Checking for keylogger

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Janfadar

Thread Starter
Joined
Dec 21, 2010
Messages
3
My computer was recently infected with a keylogger. I ran an AVG scan and that found some infected files that i have since gotten rid of. I've done nothing else other than that, so i want to be certain that the keylogger is gone.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:42:04 PM, on 12/21/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Ryan\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Ryan\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
O24 - Desktop Component 0: (no name) - http://i38.tinypic.com/55s07r.gif

--
End of file - 6532 bytes


DDS (Ver_10-12-12.02) - NTFSx86
Run by Ryan at 13:41:02.98 on Tue 12/21/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.2425 [GMT -5:00]

AV: AVG Internet Security 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Enabled*

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Ryan\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Ryan\My Documents\Downloads\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7c5c0f58-e061-457d-9033-77307f5ed00c} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [AIM] c:\program files\aim\aim.exe -cnetwait.odl
uRun: [Octoshape Streaming Services] "c:\documents and settings\ryan\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ryan\applic~1\mozilla\firefox\profiles\vot1lq2n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q=
FF - component: c:\documents and settings\ryan\application data\mozilla\firefox\profiles\vot1lq2n.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\ryan\application data\mozilla\firefox\profiles\vot1lq2n.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\ryan\application data\mozilla\firefox\profiles\vot1lq2n.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\ryan\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Move Media Player: [email protected] - %profile%\extensions\[email protected]
FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2010-11-9 3229728]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\autodesk\3ds max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-10 65536]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
S1 vcdrom;Virtual CD-ROM Device Driver;\??\c:\documents and settings\ryan\desktop\vcdrom.sys --> c:\documents and settings\ryan\desktop\VCdRom.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 RTCore32;RTCore32;c:\rmclock\RTCore32.sys [2008-6-23 4608]

=============== File Associations ===============

.scr=DWGTrueViewScriptFile

=============== Created Last 30 ================

2010-12-21 18:15:12 388096 ----a-r- c:\docume~1\ryan\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-21 18:15:12 -------- d-----w- c:\program files\Trend Micro
2010-12-20 19:02:26 -------- d-----w- c:\docume~1\ryan\applic~1\AVG10
2010-12-20 19:00:09 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-12-20 18:58:11 -------- d-----w- c:\windows\system32\drivers\AVG
2010-12-20 18:58:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-12-20 18:36:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

==================== Find3M ====================

2010-10-13 21:43:49 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-10-13 21:43:49 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-10-13 21:43:47 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin

============= FINISH: 13:41:14.75 ===============

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-21 15:41:10
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 ->

\Device\Ide\IdeDeviceP2T0L0-7 WDC_WD1600YS-01SHB1 rev.20.06C06
Running: hr2pn8eg.exe; Driver:

C:\DOCUME~1\Ryan\LOCALS~1\Temp\uxtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT spau.sys



ZwCreateKey [0xB7EA80E0]
SSDT spau.sys



ZwEnumerateKey [0xB7EC6CA2]
SSDT spau.sys



ZwEnumerateValueKey [0xB7EC7030]
SSDT spau.sys



ZwOpenKey [0xB7EA80C0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

(IDS Application Activity Monitor Loader Driver./AVG

Technologies CZ, s.r.o. ) ZwOpenProcess [0xB39AB6C0]
SSDT spau.sys



ZwQueryKey [0xB7EC7108]
SSDT spau.sys



ZwQueryValueKey [0xB7EC6F88]
SSDT spau.sys



ZwSetValueKey [0xB7EC719A]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

(IDS Application Activity Monitor Loader Driver./AVG

Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB39AB770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

(IDS Application Activity Monitor Loader Driver./AVG

Technologies CZ, s.r.o. ) ZwTerminateThread [0xB39AB810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

(IDS Application Activity Monitor Loader Driver./AVG

Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB39AB8B0]

INT 0x63 ?



8AF48BF8
INT 0x63 ?



8AF48BF8
INT 0x63 ?



8AF48BF8
INT 0x63 ?



8AF48BF8
INT 0x63 ?



8AF48BF8
INT 0x83 ?



8AF48BF8
INT 0x83 ?



8AF48BF8
INT 0x83 ?



8AD1AF00
INT 0x84 ?



8AD1AF00
INT 0x94 ?



8AD1AF00
INT 0xA4 ?



8AD1AF00
INT 0xA4 ?



8AD1AF00
INT 0xA4 ?



8AD1AF00
INT 0xA4 ?



8AD1AF00
INT 0xB4 ?



8AD1AF00

---- Kernel code sections - GMER 1.0.15 ----

? spau.sys



The system cannot find the file specified. !
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys



section is writeable [0xB6A6F3A0, 0x59FFE5,

0xE8000020]
.text USBPORT.SYS!DllUnload



B6A5062C 5 Bytes JMP 8AD1A4E0
? C:\DOCUME~1\Ryan\LOCALS~1\Temp\mbr.sys



The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs



8AF471F8

AttachedDevice \FileSystem\Ntfs \Ntfs



AVGIDSFilter.Sys (IDS Application Activity Monitor

Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Fastfat \FatCdrom



89DA5500
Device \FileSystem\Udfs \UdfsCdRom



8AB94500
Device \FileSystem\Udfs \UdfsDisk



8AB94500
Device \Driver\NetBT

\Device\NetBT_Tcpip_{8D640A76-2AC5-425B-9BF5-93C83B2B36A8}

89DCD500

AttachedDevice \Driver\Tcpip \Device\Ip



avgtdix.sys (AVG Network connection watcher/AVG

Technologies CZ, s.r.o.)

Device \Driver\NetBT

\Device\NetBT_Tcpip_{B5C67BB6-C66B-4812-AE18-3A09FC21BDC5}

89DCD500
Device \Driver\usbuhci \Device\USBPDO-0



8AD4D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon



8AED81F8
Device \Driver\dmio \Device\DmControl\DmConfig



8AED81F8
Device \Driver\dmio \Device\DmControl\DmPnP



8AED81F8
Device \Driver\dmio \Device\DmControl\DmInfo



8AED81F8
Device \Driver\usbuhci \Device\USBPDO-1



8AD4D1F8
Device \Driver\usbuhci \Device\USBPDO-2



8AD4D1F8
Device \Driver\usbehci \Device\USBPDO-3



8ACFE1F8
Device \Driver\usbuhci \Device\USBPDO-4



8AD4D1F8

AttachedDevice \Driver\Tcpip \Device\Tcp



avgtdix.sys (AVG Network connection watcher/AVG

Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5



8AD4D1F8
Device \Driver\usbuhci \Device\USBPDO-6



8AD4D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1



8AF491F8
Device \Driver\usbehci \Device\USBPDO-7



8ACFE1F8
Device \Driver\Cdrom \Device\CdRom0



8AC5F1F8
Device \Driver\atapi \Device\Ide\IdePort0



8AF481F8
Device \Driver\atapi \Device\Ide\IdePort1



8AF481F8
Device \Driver\atapi \Device\Ide\IdePort2



8AF481F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-7



8AF481F8
Device \Driver\atapi \Device\Ide\IdePort3



8AF481F8
Device \Driver\atapi \Device\Ide\IdePort4



8AF481F8
Device \Driver\atapi \Device\Ide\IdePort5



8AF481F8
Device \Driver\atapi \Device\Ide\IdeDeviceP5T0L0-16



8AF481F8
Device \Driver\NetBT \Device\NetBt_Wins_Export



89DCD500
Device \Driver\NetBT \Device\NetbiosSmb



89DCD500

AttachedDevice \Driver\Tcpip \Device\Udp



avgtdix.sys (AVG Network connection watcher/AVG

Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp



avgtdix.sys (AVG Network connection watcher/AVG

Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0



8AD4D1F8
Device \Driver\usbuhci \Device\USBFDO-1



8AD4D1F8
Device \FileSystem\MRxSmb

\Device\LanmanDatagramReceiver

89DA4500
Device \Driver\usbuhci \Device\USBFDO-2



8AD4D1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector



89DA4500
Device \Driver\usbehci \Device\USBFDO-3



8ACFE1F8
Device \Driver\usbuhci \Device\USBFDO-4



8AD4D1F8
Device \Driver\Ftdisk \Device\FtControl



8AF491F8
Device \Driver\usbuhci \Device\USBFDO-5



8AD4D1F8
Device \Driver\usbuhci \Device\USBFDO-6



8AD4D1F8
Device \Driver\usbehci \Device\USBFDO-7



8ACFE1F8
Device \FileSystem\Fastfat \Fat



89DA5500

AttachedDevice \FileSystem\Fastfat \Fat



fltMgr.sys (Microsoft Filesystem Filter

Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat



AVGIDSFilter.Sys (IDS Application Activity Monitor

Filter Driver./AVG Technologies CZ, s.r.o. )

---- Registry - GMER 1.0.15 ----

Reg

HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]



771343423
Reg

HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]



285507792
Reg

HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]

1
Reg

HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364

682FA4BAF72C53EA4
Reg

HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364

[email protected] 0
Reg

HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364

[email protected]

0xBF 0x82 0x46 0x16 ...
Reg

HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682F

A4BAF72C53EA4 (not active ControlSet)
Reg

HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682F

[email protected] 0
Reg

HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682F

[email protected]

0xBF 0x82 0x46 0x16 ...

---- EOF - GMER 1.0.15 ----
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top