51:38 | 00,000,000 | ---D | M] -- C:\Program Files\Seagate Software
[2009/06/10 23:09:36 | 00,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/01/25 08:34:58 | 00,000,000 | ---D | M] -- C:\Program Files\TeamViewer
[2009/05/23 01:36:10 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/12/17 22:31:47 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/12/16 15:54:05 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/12/16 14:48:16 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/12/18 00:01:10 | 00,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/01/25 08:16:54 | 00,000,000 | ---D | M] -- C:\Program Files\WinZip

< %userprofile%\Desktop\*.* >
[2009/12/18 00:28:29 | 00,001,359 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Alpha Platinum.exe.lnk
[2009/05/26 23:04:17 | 00,092,160 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Copy of Template_Artikuj_Celje.xls
[2008/08/02 04:33:40 | 05,498,912 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\delete_setup.exe
[2009/12/19 21:39:43 | 00,000,629 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\E-MAILI I HOTELIT.lnk
[2009/12/12 16:02:46 | 31,616,000 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\eav_nt32_enu.msi
[2009/12/13 14:46:10 | 09,099,811 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Hamrick[1].VueScan.Pro.v8.5.39..rar
[2009/12/08 21:36:26 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Karboni C.doc
[2009/07/05 22:59:11 | 00,070,144 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\KONTRATE E KLIENTIT ME IMPERIAL HOTEL.doc
[2009/02/12 08:43:14 | 01,122,294 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\logo.bmp
[2009/12/02 14:35:07 | 00,081,920 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\menuja e resorantit per seminaret.doc
[2009/07/02 23:19:12 | 00,002,416 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Microsoft Office Excel 2003.lnk
[2009/12/08 21:14:06 | 00,002,416 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Microsoft Office Word 2003.lnk
[2009/06/24 19:06:06 | 00,233,064 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\myspace_cube.pdf
[2009/07/05 03:31:31 | 00,374,112 | ---- | M] (Nitro PDF Software ) -- C:\Documents and Settings\sporteli\Desktop\nitro_pdf_professional.exe
[2009/12/03 15:57:21 | 00,071,168 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\OFERTA.doc
[2009/10/19 13:23:47 | 00,009,062 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\OFERTA.eml
[2009/12/11 10:23:11 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Rasti 1.doc
[2009/12/17 15:07:01 | 00,001,473 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Remote Desktop Connection.lnk
[2009/01/25 08:29:37 | 07,345,754 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\TeamViewer[1].4.0.Build.5459_.rar
[2009/09/23 13:47:46 | 00,228,864 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\Vizioni.doc
[2009/12/13 14:18:56 | 06,751,440 | ---- | M] (Hamrick Software) -- C:\Documents and Settings\sporteli\Desktop\vuesca85.exe
[2010/01/16 21:00:57 | 00,000,538 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\VueScan.lnk
[2009/05/22 22:13:25 | 01,144,168 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\sporteli\Desktop\wlsetup-custom.exe
[2009/06/26 03:41:17 | 00,018,586 | ---- | M] () -- C:\Documents and Settings\sporteli\Desktop\WM speech Tirana.rtf
[2009/12/16 11:17:48 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\sporteli\Desktop\~$nuja e resorantit per seminaret.doc

< %userprofile%\Desktop\*. >
[2010/01/09 19:16:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\Avira AntiVir Premium v9.0.0.455
[2009/05/14 01:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\DR
[2010/01/08 19:02:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\G.Kormaku
[2010/01/16 13:37:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\Gazmira
[2009/10/18 12:20:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\LPT TO USB
[2009/12/06 20:14:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\New Folder
[2010/01/17 17:42:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\New Folder (2)
[2010/01/17 17:27:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\New Folder (5)
[2010/01/17 17:11:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sporteli\Desktop\REGYSTRI

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-01-17 20:10:26

========== Files - Unicode (All) ==========
[2008/12/16 16:05:18 | 00,000,000 | R--D | M](C:\Documents and Settings\sporteli\My Documents\??) -- C:\Documents and Settings\sporteli\My Documents\安装
[2008/12/16 16:05:17 | 00,000,000 | R--D | C](C:\Documents and Settings\sporteli\My Documents\??) -- C:\Documents and Settings\sporteli\My Documents\安装
[2008/12/16 16:05:08 | 00,000,000 | R--D | M](C:\Documents and Settings\sporteli\My Documents\????) -- C:\Documents and Settings\sporteli\My Documents\使用说明
[2008/12/16 16:05:07 | 00,000,000 | R--D | C](C:\Documents and Settings\sporteli\My Documents\????) -- C:\Documents and Settings\sporteli\My Documents\使用说明

========== Alternate Data Streams ==========

@Alternate Data Stream - 6584 bytes -> C:\Documents and Settings\sporteli\Desktop\logo.bmp:Q30lsldxJoudresxAaaqpcawXc
< End of report >

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-17 17:31:07
Windows 5.0.2195 Service Pack 4
Running: gmer.exe; Driver: C:\DOCUME~1\sporteli\LOCALS~1\Temp\pwkiifod.sys

---- System - GMER 1.0.15 ----

INT 0x52 ? F9190044
INT 0x72 ? F925C844
INT 0xA2 ? F9190BE4
INT 0xA3 ? F91D6B64
INT 0xB1 ? F928F044
INT 0xB3 ? F91F5BE4

---- Kernel code sections - GMER 1.0.15 ----

? lljmn.sys The system cannot find the file specified. !
.reloc C:\WINNT\system32\drivers\NDIS.sys section is executable [0xF919B200, 0x2FBCA, 0xE0000060]
.text C:\WINNT\system32\DRIVERS\nv4_mini.sys section is writeable [0xBF6AA360, 0x30AD87, 0xE8000020]
.text ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

---- User code sections - GMER 1.0.15 ----

.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\winlogon.exe[168] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\services.exe[228] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FF947A4
.text C:\WINNT\system32\services.exe[228] ntdll.dll!NtCreateFile 77F8F9BA 3 Bytes CALL 7FF94715
.text C:\WINNT\system32\services.exe[228] ntdll.dll!NtCreateFile + 4 77F8F9BE 1 Byte [08]
.text C:\WINNT\system32\services.exe[228] ntdll.dll!NtQueryInformationProcess 77F93351 3 Bytes CALL 7FF947F2
.text C:\WINNT\system32\services.exe[228] ntdll.dll!NtQueryInformationProcess + 4 77F93355 1 Byte [08]
.text C:\WINNT\system32\services.exe[228] ntdll.dll!NtDeviceIoControlFile 77F950D4 5 Bytes CALL 7FF94A35
.text C:\WINNT\system32\services.exe[228] ntdll.dll!NtOpenFile 77F95337 5 Bytes CALL 7FF9479A
.text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\lsass.exe[244] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\Documents and Settings\sporteli\Desktop\New Folder (5)\gmer.exe[308] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\svchost.exe[428] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\spoolsv.exe[456] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\svchost.exe[500] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\hidserv.exe[516] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\System32\svchost.exe[576] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\nvsvc32.exe[592] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\System32\svchost.exe[640] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\regsvc.exe[660] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\MSTask.exe[676] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\System32\snmp.exe[712] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\mspmspsv.exe[808] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\stisvc.exe[816] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\svchost.exe[876] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe[916] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\svchost.exe[944] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\svchost.exe[960] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\Program Files\TeamViewer\Version4\TeamViewer.exe[1084] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.reloc C:\WINNT\Explorer.EXE[1112] C:\WINNT\Explorer.EXE section is executable [0x0043C000, 0x7000, 0xE0000060]
.reloc C:\WINNT\Explorer.EXE[1112] C:\WINNT\Explorer.EXE entry point in ".reloc" section [0x00442A0C]
.text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\Explorer.EXE[1112] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\RUNDLL32.EXE[1208] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\RTHDCPL.EXE[1240] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\RUNDLL32.EXE[1284] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\Program Files\Skype\Phone\Skype.exe[1288] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\RUNDLL32.EXE[1312] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]
.text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtCreateProcess 77F83B9E 5 Bytes CALL 7FFA47A4
.text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtCreateFile 77F8F9BA 5 Bytes CALL 7FFA4715
.text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtQueryInformationProcess 77F93351 5 Bytes CALL 7FFA47F2
.text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtDeviceIoControlFile 77F950D4 3 Bytes CALL 7FFA4A35
.text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtDeviceIoControlFile + 4 77F950D8 1 Byte [08]
.text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtOpenFile 77F95337 3 Bytes CALL 7FFA479A
.text C:\WINNT\system32\RUNDLL32.EXE[1320] ntdll.dll!NtOpenFile + 4 77F9533B 1 Byte [08]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\Explorer.EXE [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\ADVAPI32.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\RPCRT4.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\GDI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USER32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!LoadLibraryExA] [732E78DE] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHLWAPI.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\OLE32.DLL [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!CreateProcessA] [23021346] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\MSVCRT.dll [KERNEL32.dll!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\NETAPI32.DLL [KERNEL32.dll!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\Secur32.dll [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2_32.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WS2HELP.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!LoadLibraryW] [732E786F] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!LoadLibraryExW] [732E7955] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!CreateProcessW] [230214FD] C:\WINNT\AppPatch\AcLayers.DLL (Windows 2000 Shim Accessory DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\USERENV.DLL [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WININET.dll [KERNEL32.DLL!GetProcAddress] [732E771E] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WININET.dll [KERNEL32.DLL!LoadLibraryA] [732E7800] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINNT\Explorer.EXE[1112] @ C:\WINNT\system32\WININET.dll [KERNEL32.DLL!FreeLibrary] [732E7A04] C:\WINNT\system32\shim.dll (Shim Engine DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\NDIS \Device\Ndis [F919F235] NDIS.sys[.reloc]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex 0

---- Files - GMER 1.0.15 ----

File C:\WINNT\system32\dllcache\ndis.sys (size mismatch) 200192/170656 bytes executable
File C:\WINNT\system32\drivers\ndis.sys (size mismatch) 200192/170656 bytes executable
File C:\WINNT\ServicePackFiles\i386\ndis.sys (size mismatch) 170928/170656 bytes executable

---- EOF - GMER 1.0.15 ----

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

LockSearch by jpshortstuff (05.11.09.1)
Log created at 17:26 on 17/01/2010 (sporteli)
Scanning C:\

C:\pagefile.sys
-------------------------

C:\WINNT\system32\12520437y.exe
-------------------------
C:\WINNT\system32\12520437y.exe [Unable to get md5 : 80384 bytes]

-=E.O.F=-

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

#5 schrauber

Malware Remover

Group: Trusted Helpers
Posts: 68
Joined: 10-January 09
Location:Germany

Posted 17 January 2010 - 05:48 PM

Hi,

Download Combofix from any of the links below but rename it to <schrauber> before saving it to your desktop.

Link 1
Link 2

--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

If you need help, see this link:
http://www.bleepingc...to-use-combofix

#6 dragoi

Member

Group: Members
Posts: 4
Joined: 16-January 10
Location:ALBANIA
Operating System:WINDOWS 2000 SP4

Posted 18 January 2010 - 04:18 PM

SCHRAUBER I GET AN ERROR TABLE:
!!ALERT!!
IT IS NOT SAFE TO CONTINUE.
THE CONTENTS OF THE COMBOFIX HAS BEEN COMPROMISED!
NOTE:YOU MAY BE INFECTED WITH A FILE PATCHING VIRUS "VIRUT"

AND I GET ANOTHER TABLE WHEN THEY SAY THAT THE MEMORY COULD NOT BE WRITTEN AD COULD NOT BE READ!
(2 ERROR WINDOWS)

Page 1 of 1

You cannot start a new topic
You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Time Now: May 24 2012 10:33 AM

Skin by IPBForumSkins

Community Forum Software by IP.Board
Licensed to: BestTechie Holdings, Inc.

BestTechie Forums: urgent help - BestTechie Forums

Recommended Software

urgent help CANT OPEN ANYTHING!

Tweet

#1 dragoi

#2 schrauber

#3 dragoi

Attached File(s)

#4 dragoi

#5 schrauber

#6 dragoi

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

BestTechie Forums: urgent help - BestTechie Forums

Recommended Software

urgent help CANT OPEN ANYTHING! Tweet

#1 dragoi

#2 schrauber

#3 dragoi

Attached File(s)

#4 dragoi

#5 schrauber

#6 dragoi

1 User(s) are reading this topic 0 members, 1 guests, 0 anonymous users

Skin and Language

Execution Stats

urgent help CANT OPEN ANYTHING!

Tweet

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users