Solved Hi! need help... multiple iexpore.exe on task manager.. tnx

Status
Not open for further replies.
M

meloxicam10

Posts: 12   +0
i have lots of iexplore.exe on my task manager. i tried to look for tips around, while i got hold a bunch of malwares and viruses... i still have the problem and its killing my memory. so i finally decided to look for some expert's intervention. tnx so much
 
Welcome aboard
yahooo.gif


i have lots of iexplore.exe on my task manager
Click to expand...
While IE open? Which IE version?
 
internet explorer 8... yes, upon opening IE, 3 or more IE.exe are popping up at the task manager. i was never aware of it before until i seemed to be running low of memory always and networking seems to be very sluggish. i tried different spyware and malware removers and bumped into handful of trojans... but the problems persists... tnx for the immediate reply
 
You have to watch it closely, because IE8, not like previous IE versions will open 2 iexplore.exe processes from the get go and another process for each opened tab.
 
Broni said:
You have to watch it closely, because IE8, not like previous IE versions will open 2 iexplore.exe processes from the get go and another process for each opened tab.
Click to expand...

ah... so how would i know i don't have the same problem with other peeps? i feel like there's something wrong with my system because i used to surf fast and it doesn't hang even if i have multiple programs up (Vista home basic)...
 
If you feel, your computer may be infected....

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Broni said:
If you feel, your computer may be infected....

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
Click to expand...

hi! here are the logs you requested. tnx in advance
 

Attachments

  • mbam-log-2011-04-09 (15-24-15).txt
    900 bytes · Views: 0
  • Gmer..log
    47.4 KB · Views: 0
  • Attach.txt
    13.4 KB · Views: 0
  • DDS.txt
    11.6 KB · Views: 0
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19019

4/9/2011 3:24:15 PM
mbam-log-2011-04-09 (15-24-15).txt

Scan type: Quick scan
Objects scanned: 140631
Time elapsed: 3 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-09 15:17:55
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000060 Hitachi_ rev.P22O
Running: myffbimt.exe; Driver: C:\Users\User\AppData\Local\Temp\kgldapob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\taskeng.exe[2752] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2752] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [87, 71]
.text C:\Windows\system32\taskeng.exe[2752] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2752] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [8D, 71]
.text C:\Windows\system32\taskeng.exe[2752] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2752] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [84, 71]
.text C:\Windows\system32\taskeng.exe[2752] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2752] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [8A, 71]
.text C:\Windows\system32\taskeng.exe[2752] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2752] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [90, 71]
.text C:\Windows\system32\taskeng.exe[2752] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 1F, 00]
.text C:\Windows\system32\taskeng.exe[2752] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 71940F5A
.text C:\Windows\system32\taskeng.exe[2752] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71970F5A
.text C:\Windows\system32\taskeng.exe[2752] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\taskeng.exe[2752] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\taskeng.exe[2752] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\taskeng.exe[2752] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\taskeng.exe[2752] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\taskeng.exe[2752] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2752] USER32.dll!SendInput + 4 75B82F79 2 Bytes [A5, 71]
.text C:\Windows\system32\taskeng.exe[2752] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\taskeng.exe[2752] WS2_32.dll!connect 771740D9 6 Bytes JMP 71820F5A
.text C:\Windows\system32\taskeng.exe[2752] WS2_32.dll!WSALookupServiceNextW 7717455D 6 Bytes JMP 71790F5A
.text C:\Windows\system32\taskeng.exe[2752] WS2_32.dll!WSALookupServiceBeginW 77174E93 6 Bytes JMP 717C0F5A
.text C:\Windows\system32\taskeng.exe[2752] WS2_32.dll!WSALookupServiceEnd 77175564 6 Bytes JMP 71760F5A
.text C:\Windows\system32\taskeng.exe[2752] WS2_32.dll!listen 77178CD7 6 Bytes JMP 717F0F5A
.text C:\Windows\system32\Dwm.exe[2868] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2868] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [87, 71]
.text C:\Windows\system32\Dwm.exe[2868] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2868] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [8D, 71]
.text C:\Windows\system32\Dwm.exe[2868] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2868] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [84, 71]
.text C:\Windows\system32\Dwm.exe[2868] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2868] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [8A, 71]
.text C:\Windows\system32\Dwm.exe[2868] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2868] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [90, 71]
.text C:\Windows\system32\Dwm.exe[2868] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 0B, 00] {OR AL, [EAX]; OR EAX, [EAX]}
.text C:\Windows\system32\Dwm.exe[2868] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 71940F5A
.text C:\Windows\system32\Dwm.exe[2868] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71970F5A
.text C:\Windows\system32\Dwm.exe[2868] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\Dwm.exe[2868] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\Dwm.exe[2868] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\Dwm.exe[2868] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\Dwm.exe[2868] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\Dwm.exe[2868] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2868] USER32.dll!SendInput + 4 75B82F79 2 Bytes [A5, 71]
.text C:\Windows\system32\Dwm.exe[2868] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\Dwm.exe[2868] WS2_32.dll!connect 771740D9 6 Bytes JMP 717F0F5A
.text C:\Windows\system32\Dwm.exe[2868] WS2_32.dll!WSALookupServiceNextW 7717455D 6 Bytes JMP 71760F5A
.text C:\Windows\system32\Dwm.exe[2868] WS2_32.dll!WSALookupServiceBeginW 77174E93 6 Bytes JMP 71790F5A
.text C:\Windows\system32\Dwm.exe[2868] WS2_32.dll!WSALookupServiceEnd 77175564 6 Bytes JMP 71820F5A
.text C:\Windows\system32\Dwm.exe[2868] WS2_32.dll!listen 77178CD7 6 Bytes JMP 717C0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [87, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [8D, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [84, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [8A, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [90, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 17, 00]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 71940F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71970F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] USER32.dll!SendInput + 4 75B82F79 2 Bytes [A5, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[3396] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] WS2_32.dll!connect 771740D9 6 Bytes JMP 717C0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] WS2_32.dll!WSALookupServiceNextW 7717455D 6 Bytes JMP 71820F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] WS2_32.dll!WSALookupServiceBeginW 77174E93 6 Bytes JMP 71760F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] WS2_32.dll!WSALookupServiceEnd 77175564 6 Bytes JMP 717F0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[3396] WS2_32.dll!listen 77178CD7 6 Bytes JMP 71790F5A
.text C:\Windows\system32\wuauclt.exe[3908] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[3908] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [87, 71]
.text C:\Windows\system32\wuauclt.exe[3908] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[3908] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [8D, 71]
.text C:\Windows\system32\wuauclt.exe[3908] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[3908] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [84, 71]
.text C:\Windows\system32\wuauclt.exe[3908] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[3908] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [8A, 71]
.text C:\Windows\system32\wuauclt.exe[3908] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[3908] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [90, 71]
.text C:\Windows\system32\wuauclt.exe[3908] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 77, 00] {OR AL, [EAX]; JA 0x4}
.text C:\Windows\system32\wuauclt.exe[3908] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\wuauclt.exe[3908] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\wuauclt.exe[3908] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\wuauclt.exe[3908] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\wuauclt.exe[3908] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\wuauclt.exe[3908] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[3908] USER32.dll!SendInput + 4 75B82F79 2 Bytes [A5, 71]
.text C:\Windows\system32\wuauclt.exe[3908] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\wuauclt.exe[3908] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 71940F5A
.text C:\Windows\system32\wuauclt.exe[3908] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71970F5A
.text C:\Windows\System32\rundll32.exe[3940] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3940] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [7F, 71] {JG 0x73}
.text C:\Windows\System32\rundll32.exe[3940] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3940] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [85, 71]
.text C:\Windows\System32\rundll32.exe[3940] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3940] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [7C, 71] {JL 0x73}
.text C:\Windows\System32\rundll32.exe[3940] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3940] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [82, 71]
.text C:\Windows\System32\rundll32.exe[3940] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3940] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [8A, 71]
.text C:\Windows\System32\rundll32.exe[3940] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 1D, 00]
.text C:\Windows\System32\rundll32.exe[3940] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 71970F5A
.text C:\Windows\System32\rundll32.exe[3940] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 719D0F5A
.text C:\Windows\System32\rundll32.exe[3940] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 71940F5A
.text C:\Windows\System32\rundll32.exe[3940] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 719A0F5A
.text C:\Windows\System32\rundll32.exe[3940] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71A60F5A
.text C:\Windows\System32\rundll32.exe[3940] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[3940] USER32.dll!SendInput + 4 75B82F79 2 Bytes [9F, 71]
.text C:\Windows\System32\rundll32.exe[3940] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A30F5A
.text C:\Windows\System32\rundll32.exe[3940] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 718E0F5A
.text C:\Windows\System32\rundll32.exe[3940] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71910F5A
.text C:\Windows\System32\mobsync.exe[4184] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4184] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [87, 71]
.text C:\Windows\System32\mobsync.exe[4184] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4184] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [8D, 71]
.text C:\Windows\System32\mobsync.exe[4184] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4184] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [84, 71]
.text C:\Windows\System32\mobsync.exe[4184] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4184] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [8A, 71]
.text C:\Windows\System32\mobsync.exe[4184] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4184] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [90, 71]
.text C:\Windows\System32\mobsync.exe[4184] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 1F, 00]
.text C:\Windows\System32\mobsync.exe[4184] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 71940F5A
.text C:\Windows\System32\mobsync.exe[4184] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71970F5A
.text C:\Windows\System32\mobsync.exe[4184] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\System32\mobsync.exe[4184] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 71A30F5A
.text C:\Windows\System32\mobsync.exe[4184] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 719A0F5A
.text C:\Windows\System32\mobsync.exe[4184] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 71A00F5A
.text C:\Windows\System32\mobsync.exe[4184] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\System32\mobsync.exe[4184] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\mobsync.exe[4184] USER32.dll!SendInput + 4 75B82F79 2 Bytes [A5, 71]
.text C:\Windows\System32\mobsync.exe[4184] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A90F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [87, 71]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [8D, 71]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [84, 71]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [8A, 71]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [90, 71]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 1D, 00]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 71940F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71970F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 71A30F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 719A0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 71A00F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] USER32.dll!SendInput + 4 75B82F79 2 Bytes [A5, 71]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A90F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] WS2_32.dll!connect 771740D9 6 Bytes JMP 717C0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] WS2_32.dll!WSALookupServiceNextW 7717455D 6 Bytes JMP 71820F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] WS2_32.dll!WSALookupServiceBeginW 77174E93 6 Bytes JMP 71760F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] WS2_32.dll!WSALookupServiceEnd 77175564 6 Bytes JMP 717F0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[4548] WS2_32.dll!listen 77178CD7 6 Bytes JMP 71790F5A
.text C:\Users\User\Desktop\myffbimt.exe[5024] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Users\User\Desktop\myffbimt.exe[5024] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [87, 71]
.text C:\Users\User\Desktop\myffbimt.exe[5024] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Users\User\Desktop\myffbimt.exe[5024] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [8D, 71]
.text C:\Users\User\Desktop\myffbimt.exe[5024] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Users\User\Desktop\myffbimt.exe[5024] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [84, 71]
.text C:\Users\User\Desktop\myffbimt.exe[5024] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Users\User\Desktop\myffbimt.exe[5024] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [8A, 71]
.text C:\Users\User\Desktop\myffbimt.exe[5024] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Users\User\Desktop\myffbimt.exe[5024] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [90, 71]
.text C:\Users\User\Desktop\myffbimt.exe[5024] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 37, 00]
.text C:\Users\User\Desktop\myffbimt.exe[5024] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 719D0F5A
.text C:\Users\User\Desktop\myffbimt.exe[5024] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 71A30F5A
.text C:\Users\User\Desktop\myffbimt.exe[5024] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 719A0F5A
.text C:\Users\User\Desktop\myffbimt.exe[5024] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 71A00F5A
.text C:\Users\User\Desktop\myffbimt.exe[5024] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71AC0F5A
.text C:\Users\User\Desktop\myffbimt.exe[5024] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Users\User\Desktop\myffbimt.exe[5024] USER32.dll!SendInput + 4 75B82F79 2 Bytes [A5, 71]
.text C:\Users\User\Desktop\myffbimt.exe[5024] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A90F5A
.text C:\Users\User\Desktop\myffbimt.exe[5024] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 71940F5A
.text C:\Users\User\Desktop\myffbimt.exe[5024] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71970F5A
.text C:\Windows\System32\rundll32.exe[7700] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[7700] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [7F, 71] {JG 0x73}
.text C:\Windows\System32\rundll32.exe[7700] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[7700] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [85, 71]
.text C:\Windows\System32\rundll32.exe[7700] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[7700] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [7C, 71] {JL 0x73}
.text C:\Windows\System32\rundll32.exe[7700] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[7700] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [82, 71]
.text C:\Windows\System32\rundll32.exe[7700] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[7700] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [8A, 71]
.text C:\Windows\System32\rundll32.exe[7700] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 0E, 00]
.text C:\Windows\System32\rundll32.exe[7700] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 71970F5A
.text C:\Windows\System32\rundll32.exe[7700] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 719D0F5A
.text C:\Windows\System32\rundll32.exe[7700] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 71940F5A
.text C:\Windows\System32\rundll32.exe[7700] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 719A0F5A
.text C:\Windows\System32\rundll32.exe[7700] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71A60F5A
.text C:\Windows\System32\rundll32.exe[7700] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[7700] USER32.dll!SendInput + 4 75B82F79 2 Bytes [9F, 71]
.text C:\Windows\System32\rundll32.exe[7700] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A30F5A
.text C:\Windows\System32\rundll32.exe[7700] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 718E0F5A
.text C:\Windows\System32\rundll32.exe[7700] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71910F5A
.text C:\Windows\explorer.exe[7772] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[7772] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [87, 71]
.text C:\Windows\explorer.exe[7772] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[7772] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [8D, 71]
.text C:\Windows\explorer.exe[7772] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[7772] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [84, 71]
.text C:\Windows\explorer.exe[7772] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[7772] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [8A, 71]
.text C:\Windows\explorer.exe[7772] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[7772] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [90, 71]
.text C:\Windows\explorer.exe[7772] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 19, 00] {OR AL, [EAX]; SBB [EAX], EAX}
.text C:\Windows\explorer.exe[7772] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 71940F5A
.text C:\Windows\explorer.exe[7772] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71970F5A
.text C:\Windows\explorer.exe[7772] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\explorer.exe[7772] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 71A30F5A
.text C:\Windows\explorer.exe[7772] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 719A0F5A
.text C:\Windows\explorer.exe[7772] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 71A00F5A
.text C:\Windows\explorer.exe[7772] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\explorer.exe[7772] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[7772] USER32.dll!SendInput + 4 75B82F79 2 Bytes [A5, 71]
.text C:\Windows\explorer.exe[7772] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A90F5A
.text C:\Windows\explorer.exe[7772] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5 75FBB37C 4 Bytes [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
.text C:\Windows\explorer.exe[7772] WS2_32.dll!connect 771740D9 6 Bytes JMP 71790F5A
.text C:\Windows\explorer.exe[7772] WS2_32.dll!WSALookupServiceNextW 7717455D 6 Bytes JMP 71700F5A
.text C:\Windows\explorer.exe[7772] WS2_32.dll!WSALookupServiceBeginW 77174E93 6 Bytes JMP 71730F5A
.text C:\Windows\explorer.exe[7772] WS2_32.dll!WSALookupServiceEnd 77175564 6 Bytes JMP 716D0F5A
.text C:\Windows\explorer.exe[7772] WS2_32.dll!listen 77178CD7 6 Bytes JMP 71760F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ntdll.dll!NtCreateFile 770A4224 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ntdll.dll!NtCreateFile + 4 770A4228 2 Bytes [87, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ntdll.dll!NtDeleteValueKey 770A4644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ntdll.dll!NtDeleteValueKey + 4 770A4648 2 Bytes [8D, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ntdll.dll!NtOpenFile 770A4A04 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ntdll.dll!NtOpenFile + 4 770A4A08 2 Bytes [84, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ntdll.dll!NtOpenProcess 770A4A84 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ntdll.dll!NtOpenProcess + 4 770A4A88 2 Bytes [8A, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ntdll.dll!NtSetValueKey 770A52A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ntdll.dll!NtSetValueKey + 4 770A52A8 2 Bytes [90, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] kernel32.dll!LoadLibraryExW + 248 76AC9351 4 Bytes [0A, 00, 1B, 00] {OR AL, [EAX]; SBB EAX, [EAX]}
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ADVAPI32.dll!CreateServiceW 76EE9EB4 6 Bytes JMP 71940F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] ADVAPI32.dll!CreateServiceA 76F272A1 6 Bytes JMP 71970F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] USER32.dll!PostMessageA 75B5F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] USER32.dll!SendMessageA 75B5F956 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] USER32.dll!PostMessageW 75B6A175 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] USER32.dll!SendMessageW 75B70AED 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] USER32.dll!mouse_event 75B8044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] USER32.dll!SendInput 75B82F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] USER32.dll!SendInput + 4 75B82F79 2 Bytes [A5, 71]
.text C:\Windows\system32\wbem\unsecapp.exe[8056] USER32.dll!keybd_event 75BAD972 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] WS2_32.dll!connect 771740D9 6 Bytes JMP 717C0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] WS2_32.dll!WSALookupServiceNextW 7717455D 6 Bytes JMP 71820F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] WS2_32.dll!WSALookupServiceBeginW 77174E93 6 Bytes JMP 71760F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] WS2_32.dll!WSALookupServiceEnd 77175564 6 Bytes JMP 717F0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[8056] WS2_32.dll!listen 77178CD7 6 Bytes JMP 71790F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73F17817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [73F6A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [73F1BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [73F0F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73F175E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [73F0E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73F48395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [73F1DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73F0FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [73F0FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [73F071CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [73F9CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [73F3C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [73F0D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [73F06853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [73F0687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73F12AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002B60] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\explorer.exe[7772] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [7001F3FB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.***\OpenWithProgids@\xa0\xa0\xa0_auto_file

---- EOF - GMER 1.0.15 ----
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 4/26/2008 1:25:22 AM
System Uptime: 4/9/2011 11:49:52 AM (4 hours ago)
.
Motherboard: Acer | | WMCP78M
Processor: Athlon 64 Dual Core 5000+ | Socket AM2 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 67 GiB total, 0.939 GiB free.
D: is Removable
E: is FIXED (NTFS) - 72 GiB total, 2.225 GiB free.
F: is CDROM (UDF)
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1404: 4/9/2011 12:10:53 PM - Device Driver Package Install: ZTE Corporation Ports (COM & LPT)
.
==== Installed Programs ======================
.
Acer eDataSecurity Management
Acer Empowering Technology
Acer eRecovery Management
Acer eSettings Management
Acer GameZone Console DTV 2.0.1.1
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Advanced SystemCare 3
Ashampoo Burning Studio 6 FREE
Ask Toolbar
Audacity 1.2.6
BitTorrent
Compatibility Pack for the 2007 Office system
Emsisoft Anti-Malware 5.1
eSobi v2
Glary Utilities Pro 2.32.0.1126
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImagXpress
IObit Security 360
IZArc 4.1.6
Java Auto Updater
Java(TM) 6 Update 24
K-Lite Mega Codec Pack 6.8.0
LightScribe 1.4.142.1
LimeWire 5.6.2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Moyea YouTube FLV Downloader version: 3.1.2.23
MSVC80_x86_v2
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
Mystery Case Files - Huntsville
neroxml
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.5
Nokia PC Suite
NTI Backup Now 5
NTI Backup Now Standard
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
PC Connectivity Solution
Photo Pos Pro
PhotoNow!
Picture Package Music Transfer
PowerDirector (Acer DT)
PowerDVD 7.0 with 5.1ch
PVSonyDll
RealPlayer
Realtek High Definition Audio Driver
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
SMART BRO
Spyware Terminator
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
USB Video Device
VC 9.0 Runtime
VideoLAN VLC media player 0.8.6i
VirtuaGirl version 1.0.5.2
VistaGlazz 2.2
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
WinRAR archiver
Wise Registry Cleaner 5.9.4
Yahoo! Toolbar
Yahoo!7 Messenger
YASA AVI WMV ASF MOV VOB to MP3 Converter v2.6 (build 0048)
.
==== Event Viewer Messages From Past Week ========
.
4/9/2011 6:31:33 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
4/9/2011 2:59:45 PM, Error: nvstor32 [5] - A parity error was detected on \Device\RaidPort0.
4/9/2011 2:34:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/9/2011 2:34:04 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/9/2011 2:33:58 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/9/2011 2:32:20 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Microsoft Office Document Image Writer with shared resource name Microsoft Office Document Image Writer. Error 2114. The printer cannot be used by others on the network.
4/9/2011 2:32:19 AM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\User\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.
4/9/2011 12:02:37 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
4/9/2011 12:01:27 PM, Error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s).
4/9/2011 12:01:06 PM, Error: Service Control Manager [7031] - The Emsisoft Anti-Malware 5.0 - Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
4/9/2011 11:50:57 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
4/9/2011 11:50:15 AM, Error: volmgr [46] - Crash dump initialization failed!
4/8/2011 6:52:28 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
4/8/2011 6:36:04 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: a2injectiondriver AFD DfsC i8042prt NetBIOS netbt NetworkX nsiproxy PSched RasAcd rdbss Smb spldr sp_rsdrv2 StarOpen tdx Wanarpv6 ws2ifsl
4/8/2011 6:36:04 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2011 6:36:04 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2011 6:36:04 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2011 6:36:04 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2011 6:36:04 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2011 6:36:04 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2011 6:36:04 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2011 6:36:04 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2011 6:36:04 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2011 6:36:04 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/8/2011 6:36:04 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2011 6:36:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/8/2011 6:35:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/8/2011 6:35:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/8/2011 6:35:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/8/2011 6:35:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/8/2011 12:34:36 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/8/2011 1:40:49 AM, Error: Service Control Manager [7000] - The Nero BackItUp Scheduler 4.0 service failed to start due to the following error: The system cannot find the file specified.
4/7/2011 6:08:49 PM, Error: Service Control Manager [7034] - The NTI Backup Now 5 Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
4/7/2011 5:06:57 PM, Error: EventLog [6008] - The previous system shutdown at 4:04:45 PM on 4/7/2011 was unexpected.
4/6/2011 3:15:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/6/2011 2:44:09 AM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
4/6/2011 12:39:04 AM, Error: EventLog [6008] - The previous system shutdown at 12:36:47 AM on 4/6/2011 was unexpected.
4/5/2011 8:37:42 PM, Error: EventLog [6008] - The previous system shutdown at 6:11:41 PM on 4/5/2011 was unexpected.
4/5/2011 6:31:42 AM, Error: EventLog [6008] - The previous system shutdown at 5:17:53 PM on 4/4/2011 was unexpected.
4/4/2011 4:22:54 PM, Error: EventLog [6008] - The previous system shutdown at 4:20:59 PM on 4/4/2011 was unexpected.
4/4/2011 3:01:37 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user User-PC\User SID (S-1-5-21-597965172-4143358414-47882212-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/4/2011 3:01:37 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {682159D9-C321-47CA-B3F1-30E36B2EC8B9} to the user User-PC\User SID (S-1-5-21-597965172-4143358414-47882212-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/2/2011 4:15:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC i8042prt NetBIOS netbt NetworkX nsiproxy PSched RasAcd rdbss Smb spldr sp_rsdrv2 StarOpen tdx Wanarpv6 ws2ifsl
4/2/2011 4:15:49 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.101.352.0 Loading engine version: 1.1.6702.0
4/2/2011 1:51:27 AM, Error: EventLog [6008] - The previous system shutdown at 11:06:46 PM on 4/1/2011 was unexpected.
.
==== End Of File ===========================
 
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by User at 15:25:02.05 on Sat 04/09/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.63.1033.18.894.254 [GMT 8:00]
.
AV: Emsisoft Anti-Malware *Disabled/Updated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Emsisoft Anti-Malware *Disabled/Updated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Windows\system32\crypserv.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://en.ph.acer.yahoo.com
uSearchURL,(Default) = hxxp://au.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://au.search.yahoo.com
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: AutorunsDisabled - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [EmpoweringTechnology] c:\program files\acer\empowering technology\Framework.Launcher.exe boot
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [Skytel] Skytel.exe
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [a-squared] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
mRun: [Acer Empowering Technology Monitor] c:\program files\acer\empowering technology\SysMonitor.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
uPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
============= SERVICES / DRIVERS ===============
.
R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2011-4-7 41928]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2011-4-7 11776]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-12-27 142592]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2008-3-4 16384]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-4-30 24576]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-4-7 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-4-4 131072]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-6-27 66080]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-4-7 2860800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-24 135664]
S2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-12-27 312152]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-4-7 73728]
S3 RtlProt;RtlProt;c:\windows\system32\drivers\RtlProt.sys [2009-10-6 25896]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-19 753504]
.
=============== Created Last 30 ================
.
2011-04-09 07:20:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-09 07:20:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 07:20:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-09 04:09:53 105088 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-04-09 04:09:53 105088 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-04-09 04:09:53 105088 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2011-04-09 04:09:42 -------- d-----w- c:\windows\system32\SupportAppXL
2011-04-09 04:09:37 -------- d-----w- c:\program files\SMART BRO
2011-04-08 18:41:07 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{fbc80483-db3a-4eaf-be62-abe8b9cb27fd}\mpengine.dll
2011-04-08 07:47:07 -------- d-s---w- C:\Combo-Fix2206C
2011-04-07 22:56:02 -------- d-----w- c:\users\user\appdata\local\temp
2011-04-07 22:55:15 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-07 10:06:33 98816 ----a-w- c:\windows\sed.exe
2011-04-07 10:06:33 89088 ----a-w- c:\windows\MBR.exe
2011-04-07 10:06:33 256512 ----a-w- c:\windows\PEV.exe
2011-04-07 10:06:33 161792 ----a-w- c:\windows\SWREG.exe
2011-04-07 10:06:12 -------- d-----w- C:\Combo-Fix
2011-04-06 19:24:15 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-04-05 20:02:23 -------- d-----w- c:\users\user\appdata\roaming\LimeWire
2011-04-05 20:01:00 -------- d-----w- c:\program files\LimeWire
2011-03-27 16:42:19 -------- d-----w- c:\program files\Ask.com
2011-03-27 16:41:45 -------- d-----w- c:\program files\Wise Registry Cleaner
2011-03-27 16:18:39 -------- d-----w- c:\users\user\appdata\local\PackageAware
2011-03-22 20:00:13 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-22 20:00:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-22 20:00:13 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-15 20:57:53 4 ----a-w- c:\windows\info147.sys
2011-03-15 20:54:16 -------- d-----w- c:\program files\IZArc
2011-03-14 22:22:17 3 ----a-w- c:\windows\treeskp.sys
2011-03-14 22:22:17 3 ----a-w- c:\windows\sbacknt.bin
2011-03-14 22:19:55 -------- d-----w- c:\users\user\appdata\local\vghd
.
==================== Find3M ====================
.
2011-02-02 13:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 10:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-13 08:00:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-10 11:18:42 2131336 ----a-w- c:\program files\common files\AskToolbarInstaller.exe
.
============= FINISH: 15:26:39.21 ===============
 
So far, I don't see much.

Uninstall Ask Toolbar, known foistware.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 11-04-08.03 - User 04/10/2011 2:43.3.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.63.1033.18.894.528 [GMT 8:00]
Running from: c:\users\User\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}
SP: Emsisoft Anti-Malware *Disabled/Updated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-09 to 2011-04-09 )))))))))))))))))))))))))))))))
.
.
2011-04-09 18:50 . 2011-04-09 18:50 -------- d-----w- c:\users\User\AppData\Local\temp
2011-04-09 18:50 . 2011-04-09 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-09 07:20 . 2010-12-20 10:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-09 07:20 . 2011-04-09 07:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-09 07:20 . 2010-12-20 10:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 04:09 . 2009-10-13 12:09 105088 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-04-09 04:09 . 2009-10-13 12:09 105088 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2011-04-09 04:09 . 2009-10-13 12:09 105088 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-04-09 04:09 . 2011-04-09 04:11 -------- d-----w- c:\windows\system32\SupportAppXL
2011-04-09 04:09 . 2011-04-09 17:36 -------- d-----w- c:\program files\SMART BRO
2011-04-08 18:41 . 2011-03-15 04:05 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FBC80483-DB3A-4EAF-BE62-ABE8B9CB27FD}\mpengine.dll
2011-04-07 11:40 . 2011-04-07 11:40 -------- d-----w- c:\program files\Common Files\Java
2011-04-07 10:06 . 2011-04-07 10:40 -------- d-----w- C:\Combo-Fix
2011-04-06 19:24 . 2011-04-09 15:53 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-04-05 20:02 . 2011-04-09 15:54 -------- d-----w- c:\users\User\AppData\Roaming\LimeWire
2011-04-05 20:01 . 2011-04-05 20:01 -------- d-----w- c:\program files\LimeWire
2011-03-27 16:41 . 2011-03-27 16:49 -------- d-----w- c:\program files\Wise Registry Cleaner
2011-03-27 16:18 . 2011-03-27 16:18 -------- d-----w- c:\users\User\AppData\Local\PackageAware
2011-03-22 20:00 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-22 20:00 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-03-22 20:00 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-03-15 20:57 . 2011-03-15 20:57 4 ----a-w- c:\windows\info147.sys
2011-03-15 20:54 . 2011-03-15 20:55 -------- d-----w- c:\program files\IZArc
2011-03-14 22:22 . 2011-03-15 00:45 3 ----a-w- c:\windows\treeskp.sys
2011-03-14 22:22 . 2011-03-15 00:45 3 ----a-w- c:\windows\sbacknt.bin
2011-03-14 22:19 . 2011-03-15 21:28 -------- d-----w- c:\users\User\AppData\Local\vghd
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 13:40 . 2010-04-21 00:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 10:11 . 2009-10-10 00:03 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-20 16:37 . 2011-02-09 17:19 638336 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-01-20 16:08 . 2011-02-09 17:19 478720 ----a-w- c:\windows\system32\dxgi.dll
2011-01-20 16:08 . 2011-02-09 17:19 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-01-20 16:08 . 2011-02-09 17:19 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-01-20 16:08 . 2011-02-09 17:19 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-01-20 16:08 . 2011-02-09 17:19 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-01-20 16:07 . 2011-02-09 17:19 37376 ----a-w- c:\windows\system32\cdd.dll
2011-01-20 16:07 . 2011-02-09 17:19 258048 ----a-w- c:\windows\system32\winspool.drv
2011-01-20 16:07 . 2011-02-09 17:19 586240 ----a-w- c:\windows\system32\stobject.dll
2011-01-20 16:06 . 2011-02-09 17:19 2873344 ----a-w- c:\windows\system32\mf.dll
2011-01-20 16:06 . 2011-02-09 17:19 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2011-01-20 16:04 . 2011-02-09 17:19 209920 ----a-w- c:\windows\system32\mfplat.dll
2011-01-20 16:04 . 2011-02-09 17:19 98816 ----a-w- c:\windows\system32\mfps.dll
2011-01-20 14:28 . 2011-02-09 17:19 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-01-20 14:27 . 2011-02-09 17:19 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-20 14:26 . 2011-02-09 17:19 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2011-01-20 14:25 . 2011-02-09 17:19 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-01-20 14:24 . 2011-02-09 17:19 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-01-20 14:15 . 2011-02-09 17:19 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-01-20 14:14 . 2011-02-09 17:19 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2011-01-20 14:14 . 2011-02-09 17:19 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2011-01-20 14:14 . 2011-02-09 17:19 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-20 14:12 . 2011-02-09 17:19 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-01-20 14:11 . 2011-02-09 17:19 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-01-20 13:47 . 2011-02-09 17:19 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-01-13 08:00 . 2011-02-11 13:26 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-10 11:18 . 2010-06-24 09:02 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-05 06:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-26 5369856]
"EmpoweringTechnology"="c:\program files\Acer\Empowering Technology\Framework.Launcher.exe" [2008-04-25 319488]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 526896]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"a-squared"="c:\program files\EMSISOFT ANTI-MALWARE\a2guard.exe" [2011-03-10 3438992]
"Acer Empowering Technology Monitor"="c:\program files\Acer\Empowering Technology\SysMonitor.exe" [2008-04-25 319488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-11-8 503808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 00:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-07 05:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IObit Security 360]
2010-06-11 10:14 1280344 ----a-w- c:\program files\IObit\IObit Security 360\is360tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-12-27 01:46 3318784 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe"
"snp2uvc"=c:\windows\vsnp2uvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [2010-09-05 41928]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [2010-05-05 11776]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-12-27 142592]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-04-25 24576]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-24 135664]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-07 50424]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-02-20 73728]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-27 66080]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [x]
R3 RtlProt;RtlProt;c:\windows\System32\Drivers\RtlProt.sys [2007-04-23 25896]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\EMSISOFT ANTI-MALWARE\a2service.exe [2011-03-29 2860800]
R4 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [2010-06-11 312152]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-07 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2011-04-05 05:53]
.
2011-04-07 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\Glary Utilities\initialize.exe [2011-03-08 03:28]
.
2011-01-12 c:\windows\Tasks\User_Feed_Synchronization-{81FC29B7-D5F5-4C72-B0E4-C8D48262339A}.job
- c:\windows\system32\msfeedssync.exe [2011-02-09 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://en.ph.acer.yahoo.com
uSearchURL,(Default) = hxxp://au.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://au.search.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: %SYSTEMROOT%\system32\nvLsp.dll
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-10 02:50
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(392)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Completion time: 2011-04-10 02:53:58
ComboFix-quarantined-files.txt 2011-04-09 18:53
ComboFix2.txt 2011-04-09 18:35
ComboFix3.txt 2011-04-07 22:56
.
Pre-Run: 1,302,425,600 bytes free
Post-Run: 1,199,312,896 bytes free
.
- - End Of File - - 13087A16176C4C506BBCFAED397077D6
 
Looks clean too.

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

=====================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
 
hi! base on your observation, can you give me the cause why my pc seems to be running sluggish after sometime (if not because of malware), physical memory is spiking high. before its not.

also, i just wanted to ask if there are any anti-virus/spyware i needed to uninstall because its not applicable or it may interfere with other programs of the same category. and after all the fix, will i delete all the programs u asked me to download or shall i leave some of it because it can be useful for me in the future? tnx in advance..
 
Yes, you can simply delete all of those programs, except for MBAM, which you should run once in a while.

How much RAM do you have?
 
ESET log:

C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\VM2UV5LW\main[1].htm HTML/ScrInject.B.Gen virus

about my RAM, it's 1GB... anyway, if no serious threats on my system that's good news. i might have removed it earlier when i tried to do manual cleaning. i wasn't sure i got rid of everything... also, i downloaded previously a combofix.exe before you asked me to DL again, i find it hard to remove some of it's contents... specially a folder under Qoobox. it's always "access denied". i can't find uninstall... tnx a lot..
 
Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

To remove Qoobox folder....

Download, and install Unlocker: http://cedrick.collomb.perso.sfr.fr/unlocker/
Restart computer.
It'll install under right click menu.

Open Windows Explorer.
Navigate to offending folder/file.

Right click on a folder/file. Click Unlocker
Select Delete from drop-down menu:

p4025001.gif


Click OK.
A folder/file will refuse to be deleted, but Unlocker will give you an option to delete on reboot:

p4038487.gif


Click Yes.
Restart computer.

==============================================================

If the above doesn't work, try...

LockHunter: http://lockhunter.com/

FileASSASSIN: http://www.snapfiles.com/get/fileassassin.html


Other than that, all looks clean.
 
ei! i've completed the instructions.. somehow, my pc performance became snappy. i think i'm done now. thank you very much for the tips. it was really helpful. thanks again!
 
Status
Not open for further replies.

Similar threads

Bob O'Donnell
Is there still room to innovate in PC design? HP seems to think so.
Replies
1
Views
329
Theinsanegamer
T
yRaz
My current switch from Microsoft to Linux, de-googling my life and what it takes.
Replies
2
Views
2K
yRaz
yRaz
ootdega
Process Explorer "Replace Task Manager" function randomly cancels itself (Windows 7)
Replies
0
Views
1K
ootdega
ootdega

Latest posts

Back