Ive been running a program called System Mechanic. I got a call from them today where they said I was getting attempts from Hackers trying to invade my computer. In the Event Viewer it showed 77 Warnings and Errors (see pic). For all I know it couldve been THEIR program that installed them in the first place! But Im not that paranoid
normally. And I wouldnt have been now if it wasnt for the fact that after they took over my computer online they then tried to sell me a package to clean up my computer that consisted of the following:
Remove all infection & errors & warnings
Remove red infection
Remove all Hackers zone & trojan virus
Reprogram Network
Ip Address security
Home Network security with Internet security lifetime
Anti Hacking Tools lifetime
Block the getway service for Hackers
Reinstal all protection & programing service
Replace all currupted fiels with working files
Replace system mechanic with latest version 12.7 pro with licence key (free Updation)
====================================================
Software warranty with Unlimited tech support(24x7) hrs
2 hrs 2 Tech
3 years - 1comp=$199.99
Lifetime- 5 comp + all device= $299.99
303-351-5186 phone ext 221
I told them Id let them know.
So now I dont know what to believe! Im sure there is something slowing up my computer but I know its not worth the $300.00 they want to charge me. They went on to show me all of the things in the System Configuration box that are STOPPED and claimed they would have to purchase a Microsoft license and have to reload and reconfigure my Network , etc
So Im here looking for the truth and how to resolve the issue.
Below is my information:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:15:34 PM, on 5/9/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe
C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe
C:\Program Files\iolo\System Mechanic\ioloGovernor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\RarmaRadio\RarmaRadio.exe
C:\Documents and Settings\Owner\Desktop\meterH.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\IPS\IPSBHO.DLL
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll
O3 - Toolbar: (no name) - {434D472D-5637-006A-76A7-7A786E7484D7} - (no file)
O4 - HKLM\..\Run: [ioloGovernor] C:\Program Files\iolo\System Mechanic\ioloGovernor.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search Image on TinEye - file://C:\Documents and Settings\Owner\My Documents\TinEye IE Plugin\TinEye.js
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanc...instmodule.exe
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - http://content.systemrequirementslab...l_4.5.13.0.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe
--
End of file - 6214 bytes
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.55.2
Run by Owner at 18:21:34 on 2014-05-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.772 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe
C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe
C:\Program Files\iolo\System Mechanic\ioloGovernor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\RarmaRadio\RarmaRadio.exe
C:\Documents and Settings\Owner\Desktop\meterH.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\21.2.0.38\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\21.2.0.38\ips\ipsbho.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\21.2.0.38\coieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ioloGovernor] c:\program files\iolo\system mechanic\ioloGovernor.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Search Image on TinEye - c:\documents and settings\owner\my documents\tineye ie plugin\TinEye.js
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1362001188500
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{7D688A97-0443-4D60-874A-3B706DCB0ACC} : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{CC5F00C4-DE79-4137-845C-70F378A5F7CA} : DHCPNameServer = 192.168.2.1
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\i4463fux.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1502000.026\symds.sys [2014-4-3 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1502000.026\symefa.sys [2014-4-3 936152]
R1 BHDrvx86;BHDrvx86;c:\program files\norton security suite\nortondata\21.1.0.18\definitions\bashdefs\20140409.001\BHDrvx86.sys [2014-4-19 1098968]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1502000.026\ccsetx86.sys [2014-4-3 127064]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1502000.026\ironx86.sys [2014-4-3 206936]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2014-4-24 4492776]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\21.2.0.38\n360.exe [2014-4-3 265040]
R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2014-4-24 68464]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-12-18 108120]
R3 IDSxpx86;IDSxpx86;c:\program files\norton security suite\nortondata\21.1.0.18\definitions\ipsdefs\20140508.001\IDSXpx86.sys [2014-5-9 383120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-12 22856]
R3 NAVENG;NAVENG;c:\program files\norton security suite\nortondata\21.1.0.18\definitions\virusdefs\20140509.004\NAVENG.SYS [2014-5-9 93272]
R3 NAVEX15;NAVEX15;c:\program files\norton security suite\nortondata\21.1.0.18\definitions\virusdefs\20140509.004\NAVEX15.SYS [2014-5-9 1612376]
S0 auavjpga;auavjpga;c:\windows\system32\drivers\wwvdd.sys --> c:\windows\system32\drivers\wwvdd.sys [?]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-12 701512]
S3 cpudrv;cpudrv;\??\c:\program files\systemrequirementslab\cpudrv.sys --> c:\program files\systemrequirementslab\cpudrv.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-5-9 40776]
S4 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-12 418376]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=NOTEPAD.EXE "%1"
FileExt: .vbs: VBSFile=NOTEPAD.EXE "%1"
FileExt: .js: JSFile=NOTEPAD.EXE "%1"
FileExt: .jse: JSEFile=NOTEPAD.EXE "%1"
FileExt: .wsf: WSFFile=NOTEPAD.EXE "%1"
.
=============== Created Last 30 ================
.
2014-05-09 20:15:13 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-04-24 23:05:26 2097984 ----a-w- c:\windows\system32\Incinerator32.dll
2014-04-24 23:05:10 68464 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys
2014-04-24 23:05:09 41616 ----a-w- c:\windows\system32\iolobtdfg.exe
2014-04-24 23:05:09 23568 ----a-w- c:\windows\system32\smrgdf.exe
2014-04-24 23:05:09 -------- d-----w- c:\documents and settings\all users\application data\ioloGovernor
2014-04-24 23:05:07 -------- d-----w- c:\documents and settings\owner\application data\ioloGovernor
2014-04-24 23:05:06 56200 ----a-w- c:\windows\system32\offreg.dll
2014-04-24 23:04:58 -------- d-----w- c:\program files\iolo
2014-04-24 23:02:34 74703 ----a-w- c:\windows\system32\mfc45.dll
2014-04-24 23:02:34 -------- d-----w- c:\documents and settings\owner\application data\iolo
2014-04-24 23:02:34 -------- d-----w- c:\documents and settings\all users\application data\iolo
2014-04-19 05:30:03 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-04-19 05:29:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2014-04-29 02:27:37 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 02:27:37 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-06 17:59:23 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59:22 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59:22 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 17:59:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46:54 385024 ----a-w- c:\windows\system32\html.iec
2014-03-04 04:18:12 936152 ----a-w- c:\windows\system32\drivers\n360\1502000.026\symefa.sys
2014-02-26 01:59:05 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-18 01:32:41 447704 ----a-w- c:\windows\system32\drivers\n360\1502000.026\symnets.sys
2014-02-18 01:32:41 423256 ----a-w- c:\windows\system32\drivers\n360\1502000.026\symtdi.sys
2014-02-18 01:32:41 384728 ----a-w- c:\windows\system32\drivers\n360\1502000.026\symtdiv.sys
2014-02-13 01:59:49 664280 ----a-w- c:\windows\system32\drivers\n360\1502000.026\srtsp.sys
2011-03-30 16:40:34 517976 ----a-w- c:\program files\DXSETUP.exe
2011-03-30 16:40:32 95576 ----a-w- c:\program files\DSETUP.dll
2011-03-30 16:40:32 1566040 ----a-w- c:\program files\dsetup32.dll
.
============= FINISH: 18:22:26.09 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/27/2013 4:48:21 PM
System Uptime: 5/9/2014 5:41:33 PM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 02X378
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | Microprocessor | 1992/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 231.427 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 37 GiB total, 34.76 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP370: 2/8/2014 9:58:58 AM - System Checkpoint
RP371: 2/9/2014 10:59:51 AM - System Checkpoint
RP372: 2/9/2014 5:13:34 PM - Ace Utilities : Before Registry Cleanup
RP373: 2/10/2014 7:16:16 PM - System Checkpoint
RP374: 2/11/2014 6:45:03 PM - Software Distribution Service 3.0
RP375: 2/12/2014 12:22:46 AM - Ace Utilities : Before Registry Cleanup
RP376: 2/13/2014 11:23:34 AM - System Checkpoint
RP377: 2/14/2014 4:24:49 PM - System Checkpoint
RP378: 2/15/2014 1:46:06 PM - Removed Ask Toolbar
RP379: 2/15/2014 5:42:33 PM - Ace Utilities : Before Registry Cleanup
RP380: 2/16/2014 11:35:31 PM - System Checkpoint
RP381: 2/17/2014 3:07:04 PM - Ace Utilities : Before Registry Cleanup
RP382: 2/18/2014 6:22:23 PM - System Checkpoint
RP383: 2/19/2014 11:56:39 PM - System Checkpoint
RP384: 2/21/2014 12:04:46 AM - System Checkpoint
RP385: 2/22/2014 10:30:58 AM - Ace Utilities : Before Registry Cleanup
RP386: 2/23/2014 9:36:33 PM - System Checkpoint
RP387: 2/23/2014 11:41:32 PM - Ace Utilities : Before Registry Cleanup
RP388: 2/25/2014 11:09:32 AM - System Checkpoint
RP389: 2/26/2014 6:10:14 PM - System Checkpoint
RP390: 2/27/2014 9:22:21 PM - System Checkpoint
RP391: 2/28/2014 10:22:45 PM - System Checkpoint
RP392: 3/1/2014 3:31:03 PM - Ace Utilities : Before Registry Cleanup
RP393: 3/1/2014 4:06:42 PM - Removed SavetheChildren Reminder by We-Care.com v4.1.26.4
RP394: 3/2/2014 11:30:13 PM - Ace Utilities : Before Registry Cleanup
RP395: 3/4/2014 1:10:35 AM - System Checkpoint
RP396: 3/5/2014 2:14:11 AM - System Checkpoint
RP397: 3/6/2014 4:01:04 AM - System Checkpoint
RP398: 3/6/2014 9:39:07 AM - Software Distribution Service 3.0
RP399: 3/7/2014 1:14:14 PM - System Checkpoint
RP400: 3/8/2014 7:16:19 PM - Ace Utilities : Before Registry Cleanup
RP401: 3/9/2014 11:36:26 PM - System Checkpoint
RP402: 3/10/2014 3:06:59 AM - Ace Utilities : Before Registry Cleanup
RP403: 3/11/2014 6:06:38 AM - System Checkpoint
RP404: 3/12/2014 3:00:18 AM - Software Distribution Service 3.0
RP405: 3/12/2014 11:27:55 PM - Ace Utilities : Before Registry Cleanup
RP406: 3/14/2014 1:01:43 AM - System Checkpoint
RP407: 3/15/2014 1:27:37 AM - System Checkpoint
RP408: 3/16/2014 4:06:27 AM - System Checkpoint
RP409: 3/17/2014 10:14:49 AM - System Checkpoint
RP410: 3/18/2014 10:51:16 AM - System Checkpoint
RP411: 3/18/2014 8:28:20 PM - Software Distribution Service 3.0
RP412: 3/19/2014 10:55:32 PM - System Checkpoint
RP413: 3/21/2014 10:25:08 AM - System Checkpoint
RP414: 3/22/2014 10:53:59 AM - System Checkpoint
RP415: 3/23/2014 6:15:38 PM - System Checkpoint
RP416: 3/24/2014 7:58:08 PM - System Checkpoint
RP417: 3/25/2014 10:33:32 PM - System Checkpoint
RP418: 3/27/2014 11:31:21 AM - System Checkpoint
RP419: 3/27/2014 8:22:28 PM - Ace Utilities : Before Registry Cleanup
RP420: 3/28/2014 11:40:41 PM - System Checkpoint
RP421: 3/30/2014 12:14:17 AM - System Checkpoint
RP422: 3/31/2014 12:33:07 AM - System Checkpoint
RP423: 4/1/2014 12:57:36 AM - System Checkpoint
RP424: 4/2/2014 11:32:13 AM - System Checkpoint
RP425: 4/3/2014 2:23:09 PM - System Checkpoint
RP426: 4/4/2014 1:04:21 AM - Ace Utilities : Before Registry Cleanup
RP427: 4/5/2014 1:54:36 AM - System Checkpoint
RP428: 4/6/2014 7:08:17 AM - System Checkpoint
RP429: 4/6/2014 10:29:39 PM - Ace Utilities : Before Registry Cleanup
RP430: 4/7/2014 11:25:42 PM - System Checkpoint
RP431: 4/8/2014 4:44:30 PM - Software Distribution Service 3.0
RP432: 4/9/2014 6:45:21 PM - System Checkpoint
RP433: 4/9/2014 10:55:35 PM - Ace Utilities : Before Registry Cleanup
RP434: 4/10/2014 11:51:03 PM - System Checkpoint
RP435: 4/12/2014 2:20:48 AM - System Checkpoint
RP436: 4/13/2014 3:16:27 AM - System Checkpoint
RP437: 4/13/2014 8:47:13 AM - Ace Utilities : Before Registry Cleanup
RP438: 4/14/2014 11:29:48 AM - System Checkpoint
RP439: 4/15/2014 6:39:45 PM - System Checkpoint
RP440: 4/16/2014 4:52:18 AM - Ace Utilities : Before Registry Cleanup
RP441: 4/17/2014 11:21:09 AM - System Checkpoint
RP442: 4/18/2014 2:07:42 PM - System Checkpoint
RP443: 4/19/2014 12:28:43 AM - Installed Java 7 Update 55
RP444: 4/19/2014 10:33:31 AM - Ace Utilities : Before Registry Cleanup
RP445: 4/20/2014 4:26:30 PM - System Checkpoint
RP446: 4/21/2014 6:08:06 PM - System Checkpoint
RP447: 4/22/2014 7:34:44 PM - System Checkpoint
RP448: 4/23/2014 10:20:39 PM - System Checkpoint
RP449: 4/25/2014 12:36:51 AM - System Checkpoint
RP450: 4/26/2014 1:54:02 AM - System Checkpoint
RP451: 4/26/2014 1:57:58 PM - Ace Utilities : Before Registry Cleanup
RP452: 4/27/2014 5:14:41 PM - System Checkpoint
RP453: 4/28/2014 5:40:52 PM - System Checkpoint
RP454: 4/29/2014 5:18:30 AM - Ace Utilities : Before Registry Cleanup
RP455: 4/30/2014 10:23:29 AM - System Checkpoint
RP456: 5/1/2014 1:34:38 AM - Ace Utilities : Before Registry Cleanup
RP457: 5/2/2014 8:28:55 AM - Software Distribution Service 3.0
RP458: 5/4/2014 10:01:17 AM - System Checkpoint
RP459: 5/5/2014 1:07:26 AM - Ace Utilities : Before Registry Cleanup
RP460: 5/6/2014 5:22:24 AM - System Checkpoint
RP461: 5/7/2014 2:49:13 PM - System Checkpoint
RP462: 5/8/2014 5:58:13 PM - Ace Utilities : Before Registry Cleanup
.
==== Installed Programs ======================
.
Ace Utilities
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.06)
AI RoboForm (All Users)
Compatibility Pack for the 2007 Office system
Copernic Agent Personal
Copernic Desktop Search - Home
Easy Hi-Q Recorder 2.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP LaserJet P1000 series
HPCarePackProducts
Intel(R) Extreme Graphics Driver
Intel(R) PRO Ethernet Adapter and Software
iolo technologies' System Mechanic
Java 7 Update 55
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
Mp3Gain PRO
Norton Security Suite
Paint XP version 1.1
Paltalk Messenger 11.3
RarmaRadio 2.69
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Smart WAV Converter Pro
SoundMAX
Spybot - Search & Destroy
TinEye Internet Explorer plugin 1.2
TK8 Backup 4.5
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
5/9/2014 3:52:53 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
5/8/2014 5:44:17 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-09 20:07:04
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD3200AAJB-00J3A0 rev.01.03E01 298.09GB
Running: 4t7f1vyw.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdypow.sys
---- System - GMER 2.1 ----
SSDT 8968D8E0 ZwAlertResumeThread
SSDT 8968D978 ZwAlertThread
SSDT 89647840 ZwAllocateVirtualMemory
SSDT 896A5B88 ZwAssignProcessToJobObject
SSDT 89786710 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey [0xB1C7BF50]
SSDT 8968D708 ZwCreateMutant
SSDT 896A5A38 ZwCreateSymbolicLinkObject
SSDT 895A18F0 ZwCreateThread
SSDT 896A5C20 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey [0xB1C7C1D0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey [0xB1C7C890]
SSDT 895D36B0 ZwDuplicateObject
SSDT 896476F0 ZwFreeVirtualMemory
SSDT 8968D7B0 ZwImpersonateAnonymousToken
SSDT 8968D848 ZwImpersonateThread
SSDT 898013A8 ZwLoadDriver
SSDT 8968DD90 ZwMapViewOfSection
SSDT 8968D6B0 ZwOpenEvent
SSDT 89596738 ZwOpenProcess
SSDT 895A2740 ZwOpenProcessToken
SSDT 896A5D70 ZwOpenSection
SSDT 895D3738 ZwOpenThread
SSDT 896A5AE0 ZwProtectVirtualMemory
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwRenameKey [0xB1C7CDF0]
SSDT 8968DA10 ZwResumeThread
SSDT 8968DBD8 ZwSetContextThread
SSDT 8968DC70 ZwSetInformationProcess
SSDT 896A5CB8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey [0xB1C7CB10]
SSDT 896A5E08 ZwSuspendProcess
SSDT 8968DAA8 ZwSuspendThread
SSDT 89873408 ZwTerminateProcess
SSDT 8968DB40 ZwTerminateThread
SSDT 8968DD18 ZwUnmapViewOfSection
SSDT 89647798 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !
---- User code sections - GMER 2.1 ----
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003B0048
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 00380050
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 003B020E
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 003B012A
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 003B0682
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 003B059E
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003B03D6
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003B02F2
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [57, 88, EB, F9] {PUSH EDI; MOV BL, CH; STC }
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003B04BA
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 003B0766
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] USER32.dll!CreateSystemThreads + 10A 7E4317F2 7 Bytes JMP 003B092C
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 003B084A
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC24 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7997 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78C9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7934 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E779A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E77FC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E79FA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E785E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 03A40048
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 03A4012A
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 03A40676
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 03A403D0
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 03A40594
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!CreateRemoteThread + 206 7C810702 7 Bytes JMP 03A402EE
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!GetVersionExA + D3 7C810903 7 Bytes JMP 03A40758
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!GetProcessHandleCount + 35 7C862F2F 7 Bytes JMP 03A404B2
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B99 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD1CD C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC24 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546FC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7997 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78C9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7934 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E779A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E77FC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E79FA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E785E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ole32.dll!CreateBindCtx + B5F 774FF177 7 Bytes JMP 03A4091C
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ole32.dll!CoCreateInstance 774FF1D4 5 Bytes JMP 3E2EDC80 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ole32.dll!CoImpersonateClient + 51 77515228 7 Bytes JMP 03A4083A
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ole32.dll!OleLoadFromStream 7752988B 5 Bytes JMP 3E3E7CFF C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 03A40048
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 03A4012A
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 03A40676
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 03A403D0
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 03A40594
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] kernel32.dll!CreateRemoteThread + 206 7C810702 7 Bytes JMP 03A402EE
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] kernel32.dll!GetVersionExA + D3 7C810903 7 Bytes JMP 03A40758
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] kernel32.dll!GetProcessHandleCount + 35 7C862F2F 7 Bytes JMP 03A404B2
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B99 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD1CD C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC24 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546FC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7997 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78C9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7934 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E779A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E77FC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E79FA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E785E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] ole32.dll!CreateBindCtx + B5F 774FF177 7 Bytes JMP 03A4091C
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] ole32.dll!CoCreateInstance 774FF1D4 5 Bytes JMP 3E2EDC80 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] ole32.dll!CoImpersonateClient + 51 77515228 7 Bytes JMP 03A4083A
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] ole32.dll!OleLoadFromStream 7752988B 5 Bytes JMP 3E3E7CFF C:\WINDOWS\system32\IEFRAME.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040211900063D11C8EF10054038389C\Usage@ProductFiles 1151798115
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040211900063D11C8EF10054038389C\Usage@ProductNonBootFiles 1151795817
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040211900063D11C8EF10054038389C\Usage@WORDFiles 1151801945
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040211900063D11C8EF10054038389C\Usage@ASSISTANTFiles 1151795995
---- EOF - GMER 2.1 ----
Remove all infection & errors & warnings
Remove red infection
Remove all Hackers zone & trojan virus
Reprogram Network
Ip Address security
Home Network security with Internet security lifetime
Anti Hacking Tools lifetime
Block the getway service for Hackers
Reinstal all protection & programing service
Replace all currupted fiels with working files
Replace system mechanic with latest version 12.7 pro with licence key (free Updation)
====================================================
Software warranty with Unlimited tech support(24x7) hrs
2 hrs 2 Tech
3 years - 1comp=$199.99
Lifetime- 5 comp + all device= $299.99
303-351-5186 phone ext 221
I told them Id let them know.
So now I dont know what to believe! Im sure there is something slowing up my computer but I know its not worth the $300.00 they want to charge me. They went on to show me all of the things in the System Configuration box that are STOPPED and claimed they would have to purchase a Microsoft license and have to reload and reconfigure my Network , etc
So Im here looking for the truth and how to resolve the issue.
Below is my information:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:15:34 PM, on 5/9/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe
C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe
C:\Program Files\iolo\System Mechanic\ioloGovernor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\RarmaRadio\RarmaRadio.exe
C:\Documents and Settings\Owner\Desktop\meterH.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\IPS\IPSBHO.DLL
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll
O3 - Toolbar: (no name) - {434D472D-5637-006A-76A7-7A786E7484D7} - (no file)
O4 - HKLM\..\Run: [ioloGovernor] C:\Program Files\iolo\System Mechanic\ioloGovernor.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Search Image on TinEye - file://C:\Documents and Settings\Owner\My Documents\TinEye IE Plugin\TinEye.js
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanc...instmodule.exe
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - http://content.systemrequirementslab...l_4.5.13.0.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe
--
End of file - 6214 bytes
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.55.2
Run by Owner at 18:21:34 on 2014-05-09
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.772 [GMT -5:00]
.
AV: Norton Security Suite *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe
C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe
C:\Program Files\iolo\System Mechanic\ioloGovernor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Paltalk Messenger\paltalk.exe
C:\Program Files\RarmaRadio\RarmaRadio.exe
C:\Documents and Settings\Owner\Desktop\meterH.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton security suite\engine\21.2.0.38\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton security suite\engine\21.2.0.38\ips\ipsbho.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
TB: &RoboForm: {724D43A0-0D85-11D4-9908-00400523E39A} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton security suite\engine\21.2.0.38\coieplg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ioloGovernor] c:\program files\iolo\system mechanic\ioloGovernor.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Customize Menu - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Fill Forms - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Search Image on TinEye - c:\documents and settings\owner\my documents\tineye ie plugin\TinEye.js
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1362001188500
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{7D688A97-0443-4D60-874A-3B706DCB0ACC} : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{CC5F00C4-DE79-4137-845C-70F378A5F7CA} : DHCPNameServer = 192.168.2.1
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\i4463fux.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1502000.026\symds.sys [2014-4-3 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1502000.026\symefa.sys [2014-4-3 936152]
R1 BHDrvx86;BHDrvx86;c:\program files\norton security suite\nortondata\21.1.0.18\definitions\bashdefs\20140409.001\BHDrvx86.sys [2014-4-19 1098968]
R1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\n360\1502000.026\ccsetx86.sys [2014-4-3 127064]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1502000.026\ironx86.sys [2014-4-3 206936]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2014-4-24 4492776]
R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\21.2.0.38\n360.exe [2014-4-3 265040]
R2 PDFsFilter;PDFsFilter;c:\windows\system32\drivers\PDFsFilter.sys [2014-4-24 68464]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-12-18 108120]
R3 IDSxpx86;IDSxpx86;c:\program files\norton security suite\nortondata\21.1.0.18\definitions\ipsdefs\20140508.001\IDSXpx86.sys [2014-5-9 383120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-12 22856]
R3 NAVENG;NAVENG;c:\program files\norton security suite\nortondata\21.1.0.18\definitions\virusdefs\20140509.004\NAVENG.SYS [2014-5-9 93272]
R3 NAVEX15;NAVEX15;c:\program files\norton security suite\nortondata\21.1.0.18\definitions\virusdefs\20140509.004\NAVEX15.SYS [2014-5-9 1612376]
S0 auavjpga;auavjpga;c:\windows\system32\drivers\wwvdd.sys --> c:\windows\system32\drivers\wwvdd.sys [?]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-12 701512]
S3 cpudrv;cpudrv;\??\c:\program files\systemrequirementslab\cpudrv.sys --> c:\program files\systemrequirementslab\cpudrv.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-5-9 40776]
S4 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-12 418376]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=NOTEPAD.EXE "%1"
FileExt: .vbs: VBSFile=NOTEPAD.EXE "%1"
FileExt: .js: JSFile=NOTEPAD.EXE "%1"
FileExt: .jse: JSEFile=NOTEPAD.EXE "%1"
FileExt: .wsf: WSFFile=NOTEPAD.EXE "%1"
.
=============== Created Last 30 ================
.
2014-05-09 20:15:13 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-04-24 23:05:26 2097984 ----a-w- c:\windows\system32\Incinerator32.dll
2014-04-24 23:05:10 68464 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys
2014-04-24 23:05:09 41616 ----a-w- c:\windows\system32\iolobtdfg.exe
2014-04-24 23:05:09 23568 ----a-w- c:\windows\system32\smrgdf.exe
2014-04-24 23:05:09 -------- d-----w- c:\documents and settings\all users\application data\ioloGovernor
2014-04-24 23:05:07 -------- d-----w- c:\documents and settings\owner\application data\ioloGovernor
2014-04-24 23:05:06 56200 ----a-w- c:\windows\system32\offreg.dll
2014-04-24 23:04:58 -------- d-----w- c:\program files\iolo
2014-04-24 23:02:34 74703 ----a-w- c:\windows\system32\mfc45.dll
2014-04-24 23:02:34 -------- d-----w- c:\documents and settings\owner\application data\iolo
2014-04-24 23:02:34 -------- d-----w- c:\documents and settings\all users\application data\iolo
2014-04-19 05:30:03 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-04-19 05:29:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2014-04-29 02:27:37 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 02:27:37 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-06 17:59:23 920064 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 17:59:22 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-03-06 17:59:22 18944 ----a-w- c:\windows\system32\corpol.dll
2014-03-06 17:59:22 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 00:46:54 385024 ----a-w- c:\windows\system32\html.iec
2014-03-04 04:18:12 936152 ----a-w- c:\windows\system32\drivers\n360\1502000.026\symefa.sys
2014-02-26 01:59:05 13312 ------w- c:\windows\system32\xp_eos.exe
2014-02-18 01:32:41 447704 ----a-w- c:\windows\system32\drivers\n360\1502000.026\symnets.sys
2014-02-18 01:32:41 423256 ----a-w- c:\windows\system32\drivers\n360\1502000.026\symtdi.sys
2014-02-18 01:32:41 384728 ----a-w- c:\windows\system32\drivers\n360\1502000.026\symtdiv.sys
2014-02-13 01:59:49 664280 ----a-w- c:\windows\system32\drivers\n360\1502000.026\srtsp.sys
2011-03-30 16:40:34 517976 ----a-w- c:\program files\DXSETUP.exe
2011-03-30 16:40:32 95576 ----a-w- c:\program files\DSETUP.dll
2011-03-30 16:40:32 1566040 ----a-w- c:\program files\dsetup32.dll
.
============= FINISH: 18:22:26.09 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2/27/2013 4:48:21 PM
System Uptime: 5/9/2014 5:41:33 PM (1 hours ago)
.
Motherboard: Dell Computer Corp. | | 02X378
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | Microprocessor | 1992/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 231.427 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 37 GiB total, 34.76 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP370: 2/8/2014 9:58:58 AM - System Checkpoint
RP371: 2/9/2014 10:59:51 AM - System Checkpoint
RP372: 2/9/2014 5:13:34 PM - Ace Utilities : Before Registry Cleanup
RP373: 2/10/2014 7:16:16 PM - System Checkpoint
RP374: 2/11/2014 6:45:03 PM - Software Distribution Service 3.0
RP375: 2/12/2014 12:22:46 AM - Ace Utilities : Before Registry Cleanup
RP376: 2/13/2014 11:23:34 AM - System Checkpoint
RP377: 2/14/2014 4:24:49 PM - System Checkpoint
RP378: 2/15/2014 1:46:06 PM - Removed Ask Toolbar
RP379: 2/15/2014 5:42:33 PM - Ace Utilities : Before Registry Cleanup
RP380: 2/16/2014 11:35:31 PM - System Checkpoint
RP381: 2/17/2014 3:07:04 PM - Ace Utilities : Before Registry Cleanup
RP382: 2/18/2014 6:22:23 PM - System Checkpoint
RP383: 2/19/2014 11:56:39 PM - System Checkpoint
RP384: 2/21/2014 12:04:46 AM - System Checkpoint
RP385: 2/22/2014 10:30:58 AM - Ace Utilities : Before Registry Cleanup
RP386: 2/23/2014 9:36:33 PM - System Checkpoint
RP387: 2/23/2014 11:41:32 PM - Ace Utilities : Before Registry Cleanup
RP388: 2/25/2014 11:09:32 AM - System Checkpoint
RP389: 2/26/2014 6:10:14 PM - System Checkpoint
RP390: 2/27/2014 9:22:21 PM - System Checkpoint
RP391: 2/28/2014 10:22:45 PM - System Checkpoint
RP392: 3/1/2014 3:31:03 PM - Ace Utilities : Before Registry Cleanup
RP393: 3/1/2014 4:06:42 PM - Removed SavetheChildren Reminder by We-Care.com v4.1.26.4
RP394: 3/2/2014 11:30:13 PM - Ace Utilities : Before Registry Cleanup
RP395: 3/4/2014 1:10:35 AM - System Checkpoint
RP396: 3/5/2014 2:14:11 AM - System Checkpoint
RP397: 3/6/2014 4:01:04 AM - System Checkpoint
RP398: 3/6/2014 9:39:07 AM - Software Distribution Service 3.0
RP399: 3/7/2014 1:14:14 PM - System Checkpoint
RP400: 3/8/2014 7:16:19 PM - Ace Utilities : Before Registry Cleanup
RP401: 3/9/2014 11:36:26 PM - System Checkpoint
RP402: 3/10/2014 3:06:59 AM - Ace Utilities : Before Registry Cleanup
RP403: 3/11/2014 6:06:38 AM - System Checkpoint
RP404: 3/12/2014 3:00:18 AM - Software Distribution Service 3.0
RP405: 3/12/2014 11:27:55 PM - Ace Utilities : Before Registry Cleanup
RP406: 3/14/2014 1:01:43 AM - System Checkpoint
RP407: 3/15/2014 1:27:37 AM - System Checkpoint
RP408: 3/16/2014 4:06:27 AM - System Checkpoint
RP409: 3/17/2014 10:14:49 AM - System Checkpoint
RP410: 3/18/2014 10:51:16 AM - System Checkpoint
RP411: 3/18/2014 8:28:20 PM - Software Distribution Service 3.0
RP412: 3/19/2014 10:55:32 PM - System Checkpoint
RP413: 3/21/2014 10:25:08 AM - System Checkpoint
RP414: 3/22/2014 10:53:59 AM - System Checkpoint
RP415: 3/23/2014 6:15:38 PM - System Checkpoint
RP416: 3/24/2014 7:58:08 PM - System Checkpoint
RP417: 3/25/2014 10:33:32 PM - System Checkpoint
RP418: 3/27/2014 11:31:21 AM - System Checkpoint
RP419: 3/27/2014 8:22:28 PM - Ace Utilities : Before Registry Cleanup
RP420: 3/28/2014 11:40:41 PM - System Checkpoint
RP421: 3/30/2014 12:14:17 AM - System Checkpoint
RP422: 3/31/2014 12:33:07 AM - System Checkpoint
RP423: 4/1/2014 12:57:36 AM - System Checkpoint
RP424: 4/2/2014 11:32:13 AM - System Checkpoint
RP425: 4/3/2014 2:23:09 PM - System Checkpoint
RP426: 4/4/2014 1:04:21 AM - Ace Utilities : Before Registry Cleanup
RP427: 4/5/2014 1:54:36 AM - System Checkpoint
RP428: 4/6/2014 7:08:17 AM - System Checkpoint
RP429: 4/6/2014 10:29:39 PM - Ace Utilities : Before Registry Cleanup
RP430: 4/7/2014 11:25:42 PM - System Checkpoint
RP431: 4/8/2014 4:44:30 PM - Software Distribution Service 3.0
RP432: 4/9/2014 6:45:21 PM - System Checkpoint
RP433: 4/9/2014 10:55:35 PM - Ace Utilities : Before Registry Cleanup
RP434: 4/10/2014 11:51:03 PM - System Checkpoint
RP435: 4/12/2014 2:20:48 AM - System Checkpoint
RP436: 4/13/2014 3:16:27 AM - System Checkpoint
RP437: 4/13/2014 8:47:13 AM - Ace Utilities : Before Registry Cleanup
RP438: 4/14/2014 11:29:48 AM - System Checkpoint
RP439: 4/15/2014 6:39:45 PM - System Checkpoint
RP440: 4/16/2014 4:52:18 AM - Ace Utilities : Before Registry Cleanup
RP441: 4/17/2014 11:21:09 AM - System Checkpoint
RP442: 4/18/2014 2:07:42 PM - System Checkpoint
RP443: 4/19/2014 12:28:43 AM - Installed Java 7 Update 55
RP444: 4/19/2014 10:33:31 AM - Ace Utilities : Before Registry Cleanup
RP445: 4/20/2014 4:26:30 PM - System Checkpoint
RP446: 4/21/2014 6:08:06 PM - System Checkpoint
RP447: 4/22/2014 7:34:44 PM - System Checkpoint
RP448: 4/23/2014 10:20:39 PM - System Checkpoint
RP449: 4/25/2014 12:36:51 AM - System Checkpoint
RP450: 4/26/2014 1:54:02 AM - System Checkpoint
RP451: 4/26/2014 1:57:58 PM - Ace Utilities : Before Registry Cleanup
RP452: 4/27/2014 5:14:41 PM - System Checkpoint
RP453: 4/28/2014 5:40:52 PM - System Checkpoint
RP454: 4/29/2014 5:18:30 AM - Ace Utilities : Before Registry Cleanup
RP455: 4/30/2014 10:23:29 AM - System Checkpoint
RP456: 5/1/2014 1:34:38 AM - Ace Utilities : Before Registry Cleanup
RP457: 5/2/2014 8:28:55 AM - Software Distribution Service 3.0
RP458: 5/4/2014 10:01:17 AM - System Checkpoint
RP459: 5/5/2014 1:07:26 AM - Ace Utilities : Before Registry Cleanup
RP460: 5/6/2014 5:22:24 AM - System Checkpoint
RP461: 5/7/2014 2:49:13 PM - System Checkpoint
RP462: 5/8/2014 5:58:13 PM - Ace Utilities : Before Registry Cleanup
.
==== Installed Programs ======================
.
Ace Utilities
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.06)
AI RoboForm (All Users)
Compatibility Pack for the 2007 Office system
Copernic Agent Personal
Copernic Desktop Search - Home
Easy Hi-Q Recorder 2.5
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP LaserJet P1000 series
HPCarePackProducts
Intel(R) Extreme Graphics Driver
Intel(R) PRO Ethernet Adapter and Software
iolo technologies' System Mechanic
Java 7 Update 55
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
Mp3Gain PRO
Norton Security Suite
Paint XP version 1.1
Paltalk Messenger 11.3
RarmaRadio 2.69
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2925418)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Smart WAV Converter Pro
SoundMAX
Spybot - Search & Destroy
TinEye Internet Explorer plugin 1.2
TK8 Backup 4.5
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
5/9/2014 3:52:53 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
5/8/2014 5:44:17 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-05-09 20:07:04
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD3200AAJB-00J3A0 rev.01.03E01 298.09GB
Running: 4t7f1vyw.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdypow.sys
---- System - GMER 2.1 ----
SSDT 8968D8E0 ZwAlertResumeThread
SSDT 8968D978 ZwAlertThread
SSDT 89647840 ZwAllocateVirtualMemory
SSDT 896A5B88 ZwAssignProcessToJobObject
SSDT 89786710 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwCreateKey [0xB1C7BF50]
SSDT 8968D708 ZwCreateMutant
SSDT 896A5A38 ZwCreateSymbolicLinkObject
SSDT 895A18F0 ZwCreateThread
SSDT 896A5C20 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteKey [0xB1C7C1D0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwDeleteValueKey [0xB1C7C890]
SSDT 895D36B0 ZwDuplicateObject
SSDT 896476F0 ZwFreeVirtualMemory
SSDT 8968D7B0 ZwImpersonateAnonymousToken
SSDT 8968D848 ZwImpersonateThread
SSDT 898013A8 ZwLoadDriver
SSDT 8968DD90 ZwMapViewOfSection
SSDT 8968D6B0 ZwOpenEvent
SSDT 89596738 ZwOpenProcess
SSDT 895A2740 ZwOpenProcessToken
SSDT 896A5D70 ZwOpenSection
SSDT 895D3738 ZwOpenThread
SSDT 896A5AE0 ZwProtectVirtualMemory
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwRenameKey [0xB1C7CDF0]
SSDT 8968DA10 ZwResumeThread
SSDT 8968DBD8 ZwSetContextThread
SSDT 8968DC70 ZwSetInformationProcess
SSDT 896A5CB8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS ZwSetValueKey [0xB1C7CB10]
SSDT 896A5E08 ZwSuspendProcess
SSDT 8968DAA8 ZwSuspendThread
SSDT 89873408 ZwTerminateProcess
SSDT 8968DB40 ZwTerminateThread
SSDT 8968DD18 ZwUnmapViewOfSection
SSDT 89647798 ZwWriteVirtualMemory
---- Kernel code sections - GMER 2.1 ----
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !
---- User code sections - GMER 2.1 ----
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 003B0048
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ntdll.dll!NtTerminateThread 7C90DE7E 5 Bytes JMP 00380050
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!OpenSCManagerW + A3 77DE6FF8 7 Bytes JMP 003B020E
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!LogonUserExW + 461 77DF4A04 7 Bytes JMP 003B012A
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!SystemFunction025 + 8D 77DF4C61 7 Bytes JMP 003B0682
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!SetServiceObjectSecurity + E3 77E36E64 7 Bytes JMP 003B059E
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!ChangeServiceConfigA + 193 77E36FFC 7 Bytes JMP 003B03D6
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!ChangeServiceConfig2W + 83 77E3720C 2 Bytes JMP 003B02F2
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!ChangeServiceConfig2W + 86 77E3720F 4 Bytes [57, 88, EB, F9] {PUSH EDI; MOV BL, CH; STC }
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!CreateServiceA + 193 77E373A4 7 Bytes JMP 003B04BA
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] ADVAPI32.dll!CreateServiceW + 103 77E374AC 7 Bytes JMP 003B0766
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] USER32.dll!CreateSystemThreads + 10A 7E4317F2 7 Bytes JMP 003B092C
.text C:\Documents and Settings\Owner\Desktop\4t7f1vyw.exe[1044] USER32.dll!DeviceEventWorker + 178 7E45A270 7 Bytes JMP 003B084A
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC24 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7997 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78C9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7934 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E779A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E77FC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E79FA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2276] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E785E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 03A40048
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 03A4012A
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 03A40676
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 03A403D0
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 03A40594
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!CreateRemoteThread + 206 7C810702 7 Bytes JMP 03A402EE
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!GetVersionExA + D3 7C810903 7 Bytes JMP 03A40758
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] kernel32.dll!GetProcessHandleCount + 35 7C862F2F 7 Bytes JMP 03A404B2
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B99 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD1CD C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC24 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546FC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7997 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78C9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7934 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E779A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E77FC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E79FA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E785E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ole32.dll!CreateBindCtx + B5F 774FF177 7 Bytes JMP 03A4091C
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ole32.dll!CoCreateInstance 774FF1D4 5 Bytes JMP 3E2EDC80 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ole32.dll!CoImpersonateClient + 51 77515228 7 Bytes JMP 03A4083A
.text C:\Program Files\Internet Explorer\iexplore.exe[2384] ole32.dll!OleLoadFromStream 7752988B 5 Bytes JMP 3E3E7CFF C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 03A40048
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 03A4012A
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] kernel32.dll!VirtualProtectEx + 6E 7C801ACF 7 Bytes JMP 03A40676
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] kernel32.dll!ReadProcessMemory + 3E 7C80220E 7 Bytes JMP 03A403D0
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 03A40594
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] kernel32.dll!CreateRemoteThread + 206 7C810702 7 Bytes JMP 03A402EE
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] kernel32.dll!GetVersionExA + D3 7C810903 7 Bytes JMP 03A40758
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] kernel32.dll!GetProcessHandleCount + 35 7C862F2F 7 Bytes JMP 03A404B2
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215545 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B99 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD1CD C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDC24 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2546FC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7997 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E78C9 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E7934 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E779A C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E77FC C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E79FA C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E785E C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] ole32.dll!CreateBindCtx + B5F 774FF177 7 Bytes JMP 03A4091C
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] ole32.dll!CoCreateInstance 774FF1D4 5 Bytes JMP 3E2EDC80 C:\WINDOWS\system32\IEFRAME.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] ole32.dll!CoImpersonateClient + 51 77515228 7 Bytes JMP 03A4083A
.text C:\Program Files\Internet Explorer\iexplore.exe[3864] ole32.dll!OleLoadFromStream 7752988B 5 Bytes JMP 3E3E7CFF C:\WINDOWS\system32\IEFRAME.dll
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040211900063D11C8EF10054038389C\Usage@ProductFiles 1151798115
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040211900063D11C8EF10054038389C\Usage@ProductNonBootFiles 1151795817
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040211900063D11C8EF10054038389C\Usage@WORDFiles 1151801945
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040211900063D11C8EF10054038389C\Usage@ASSISTANTFiles 1151795995
---- EOF - GMER 2.1 ----