Tech Support Forum banner
Status
Not open for further replies.

HELP PLEASE!!!!!!!

5K views 1 reply 1 participant last post by  Vladia 
#1 ·
Hi,

For 2 weeks now, I have a problem with my laptop. Finally I just found you via [http://www.techsupportforum.com/forums/f100/malware-removal-help-438072.html] and now I began hoping (please forgive my English!!).
Could you please please help me too?? I have this laptop and more or less these configurations and programs for 3 years now and I never had any problem. And now I have a permanent note on my desktop from Genuine Microsoft that tells me “You may be a victim of software counterfeiting. This copy of Windows did not pass genuine Windows validation.” How come???? I don’t know what it means. I repeat I didn’t change absolutely anything in my programs.

I didn’t seek help until now!!!!!!!! Also because my browsers are hardly moving. It took me hours to get to you (registration and asking help….)
I followed and completed all the required pre-posting steps.
I zipped the texts required with 7-ZIP, the only one I have: when right click, in Send To doesn’t appear the folder you show [Compressed (zipped) Folder]!
I do have access to a boot disk/install disk for my Asus.
In addition to the permanent Genuine Microsoft notification, my background on the desktop disappeared, I tried to put it again but doesn’t last – my desktop now is black. Any activities on Internet are a nightmare – mail & Google.
Avira says:
Master boot sector HD0, Boot sector 'C:\ and Boot sector 'D:\
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Sinowal.knfal back-door program
[NOTE] The boot sector has not been repaired!

In the brief report says: 4 detections; 7 hidden objects; 2 warnings; 9 information and 1 quarantine.
These are all the details I know to give.



The DDS text:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_30
Run by Delia at 11:33:29 on 2012-01-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1492 [GMT 2:00]
.
AV: Avira Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Yahoo!\Search Protection\YspService.exe
C:\WINDOWS\system32\ctfmon.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=APN10023&gct=hp
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Avira SearchFree Toolbar plus Web Protection: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [YSearchProtection] c:\program files\yahoo!\search protection\YspService.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [deskTannenbaum] Disable_By_c:\documents and settings\delia\desktop\Tannenbaum.exe
mRun: [HControl] c:\windows\atk0100\HControl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: &Download All using 4shared Desktop - c:\program files\4shared desktop\down_all.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
LSP: c:\program files\avira\antivir desktop\avsda.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FB4DCB6B-7799-4C11-979C-43463957E42D} : DhcpNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
LSA: Authentication Packages = msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\delia\application data\mozilla\firefox\profiles\pz4kena0.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=
FF - component: c:\documents and settings\delia\application data\mozilla\firefox\profiles\pz4kena0.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\delia\application data\mozilla\firefox\profiles\pz4kena0.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\delia\local settings\application data\yahoo!\browserplus\2.6.0\plugins\npybrowserplus_2.6.0.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extentions.y2layers.installId - abc8c544-3859-4d85-9b1b-98beebbba7da
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
.
============= SERVICES / DRIVERS ===============
.
R0 iastor78;iastor78;c:\windows\system32\drivers\iastor78.sys [2008-6-17 308248]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-8 36000]
R2 AntiVirMailService;Avira Mail Protection;c:\program files\avira\antivir desktop\avmailc.exe [2011-12-24 342480]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-11-8 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-11-8 110032]
R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-11-8 463824]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-11-8 74640]
R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]
R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-15 135664]
S3 65h5bwy.sys;65h5bwy.sys;\??\c:\windows\system32\drivers\65h5bwy.sys --> c:\windows\system32\drivers\65h5bwy.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-7-15 135664]
S3 RkHit;RkHit;\??\c:\windows\system32\drivers\rkhit.sys --> c:\windows\system32\drivers\RKHit.sys [?]
.
=============== Created Last 30 ================
.
2012-01-05 03:38:39 -------- d-----w- c:\documents and settings\delia\local settings\application data\PackageAware
2012-01-03 06:52:39 -------- d-----w- c:\documents and settings\delia\local settings\application data\PCHealth
2011-12-23 09:06:00 -------- d-----w- c:\documents and settings\delia\application data\AskToolbar
2011-12-23 08:06:56 -------- d-----w- c:\program files\Ask.com
2011-12-23 08:06:49 -------- d-----w- c:\documents and settings\delia\local settings\application data\AskToolbar
.
==================== Find3M ====================
.
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 03:54:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 01:27:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:43:21 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:43:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:43:21 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:43:20 17408 ----a-w- c:\windows\system32\corpol.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:33:08 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:03 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-19 14:56:50 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-19 14:56:50 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
============= FINISH: 11:34:09,42 ===============



PLEASE HELP!!!!

Thank you all so much for the time spent for helping us!!!!!!!!!


Vladia
 
See less See more
#2 ·
Sorry to disturb again!!!
I just discovered that my 7-ZIP is not valid for you (I thought is different from WinRar).
Then I read again the post rules and i saw this: Only Attach the logs that we've specifically requested for you to. (Otherwise post it as text in the Reply box).

So I give here the attach.txt and the ark report. I hope it's OK... Apologize if I'm wrong!!!
attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 29/01/2009 23:32:29
System Uptime: 08/01/2012 11:22:49 (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | X51L
Processor: Intel Pentium II processor | Socket 478 | 1994/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 15 GiB total, 0,51 GiB free.
D: is FIXED (NTFS) - 134 GiB total, 104,086 GiB free.
E: is CDROM ()
G: is FIXED (FAT32) - 931 GiB total, 725,385 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_2A02&SUBSYS_14E21043&REV_03\3&11583659&0&10
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_2A02&SUBSYS_14E21043&REV_03\3&11583659&0&10
Service:
.
Class GUID:
Description: Video Controller
Device ID: PCI\VEN_8086&DEV_2A03&SUBSYS_14E21043&REV_03\3&11583659&0&11
Manufacturer:
Name: Video Controller
PNP Device ID: PCI\VEN_8086&DEV_2A03&SUBSYS_14E21043&REV_03\3&11583659&0&11
Service:
.
==== System Restore Points ===================
.
RP17: 10/12/2011 15:28:46 - System Checkpoint
RP18: 16/12/2011 3:01:12 - Software Distribution Service 3.0
RP19: 23/12/2011 11:52:36 - System Checkpoint
RP20: 26/12/2011 2:55:32 - System Checkpoint
RP21: 27/12/2011 3:52:37 - System Checkpoint
RP22: 28/12/2011 16:20:23 - System Checkpoint
RP23: 30/12/2011 2:38:15 - System Checkpoint
RP24: 31/12/2011 7:14:39 - System Checkpoint
RP25: 02/01/2012 0:17:13 - Installed Java(TM) 6 Update 30
RP26: 02/01/2012 1:54:57 - Removed Java(TM) 6 Update 6
RP27: 03/01/2012 2:40:02 - System Checkpoint
RP28: 03/01/2012 3:00:15 - Software Distribution Service 3.0
RP29: 04/01/2012 3:00:19 - Software Distribution Service 3.0
RP30: 05/01/2012 3:00:17 - Software Distribution Service 3.0
RP31: 06/01/2012 3:00:19 - Software Distribution Service 3.0
RP32: 07/01/2012 3:00:19 - Software Distribution Service 3.0
RP33: 08/01/2012 3:00:25 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
7-Zip 4.57
ACDSee 10 Photo Manager
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATK0100 ACPI UTILITY
Avira Antivirus Premium 2012
Bonjour
Compatibility Pack for the 2007 Office system
CopyTrans Suite Remove Only
Critical Update for Windows Media Player 11 (KB959772)
DiskAid 1.5
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Java Auto Updater
Java(TM) 6 Update 30
K-Lite Mega Codec Pack 3.9.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2003 Proofing Tools
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Motorola SM56 Speakerphone Modem
Mozilla Firefox 4.0 (x86 en-US)
Nero 8 Micro 8.3.2.1
Notepad++
QuickTime
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Synaptics Pointing Device Driver
Total Commander (Remove or Repair)
Uniblue RegistryBooster 2009
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Winamp
WinAmp 5.53 PRO Remove and Unregister
Winamp Detector Plug-in
Windows Genuine Advantage Notifications (KB905474)
WinRAR archiver
XML Paper Specification Shared Components Pack 1.0
Yahoo! BrowserPlus 2.6.0
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
Yahoo! Toolbar
Yontoo Layers Runtime 1.10.01
YouTube Downloader 2.5.3
.
==== Event Viewer Messages From Past Week ========
.
06/01/2012 8:55:31, error: xcpip [4199] -
06/01/2012 8:55:31, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.3 with the system having network hardware address 00:E0:4C:49:DE:4E. Network operations on this system may be disrupted as a result.
05/01/2012 4:48:42, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
05/01/2012 10:48:09, error: MRxSmb [8003] - The master browser has received a server announcement from the computer OFFICE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{FB4DCB6B-7799-4C11-97. The master browser is stopping or an election is being forced.
03/01/2012 3:00:55, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2572067).
03/01/2012 15:21:45, error: TermService [1006] - The terminal server received large number of incomplete connections. The system may be under attack.
01/01/2012 19:02:02, error: Service Control Manager [7031] - The Avira Realtime Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
.
==== End Of File ===========================


And the ark:

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-01-08 15:42:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916082 rev.3.AA
Running: gmer.exe; Driver: C:\DOCUME~1\Delia\LOCALS~1\Temp\pxtdipow.sys


---- System - GMER 1.0.15 ----

SSDT BA763F1C ZwClose
SSDT BA763ED6 ZwCreateKey
SSDT BA763F26 ZwCreateSection
SSDT BA763EFE ZwCreateSymbolicLinkObject
SSDT BA763ECC ZwCreateThread
SSDT BA763EDB ZwDeleteKey
SSDT BA763EE5 ZwDeleteValueKey
SSDT BA763F17 ZwDuplicateObject
SSDT BA763F03 ZwLoadDriver
SSDT BA763EEA ZwLoadKey
SSDT BA763EB8 ZwOpenProcess
SSDT BA763EF9 ZwOpenSection
SSDT BA763EBD ZwOpenThread
SSDT BA763F3F ZwQueryValueKey
SSDT BA763EF4 ZwReplaceKey
SSDT BA763F30 ZwRequestWaitReplyPort
SSDT BA763EEF ZwRestoreKey
SSDT BA763F2B ZwSetContextThread
SSDT BA763F35 ZwSetSecurityObject
SSDT BA763F08 ZwSetSystemInformation
SSDT BA763EE0 ZwSetValueKey
SSDT BA763F3A ZwSystemDebugControl
SSDT BA763EC7 ZwTerminateProcess
SSDT BA763EC2 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

? ZR`G\A@J@ The system cannot find the path specified. !
? system32\drivers\xpsec.sys The system cannot find the path specified. !
? system32\drivers\xcpip.sys The system cannot find the path specified. !
? C:\DOCUME~1\Delia\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\WgaTray.exe[536] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01C49D76
.text C:\WINDOWS\system32\WgaTray.exe[536] ws2_32.dll!send 71AB4C27 5 Bytes JMP 01C498A2
.text C:\WINDOWS\system32\WgaTray.exe[536] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01C49C28
.text C:\WINDOWS\system32\WgaTray.exe[536] ws2_32.dll!recv 71AB676F 5 Bytes JMP 01C499F4
.text C:\WINDOWS\system32\WgaTray.exe[536] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01C49AC7
.text C:\Program Files\Avira\AntiVir Desktop\avmailc.exe[560] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E29D76
.text C:\Program Files\Avira\AntiVir Desktop\avmailc.exe[560] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E298A2
.text C:\Program Files\Avira\AntiVir Desktop\avmailc.exe[560] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E29C28
.text C:\Program Files\Avira\AntiVir Desktop\avmailc.exe[560] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E299F4
.text C:\Program Files\Avira\AntiVir Desktop\avmailc.exe[560] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E29AC7
.text C:\WINDOWS\Explorer.EXE[600] USER32.dll!DisplayExitWindowsWarnings 7E459F91 5 Bytes JMP 01672A93
.text C:\WINDOWS\Explorer.EXE[600] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01489D76
.text C:\WINDOWS\Explorer.EXE[600] WS2_32.dll!send 71AB4C27 5 Bytes JMP 014898A2
.text C:\WINDOWS\Explorer.EXE[600] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01489C28
.text C:\WINDOWS\Explorer.EXE[600] WS2_32.dll!recv 71AB676F 5 Bytes JMP 014899F4
.text C:\WINDOWS\Explorer.EXE[600] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01489AC7
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[812] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 011B9D76
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[812] WS2_32.dll!send 71AB4C27 5 Bytes JMP 011B98A2
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[812] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 011B9C28
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[812] WS2_32.dll!recv 71AB676F 5 Bytes JMP 011B99F4
.text C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE[812] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 011B9AC7
.text C:\WINDOWS\system32\winlogon.exe[932] Secur32.dll!LsaLogonUser 77FE33F1 5 Bytes JMP 01192C81
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1556] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F39D76
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1556] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F398A2
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1556] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F39C28
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1556] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F399F4
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1556] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F39AC7
.text C:\Program Files\Yahoo!\Search Protection\YspService.exe[1828] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01339D76
.text C:\Program Files\Yahoo!\Search Protection\YspService.exe[1828] WS2_32.dll!send 71AB4C27 5 Bytes JMP 013398A2
.text C:\Program Files\Yahoo!\Search Protection\YspService.exe[1828] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01339C28
.text C:\Program Files\Yahoo!\Search Protection\YspService.exe[1828] WS2_32.dll!recv 71AB676F 5 Bytes JMP 013399F4
.text C:\Program Files\Yahoo!\Search Protection\YspService.exe[1828] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01339AC7
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2480] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01269D76
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2480] WS2_32.dll!send 71AB4C27 5 Bytes JMP 012698A2
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2480] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01269C28
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2480] WS2_32.dll!recv 71AB676F 5 Bytes JMP 012699F4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2480] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01269AC7
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[2600] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0B239D76
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[2600] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0B2398A2
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[2600] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0B239C28
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[2600] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0B2399F4
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[2600] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0B239AC7
.text C:\Program Files\Bonjour\mDNSResponder.exe[2652] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00819D76
.text C:\Program Files\Bonjour\mDNSResponder.exe[2652] WS2_32.dll!send 71AB4C27 5 Bytes JMP 008198A2
.text C:\Program Files\Bonjour\mDNSResponder.exe[2652] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00819C28
.text C:\Program Files\Bonjour\mDNSResponder.exe[2652] WS2_32.dll!recv 71AB676F 5 Bytes JMP 008199F4
.text C:\Program Files\Bonjour\mDNSResponder.exe[2652] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00819AC7
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3088] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01509D76
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3088] ws2_32.dll!send 71AB4C27 5 Bytes JMP 015098A2
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3088] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01509C28
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3088] ws2_32.dll!recv 71AB676F 5 Bytes JMP 015099F4
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3088] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01509AC7
.text C:\WINDOWS\System32\alg.exe[3228] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00A69D76
.text C:\WINDOWS\System32\alg.exe[3228] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00A698A2
.text C:\WINDOWS\System32\alg.exe[3228] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00A69C28
.text C:\WINDOWS\System32\alg.exe[3228] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00A699F4
.text C:\WINDOWS\System32\alg.exe[3228] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00A69AC7
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3564] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E19D76
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3564] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E198A2
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3564] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E19C28
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3564] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E199F4
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[3564] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E19AC7
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[3636] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01489D76
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[3636] WS2_32.dll!send 71AB4C27 5 Bytes JMP 014898A2
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[3636] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01489C28
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[3636] WS2_32.dll!recv 71AB676F 5 Bytes JMP 014899F4
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[3636] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01489AC7
.text C:\Program Files\Ask.com\Updater\Updater.exe[3700] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D69D76
.text C:\Program Files\Ask.com\Updater\Updater.exe[3700] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D698A2
.text C:\Program Files\Ask.com\Updater\Updater.exe[3700] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00D69C28
.text C:\Program Files\Ask.com\Updater\Updater.exe[3700] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D699F4
.text C:\Program Files\Ask.com\Updater\Updater.exe[3700] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00D69AC7

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device owAZEVAoZR`G\A \Device\Ide\iaStor0 A@J@
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 Code 89DA5005
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 89DA5000
Device \Driver\atapi \Device\Ide\IdePort0 Code 89DA5005
Device \Driver\atapi \Device\Ide\IdePort0 89DA5000
Device owAZEVAoZR`G\A \Device\Ide\IAAStorageDevice-0 A@J@
Device owAZEVAof`q`g|a \Device\00000094
Device owAZEVAof`q`g|a \Device\00000095

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9C 0x11 0xAF 0x61 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB0 0x79 0xED 0x95 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6B 0x6D 0x28 0xD1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x9C 0x11 0xAF 0x61 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB0 0x79 0xED 0x95 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@d0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x6B 0x6D 0x28 0xD1 ...

---- EOF - GMER 1.0.15 ----


Thankyou for understanding, patiance and help!

Vladia
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top