I removed alot of viruses and spyware but im still having problems. Mostly everything i click on freezes for a while then opens slowly if at all and i still get popups. heres a copy of my hijackthislog. Thanks in advance.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:56:41 PM, on 12/25/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Rob\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59274
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-3845071768-456352498-2817476235-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} (Photo Upload Plugin Class) - http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://clubgames.pogo.com/online2/pogop/luxor_2/mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_test.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://clubgames.pogo.com/online2/pogo/zenerchi/ZenerchiWeb.1.0.0.10.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/pogop/zuma/popcaploader_v5.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
DDS (Ver_10-12-12.02) - NTFSx86
Run by Rob at 19:03:33.15 on Sat 12/25/2010
Internet Explorer: 8.0.6001.18999
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Rob\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Rob\Desktop\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.comcast.net/
uSearch Bar = Preserve
uInternet Settings,ProxyServer = http=127.0.0.1:59274
mWinlogon: Userinit=userinit.exe
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: bankofamerica.com\sitekey
Trusted Zone: bankofamerica.com\www
Trusted Zone: intuit.com\ttlc
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://clubgames.pogo.com/online2/pogop/luxor_2/mjolauncher.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} - hxxp://www.srtest.com/srl_bin/sysreqlab_test.cab
DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} - hxxp://clubgames.pogo.com/online2/pogo/zenerchi/ZenerchiWeb.1.0.0.10.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://clubgames.pogo.com/online2/pogop/zuma/popcaploader_v5.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
============= SERVICES / DRIVERS ===============
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? FontCache;Windows Font Cache Service
R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service
R? MpNWMon;Microsoft Malware Protection Network Driver
R? osppsvc;Office Software Protection Platform
R? SBAPIFS;SBAPIFS
R? WMZuneComm;Zune Windows Mobile Connectivity Service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/22 20:14:04]
S? FsUsbExDisk;FsUsbExDisk
S? FsUsbExService;FsUsbExService
S? MpFilter;Microsoft Malware Protection Driver
S? mv61xx;mv61xx
=============== Created Last 30 ================
2010-12-25 23:20:11 -------- d-----w- c:\program files\ZalmanFrisbee
2010-12-24 23:00:11 108032 --sha-r- c:\windows\system32\BOOTVIDB.dll
2010-12-24 23:00:01 -------- d-----w- c:\users\rob\appdata\roaming\7E8FE3D08407D0FB76AC16AB0CCB5CCC
2010-12-24 21:27:09 -------- d-----w- c:\program files\Trace_Adkins-Cowboys_Back_In_Town-(Deluxe_Edition)-2010-MTD
2010-12-24 21:25:29 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{88c338b9-7655-4540-bf25-1290a31b8421}\mpengine.dll
2010-12-15 01:25:09 -------- d-----w- c:\program files\HOME ALONE 2[LOST IN NEWYORK[DVDRIP][ENG]-KIDZCORNER&J.T.R
2010-12-08 04:38:31 -------- d-----w- c:\program files\DVDFab 8
2010-12-02 03:38:05 -------- d-----w- c:\windows\pss
2010-12-01 19:06:29 108104 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-11-30 20:43:26 30888 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2010-11-30 05:46:57 -------- d-----w- c:\program files\Arcade_Fire-The_Suburbs-2010-404
2010-11-30 05:31:50 -------- d-----w- c:\program files\Dressed Up As Life
==================== Find3M ====================
2010-11-25 18:29:05 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-31 23:07:29 33533 ----a-w- c:\windows\system32\CoreVorbis-uninstall.exe
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-19 01:41:26 138056 ----a-w- c:\users\rob\appdata\roaming\PnkBstrK.sys
2010-10-19 01:41:18 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-19 01:41:06 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys
2009-07-03 02:34:58 3252640 ----a-w- c:\program files\ccsetup221.exe
2009-01-14 01:48:47 17160032 ----a-w- c:\program files\vsoConvertXtoDVD3_setup-avangate_675.exe
2008-11-21 02:34:50 1734951 ----a-w- c:\program files\mp3tagv242setup.exe
2008-11-10 00:21:08 270128 ----a-w- c:\program files\utorrent.exe
2008-11-05 03:18:06 1725000 ----a-w- c:\program files\mirc631.exe
2008-11-03 02:42:03 9398688 ----a-w- c:\program files\vlc-0.8.6i-win32.exe
2006-08-09 00:24:51 26 ----a-w- c:\program files\makelist.bat
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST3400620AS rev.3.AAC -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86DA0555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86da67b0]; MOV EAX, [0x86da682c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82278962] -> \Device\Harddisk0\DR0[0x867063A8]
3 CLASSPNP[0x8B5A98B3] -> ntkrnlpa!IofCallDriver[0x82278962] -> [0x85E4DC10]
5 acpi[0x807BF6BC] -> ntkrnlpa!IofCallDriver[0x82278962] -> [0x85E545D8]
\Driver\atapi[0x86C15240] -> IRP_MJ_CREATE -> 0x86DA0555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3400620AS_____________________________3.AAC___#5&2ea7e938&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x85ddb1f8
user != kernel MBR !!!
sectors 781422766 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 19:04:26.57 ===============
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-25 20:28:43
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST3400620AS rev.3.AAC
Running: bgygv416.exe; Driver: C:\Users\Rob\AppData\Local\Temp\awlyypod.sys
---- System - GMER 1.0.15 ----
INT 0x51 ? 85DD5DC8
INT 0x51 ? 87155F00
INT 0x51 ? 85DD5DC8
INT 0x52 ? 87155F00
INT 0x62 ? 87155F00
INT 0x62 ? 87155F00
INT 0x62 ? 87155F00
INT 0x62 ? 87155F00
INT 0x72 ? 87155F00
INT 0x82 ? 85DD6BF8
INT 0x92 ? 85DD6BF8
INT 0xA2 ? 85DD6BF8
INT 0xA2 ? 85DD6BF8
INT 0xA2 ? 87155F00
INT 0xA2 ? 85DD6BF8
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spdw.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 9116C41B 5 Bytes JMP 871554E0
.text C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl section is writeable [0xA84F9000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl entry point in ".vmp2" section [0xA851C050]
? C:\Users\Rob\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] ntdll.dll!NtProtectVirtualMemory 77B44D34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] ntdll.dll!NtWriteVirtualMemory 77B45674 5 Bytes JMP 00DF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] ntdll.dll!KiUserExceptionDispatcher 77B45DC8 5 Bytes JMP 00DC000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!SetWindowsHookExW 769D87AD 5 Bytes JMP 6EE79AE9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!CallNextHookEx 769D8E3B 5 Bytes JMP 6EE6D145 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!UnhookWindowsHookEx 769D98DB 5 Bytes JMP 6EDE4696 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!CreateWindowExW 769E1305 5 Bytes JMP 6EE7DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!DialogBoxParamW 76A010B0 5 Bytes JMP 6EDA5501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!DialogBoxIndirectParamW 76A02EF5 5 Bytes JMP 6EF74FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!DialogBoxParamA 76A18152 5 Bytes JMP 6EF74F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!DialogBoxIndirectParamA 76A1847D 5 Bytes JMP 6EF75052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!MessageBoxIndirectA 76A2D4D9 5 Bytes JMP 6EF74F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!MessageBoxIndirectW 76A2D5D3 5 Bytes JMP 6EF74EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!MessageBoxExA 76A2D639 5 Bytes JMP 6EF74E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!MessageBoxExW 76A2D65D 5 Bytes JMP 6EF74DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] ole32.dll!OleLoadFromStream 776E1E80 5 Bytes JMP 6EF75370 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] ole32.dll!CoCreateInstance 77719F3E 5 Bytes JMP 6EE7DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Windows\explorer.exe[2064] ntdll.dll!NtProtectVirtualMemory 77B44D34 5 Bytes JMP 0176000A
.text C:\Windows\explorer.exe[2064] ntdll.dll!NtWriteVirtualMemory 77B45674 5 Bytes JMP 0177000A
.text C:\Windows\explorer.exe[2064] ntdll.dll!KiUserExceptionDispatcher 77B45DC8 5 Bytes JMP 0175000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ntdll.dll!NtProtectVirtualMemory 77B44D34 5 Bytes JMP 0106000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ntdll.dll!NtWriteVirtualMemory 77B45674 5 Bytes JMP 0107000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ntdll.dll!KiUserExceptionDispatcher 77B45DC8 5 Bytes JMP 0100000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!SetWindowsHookExW 769D87AD 5 Bytes JMP 6EE79AE9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!CallNextHookEx 769D8E3B 5 Bytes JMP 6EE6D145 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!UnhookWindowsHookEx 769D98DB 5 Bytes JMP 6EDE4696 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!CreateWindowExW 769E1305 5 Bytes JMP 6EE7DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!DialogBoxParamW 76A010B0 5 Bytes JMP 6EDA5501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!DialogBoxIndirectParamW 76A02EF5 5 Bytes JMP 6EF74FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!DialogBoxParamA 76A18152 5 Bytes JMP 6EF74F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!DialogBoxIndirectParamA 76A1847D 5 Bytes JMP 6EF75052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!MessageBoxIndirectA 76A2D4D9 5 Bytes JMP 6EF74F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!MessageBoxIndirectW 76A2D5D3 5 Bytes JMP 6EF74EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!MessageBoxExA 76A2D639 5 Bytes JMP 6EF74E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!MessageBoxExW 76A2D65D 5 Bytes JMP 6EF74DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ole32.dll!OleLoadFromStream 776E1E80 5 Bytes JMP 6EF75370 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ole32.dll!CoCreateInstance 77719F3E 5 Bytes JMP 6EE7DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] ntdll.dll!NtProtectVirtualMemory 77B44D34 5 Bytes JMP 0092000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] ntdll.dll!NtWriteVirtualMemory 77B45674 5 Bytes JMP 0093000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] ntdll.dll!KiUserExceptionDispatcher 77B45DC8 5 Bytes JMP 0042000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!CreateWindowExW 769E1305 5 Bytes JMP 6EE7DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!DialogBoxParamW 76A010B0 5 Bytes JMP 6EDA5501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!DialogBoxIndirectParamW 76A02EF5 5 Bytes JMP 6EF74FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!DialogBoxParamA 76A18152 5 Bytes JMP 6EF74F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!DialogBoxIndirectParamA 76A1847D 5 Bytes JMP 6EF75052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!MessageBoxIndirectA 76A2D4D9 5 Bytes JMP 6EF74F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!MessageBoxIndirectW 76A2D5D3 5 Bytes JMP 6EF74EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!MessageBoxExA 76A2D639 5 Bytes JMP 6EF74E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!MessageBoxExW 76A2D65D 5 Bytes JMP 6EF74DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068A6D2] \SystemRoot\System32\Drivers\spdw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068A040] \SystemRoot\System32\Drivers\spdw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068A7FC] \SystemRoot\System32\Drivers\spdw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068A0BE] \SystemRoot\System32\Drivers\spdw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068A13C] \SystemRoot\System32\Drivers\spdw.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74A77817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [74ACA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [74A7BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [74A6F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [74A775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [74A6E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74AA8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [74A7DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [74A6FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [74A6FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [74A671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [74AFCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [74A9C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74A6D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [74A66853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [74A6687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74A72AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74A77817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [74ACA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [74A7BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [74A6F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [74A775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [74A6E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74AA8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [74A7DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [74A6FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [74A6FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [74A671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [74AFCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [74A9C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74A6D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [74A66853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [74A6687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74A72AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 85DDE1F8
Device \FileSystem\fastfat \FatCdrom 8806D1F8
Device \Driver\volmgr \Device\VolMgrControl 85DD81F8
Device \Driver\usbuhci \Device\USBPDO-0 871A0500
Device \Driver\usbuhci \Device\USBPDO-1 871A0500
Device \Driver\usbuhci \Device\USBPDO-2 871A0500
Device \Driver\usbehci \Device\USBPDO-3 871381F8
Device \Driver\usbuhci \Device\USBPDO-4 871A0500
Device \Driver\usbuhci \Device\USBPDO-5 871A0500
Device \Driver\usbuhci \Device\USBPDO-6 871A0500
Device \Driver\volmgr \Device\HarddiskVolume1 85DD81F8
Device \Driver\usbehci \Device\USBPDO-7 871381F8
Device \Driver\cdrom \Device\CdRom0 872C51F8
Device \Driver\volmgr \Device\HarddiskVolume2 85DD81F8
Device \Driver\atapi \Device\Ide\IdePort0 85DDB1F8
Device \Driver\atapi \Device\Ide\IdePort1 85DDB1F8
Device \Driver\atapi \Device\Ide\IdePort2 85DDB1F8
Device \Driver\atapi \Device\Ide\IdePort3 85DDB1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 85DDB1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 879D9500
Device \Driver\netbt \Device\NetBT_Tcpip_{7546E54D-3730-401E-9DEB-499CC7074C1C} 879D9500
Device \Driver\Smb \Device\NetbiosSmb 87A38500
Device \Driver\USBSTOR \Device\00000079 87ADA1F8
Device \Driver\iScsiPrt \Device\RaidPort0 872701F8
Device \Driver\usbuhci \Device\USBFDO-0 871A0500
Device \Driver\usbuhci \Device\USBFDO-1 871A0500
Device \Driver\USBSTOR \Device\0000007b 87ADA1F8
Device \Driver\usbuhci \Device\USBFDO-2 871A0500
Device \Driver\usbehci \Device\USBFDO-3 871381F8
Device \Driver\usbuhci \Device\USBFDO-4 871A0500
Device \Driver\usbuhci \Device\USBFDO-5 871A0500
Device \Driver\usbuhci \Device\USBFDO-6 871A0500
Device \Driver\usbehci \Device\USBFDO-7 871381F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target14Lun0 85DDD1F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1 85DDD1F8
Device \FileSystem\fastfat \Fat 8806D1F8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs 881C61F8
Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3400620AS_____________________________3.AAC___#5&2ea7e938&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x64 0x6E 0x8B 0x2D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x9A 0x3B 0x37 0xD4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x5E 0xB1 0x70 0x63 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xE8 0xC3 0x56 0x2B ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 781422512 (+255): rootkit-like behavior;
---- EOF - GMER 1.0.15 ----
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:56:41 PM, on 12/25/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Rob\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:59274
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
O4 - HKUS\S-1-5-21-3845071768-456352498-2817476235-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} (Photo Upload Plugin Class) - http://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://clubgames.pogo.com/online2/pogop/luxor_2/mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_test.cab
O16 - DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} (CPlayFirstzenerchiControl Object) - http://clubgames.pogo.com/online2/pogo/zenerchi/ZenerchiWeb.1.0.0.10.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://clubgames.pogo.com/online2/pogop/zuma/popcaploader_v5.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
DDS (Ver_10-12-12.02) - NTFSx86
Run by Rob at 19:03:33.15 on Sat 12/25/2010
Internet Explorer: 8.0.6001.18999
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Rob\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Rob\Desktop\dds.scr
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.comcast.net/
uSearch Bar = Preserve
uInternet Settings,ProxyServer = http=127.0.0.1:59274
mWinlogon: Userinit=userinit.exe
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - c:\progra~1\flashfxp\IEFlash.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [RtHDVCpl] RtHDVCpl.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: bankofamerica.com\sitekey
Trusted Zone: bankofamerica.com\www
Trusted Zone: intuit.com\ttlc
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://www.costcophotocenter.com/upload/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://clubgames.pogo.com/online2/pogop/luxor_2/mjolauncher.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B8A48F42-30E1-48f8-AE87-7BD7C75DB8AA} - hxxp://www.srtest.com/srl_bin/sysreqlab_test.cab
DPF: {BAC761D3-DFFD-4DB4-A01D-173346E090A7} - hxxp://clubgames.pogo.com/online2/pogo/zenerchi/ZenerchiWeb.1.0.0.10.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://clubgames.pogo.com/online2/pogop/zuma/popcaploader_v5.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-us.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
============= SERVICES / DRIVERS ===============
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? FontCache;Windows Font Cache Service
R? Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service
R? MpNWMon;Microsoft Malware Protection Network Driver
R? osppsvc;Office Software Protection Platform
R? SBAPIFS;SBAPIFS
R? WMZuneComm;Zune Windows Mobile Connectivity Service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/22 20:14:04]
S? FsUsbExDisk;FsUsbExDisk
S? FsUsbExService;FsUsbExService
S? MpFilter;Microsoft Malware Protection Driver
S? mv61xx;mv61xx
=============== Created Last 30 ================
2010-12-25 23:20:11 -------- d-----w- c:\program files\ZalmanFrisbee
2010-12-24 23:00:11 108032 --sha-r- c:\windows\system32\BOOTVIDB.dll
2010-12-24 23:00:01 -------- d-----w- c:\users\rob\appdata\roaming\7E8FE3D08407D0FB76AC16AB0CCB5CCC
2010-12-24 21:27:09 -------- d-----w- c:\program files\Trace_Adkins-Cowboys_Back_In_Town-(Deluxe_Edition)-2010-MTD
2010-12-24 21:25:29 6273872 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{88c338b9-7655-4540-bf25-1290a31b8421}\mpengine.dll
2010-12-15 01:25:09 -------- d-----w- c:\program files\HOME ALONE 2[LOST IN NEWYORK[DVDRIP][ENG]-KIDZCORNER&J.T.R
2010-12-08 04:38:31 -------- d-----w- c:\program files\DVDFab 8
2010-12-02 03:38:05 -------- d-----w- c:\windows\pss
2010-12-01 19:06:29 108104 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-11-30 20:43:26 30888 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2010-11-30 05:46:57 -------- d-----w- c:\program files\Arcade_Fire-The_Suburbs-2010-404
2010-11-30 05:31:50 -------- d-----w- c:\program files\Dressed Up As Life
==================== Find3M ====================
2010-11-25 18:29:05 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-11-04 18:56:07 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55:38 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55:12 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34:06 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-31 23:07:29 33533 ----a-w- c:\windows\system32\CoreVorbis-uninstall.exe
2010-10-28 15:44:56 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27:47 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20:12 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-19 01:41:26 138056 ----a-w- c:\users\rob\appdata\roaming\PnkBstrK.sys
2010-10-19 01:41:18 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-19 01:41:06 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-10-18 13:37:35 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-18 13:31:24 2038272 ----a-w- c:\windows\system32\win32k.sys
2009-07-03 02:34:58 3252640 ----a-w- c:\program files\ccsetup221.exe
2009-01-14 01:48:47 17160032 ----a-w- c:\program files\vsoConvertXtoDVD3_setup-avangate_675.exe
2008-11-21 02:34:50 1734951 ----a-w- c:\program files\mp3tagv242setup.exe
2008-11-10 00:21:08 270128 ----a-w- c:\program files\utorrent.exe
2008-11-05 03:18:06 1725000 ----a-w- c:\program files\mirc631.exe
2008-11-03 02:42:03 9398688 ----a-w- c:\program files\vlc-0.8.6i-win32.exe
2006-08-09 00:24:51 26 ----a-w- c:\program files\makelist.bat
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST3400620AS rev.3.AAC -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x86DA0555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x86da67b0]; MOV EAX, [0x86da682c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82278962] -> \Device\Harddisk0\DR0[0x867063A8]
3 CLASSPNP[0x8B5A98B3] -> ntkrnlpa!IofCallDriver[0x82278962] -> [0x85E4DC10]
5 acpi[0x807BF6BC] -> ntkrnlpa!IofCallDriver[0x82278962] -> [0x85E545D8]
\Driver\atapi[0x86C15240] -> IRP_MJ_CREATE -> 0x86DA0555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3400620AS_____________________________3.AAC___#5&2ea7e938&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi -> 0x85ddb1f8
user != kernel MBR !!!
sectors 781422766 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 19:04:26.57 ===============
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-25 20:28:43
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST3400620AS rev.3.AAC
Running: bgygv416.exe; Driver: C:\Users\Rob\AppData\Local\Temp\awlyypod.sys
---- System - GMER 1.0.15 ----
INT 0x51 ? 85DD5DC8
INT 0x51 ? 87155F00
INT 0x51 ? 85DD5DC8
INT 0x52 ? 87155F00
INT 0x62 ? 87155F00
INT 0x62 ? 87155F00
INT 0x62 ? 87155F00
INT 0x62 ? 87155F00
INT 0x72 ? 87155F00
INT 0x82 ? 85DD6BF8
INT 0x92 ? 85DD6BF8
INT 0xA2 ? 85DD6BF8
INT 0xA2 ? 85DD6BF8
INT 0xA2 ? 87155F00
INT 0xA2 ? 85DD6BF8
---- Kernel code sections - GMER 1.0.15 ----
? System32\Drivers\spdw.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 9116C41B 5 Bytes JMP 871554E0
.text C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl section is writeable [0xA84F9000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl entry point in ".vmp2" section [0xA851C050]
? C:\Users\Rob\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] ntdll.dll!NtProtectVirtualMemory 77B44D34 5 Bytes JMP 00DE000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] ntdll.dll!NtWriteVirtualMemory 77B45674 5 Bytes JMP 00DF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] ntdll.dll!KiUserExceptionDispatcher 77B45DC8 5 Bytes JMP 00DC000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!SetWindowsHookExW 769D87AD 5 Bytes JMP 6EE79AE9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!CallNextHookEx 769D8E3B 5 Bytes JMP 6EE6D145 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!UnhookWindowsHookEx 769D98DB 5 Bytes JMP 6EDE4696 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!CreateWindowExW 769E1305 5 Bytes JMP 6EE7DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!DialogBoxParamW 76A010B0 5 Bytes JMP 6EDA5501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!DialogBoxIndirectParamW 76A02EF5 5 Bytes JMP 6EF74FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!DialogBoxParamA 76A18152 5 Bytes JMP 6EF74F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!DialogBoxIndirectParamA 76A1847D 5 Bytes JMP 6EF75052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!MessageBoxIndirectA 76A2D4D9 5 Bytes JMP 6EF74F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!MessageBoxIndirectW 76A2D5D3 5 Bytes JMP 6EF74EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!MessageBoxExA 76A2D639 5 Bytes JMP 6EF74E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] USER32.dll!MessageBoxExW 76A2D65D 5 Bytes JMP 6EF74DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] ole32.dll!OleLoadFromStream 776E1E80 5 Bytes JMP 6EF75370 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1480] ole32.dll!CoCreateInstance 77719F3E 5 Bytes JMP 6EE7DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Windows\explorer.exe[2064] ntdll.dll!NtProtectVirtualMemory 77B44D34 5 Bytes JMP 0176000A
.text C:\Windows\explorer.exe[2064] ntdll.dll!NtWriteVirtualMemory 77B45674 5 Bytes JMP 0177000A
.text C:\Windows\explorer.exe[2064] ntdll.dll!KiUserExceptionDispatcher 77B45DC8 5 Bytes JMP 0175000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ntdll.dll!NtProtectVirtualMemory 77B44D34 5 Bytes JMP 0106000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ntdll.dll!NtWriteVirtualMemory 77B45674 5 Bytes JMP 0107000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ntdll.dll!KiUserExceptionDispatcher 77B45DC8 5 Bytes JMP 0100000A
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!SetWindowsHookExW 769D87AD 5 Bytes JMP 6EE79AE9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!CallNextHookEx 769D8E3B 5 Bytes JMP 6EE6D145 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!UnhookWindowsHookEx 769D98DB 5 Bytes JMP 6EDE4696 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!CreateWindowExW 769E1305 5 Bytes JMP 6EE7DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!DialogBoxParamW 76A010B0 5 Bytes JMP 6EDA5501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!DialogBoxIndirectParamW 76A02EF5 5 Bytes JMP 6EF74FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!DialogBoxParamA 76A18152 5 Bytes JMP 6EF74F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!DialogBoxIndirectParamA 76A1847D 5 Bytes JMP 6EF75052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!MessageBoxIndirectA 76A2D4D9 5 Bytes JMP 6EF74F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!MessageBoxIndirectW 76A2D5D3 5 Bytes JMP 6EF74EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!MessageBoxExA 76A2D639 5 Bytes JMP 6EF74E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] USER32.dll!MessageBoxExW 76A2D65D 5 Bytes JMP 6EF74DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ole32.dll!OleLoadFromStream 776E1E80 5 Bytes JMP 6EF75370 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4788] ole32.dll!CoCreateInstance 77719F3E 5 Bytes JMP 6EE7DBA0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] ntdll.dll!NtProtectVirtualMemory 77B44D34 5 Bytes JMP 0092000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] ntdll.dll!NtWriteVirtualMemory 77B45674 5 Bytes JMP 0093000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] ntdll.dll!KiUserExceptionDispatcher 77B45DC8 5 Bytes JMP 0042000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!CreateWindowExW 769E1305 5 Bytes JMP 6EE7DB44 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!DialogBoxParamW 76A010B0 5 Bytes JMP 6EDA5501 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!DialogBoxIndirectParamW 76A02EF5 5 Bytes JMP 6EF74FEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!DialogBoxParamA 76A18152 5 Bytes JMP 6EF74F8C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!DialogBoxIndirectParamA 76A1847D 5 Bytes JMP 6EF75052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!MessageBoxIndirectA 76A2D4D9 5 Bytes JMP 6EF74F21 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!MessageBoxIndirectW 76A2D5D3 5 Bytes JMP 6EF74EB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!MessageBoxExA 76A2D639 5 Bytes JMP 6EF74E54 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5520] USER32.dll!MessageBoxExW 76A2D65D 5 Bytes JMP 6EF74DF2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068A6D2] \SystemRoot\System32\Drivers\spdw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068A040] \SystemRoot\System32\Drivers\spdw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068A7FC] \SystemRoot\System32\Drivers\spdw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068A0BE] \SystemRoot\System32\Drivers\spdw.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068A13C] \SystemRoot\System32\Drivers\spdw.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74A77817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [74ACA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [74A7BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [74A6F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [74A775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [74A6E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74AA8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [74A7DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [74A6FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [74A6FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [74A671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [74AFCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [74A9C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74A6D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [74A66853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [74A6687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[2064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74A72AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74A77817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [74ACA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [74A7BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [74A6F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [74A775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [74A6E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74AA8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [74A7DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [74A6FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [74A6FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [74A671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [74AFCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [74A9C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74A6D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [74A66853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [74A6687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4940] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74A72AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 85DDE1F8
Device \FileSystem\fastfat \FatCdrom 8806D1F8
Device \Driver\volmgr \Device\VolMgrControl 85DD81F8
Device \Driver\usbuhci \Device\USBPDO-0 871A0500
Device \Driver\usbuhci \Device\USBPDO-1 871A0500
Device \Driver\usbuhci \Device\USBPDO-2 871A0500
Device \Driver\usbehci \Device\USBPDO-3 871381F8
Device \Driver\usbuhci \Device\USBPDO-4 871A0500
Device \Driver\usbuhci \Device\USBPDO-5 871A0500
Device \Driver\usbuhci \Device\USBPDO-6 871A0500
Device \Driver\volmgr \Device\HarddiskVolume1 85DD81F8
Device \Driver\usbehci \Device\USBPDO-7 871381F8
Device \Driver\cdrom \Device\CdRom0 872C51F8
Device \Driver\volmgr \Device\HarddiskVolume2 85DD81F8
Device \Driver\atapi \Device\Ide\IdePort0 85DDB1F8
Device \Driver\atapi \Device\Ide\IdePort1 85DDB1F8
Device \Driver\atapi \Device\Ide\IdePort2 85DDB1F8
Device \Driver\atapi \Device\Ide\IdePort3 85DDB1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 85DDB1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 879D9500
Device \Driver\netbt \Device\NetBT_Tcpip_{7546E54D-3730-401E-9DEB-499CC7074C1C} 879D9500
Device \Driver\Smb \Device\NetbiosSmb 87A38500
Device \Driver\USBSTOR \Device\00000079 87ADA1F8
Device \Driver\iScsiPrt \Device\RaidPort0 872701F8
Device \Driver\usbuhci \Device\USBFDO-0 871A0500
Device \Driver\usbuhci \Device\USBFDO-1 871A0500
Device \Driver\USBSTOR \Device\0000007b 87ADA1F8
Device \Driver\usbuhci \Device\USBFDO-2 871A0500
Device \Driver\usbehci \Device\USBFDO-3 871381F8
Device \Driver\usbuhci \Device\USBFDO-4 871A0500
Device \Driver\usbuhci \Device\USBFDO-5 871A0500
Device \Driver\usbuhci \Device\USBFDO-6 871A0500
Device \Driver\usbehci \Device\USBFDO-7 871381F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target14Lun0 85DDD1F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1 85DDD1F8
Device \FileSystem\fastfat \Fat 8806D1F8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\cdfs \Cdfs 881C61F8
Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskST3400620AS_____________________________3.AAC___#5&2ea7e938&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x64 0x6E 0x8B 0x2D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x9A 0x3B 0x37 0xD4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\[email protected] 0x5E 0xB1 0x70 0x63 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\[email protected] 0xE8 0xC3 0x56 0x2B ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sectors 781422512 (+255): rootkit-like behavior;
---- EOF - GMER 1.0.15 ----
Attachments
-
4.7 KB Views: 0