Some Virus That I Don't Know About

[g0t mi1k123]

I'm currently using safemode at the moment because I can't get on to the actual one. I recently got the virus after I downloaded programs to recover jpeg pictures from my memory card. I believe it was one of the programs that I have recently downloaded. Please could anybody help me?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:32:37 PM, on 1/20/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Alan\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AgfaCamWatch] C:\Program Files\Agfa\AgfaCam\AgfaCLnk.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [JP595IR86O] C:\Users\Alan\AppData\Local\Temp\Vk3.exe
O4 - HKCU\..\Run: [NtWqIVLZEWZU] C:\Users\Alan\AppData\Local\Temp\Vk6.exe
O4 - HKCU\..\Run: [Wmulazucocaliro] rundll32.exe "C:\Users\Alan\AppData\Local\NHapP1.dll",Startup
O4 - HKCU\..\Run: [RhESDHhktGyi.exe] C:\ProgramData\RhESDHhktGyi.exe
O4 - HKCU\..\Run: [Nvayabupiceri] rundll32.exe "C:\Users\Alan\AppData\Local\uhuxabib.dll",Startup
O4 - HKCU\..\Run: [uTroFzma] C:\ProgramData\uTroFzma.exe
O4 - HKCU\..\RunOnce: [jEfNh06504] C:\ProgramData\jEfNh06504\jEfNh06504.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Free YouTube Download - C:\Users\Alan\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Alan\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 5539 bytes

 

[g0t mi1k123]

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK
Run by Alan at 14:51:24.56 on Sat 01/22/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1287 [GMT -8:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\AIM\aim.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Alan\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [JP595IR86O] c:\users\alan\appdata\local\temp\Vk3.exe
uRun: [NtWqIVLZEWZU] c:\users\alan\appdata\local\temp\Vk6.exe
uRun: [Wmulazucocaliro] rundll32.exe "c:\users\alan\appdata\local\NHapP1.dll",Startup
uRun: [RhESDHhktGyi.exe] c:\programdata\RhESDHhktGyi.exe
uRun: [Nvayabupiceri] rundll32.exe "c:\users\alan\appdata\local\uhuxabib.dll",Startup
uRun: [uTroFzma] c:\programdata\uTroFzma.exe
uRunOnce: [jEfNh06504] c:\programdata\jefnh06504\jEfNh06504.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AgfaCamWatch] c:\program files\agfa\agfacam\AgfaCLnk.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\alan\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Free YouTube Download - c:\users\alan\appdata\roaming\dvdvideosoftiehelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\alan\appdata\roaming\dvdvideosoftiehelpers\youtubetomp3.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\alan\appdata\roaming\mozilla\firefox\profiles\s5sky9ue.default\
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-26 1343400]

=============== Created Last 30 ================

2011-01-21 03:06:38 -------- d-----w- c:\users\alan\appdata\local\ElevatedDiagnostics
2011-01-21 02:11:03 -------- d-----w- c:\progra~2\MFAData
2011-01-21 01:49:04 -------- d-----w- c:\windows\MjM Free Photo Recovery Software
2011-01-21 01:45:20 -------- d-----w- C:\Recover
2011-01-21 01:44:52 -------- d-----w- c:\users\alan\appdata\local\{DB2C11EC-0FA2-4624-973C-BB986959D137}
2011-01-21 01:44:43 -------- d-----w- c:\program files\RecvMngr
2011-01-21 01:44:15 381440 ----a-w- c:\progra~2\uTroFzma.exe
2011-01-21 01:44:13 465920 ----a-w- c:\progra~2\RhESDHhktGyi.exe
2011-01-21 01:44:13 427520 ----a-w- c:\progra~2\USigpCLPnjoT.dll
2011-01-21 01:42:53 -------- d-----w- c:\progra~2\jEfNh06504
2011-01-21 01:35:51 -------- d-----w- c:\users\alan\New folder
2011-01-21 01:35:01 -------- d-----w- c:\users\alan\appdata\roaming\asoftech
2011-01-21 01:35:01 -------- d-----w- c:\program files\Asoftech
2011-01-21 01:32:41 201728 ----a-w- c:\windows\Vmunyb.exe
2011-01-21 01:32:24 201728 ----a-w- c:\windows\Vmunya.exe
2011-01-21 01:17:16 -------- d-----w- c:\program files\GetData
2011-01-19 00:52:53 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{5bfe7b7f-d611-40a0-b994-3792a03fad51}\mpengine.dll

==================== Find3M ====================

2010-12-11 21:04:02 2829 ----a-w- c:\windows\War3Unin.pif
2010-12-11 21:04:02 139264 ----a-w- c:\windows\War3Unin.exe
2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:36 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2010-11-02 04:41:36 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2010-11-02 04:41:36 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:36:16 801792 ----a-w- c:\windows\system32\FntCache.dll
2010-11-02 04:35:51 1074176 ----a-w- c:\windows\system32\DWrite.dll
2010-11-02 04:35:35 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2010-11-02 04:35:34 739840 ----a-w- c:\windows\system32\d2d1.dll
2010-11-02 04:35:34 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2010-11-02 04:35:34 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:23:44 107520 ----a-w- c:\windows\system32\cdd.dll
2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: TOSHIBA_MK2546GSX rev.LB013D -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-2

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84C31555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x84c377b0]; MOV EAX, [0x84c3782c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x81E84458] -> \Device\Harddisk0\DR0[0x84C10770]
3 CLASSPNP[0x886A659E] -> ntkrnlpa!IofCallDriver[0x81E84458] -> [0x84E3EF08]
\Driver\atapi[0x84C13A18] -> IRP_MJ_CREATE -> 0x84C31555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-2 -> \??\IDE#DiskTOSHIBA_MK2546GSX_______________________LB013D__#5&e4fc9ae&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 14:52:32.39 ===============





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/26/2010 6:35:03 PM
System Uptime: 1/22/2011 1:57:08 PM (1 hours ago)

Motherboard: Dell Inc. | | 0UK439
Processor: Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz | Microprocessor | 1828/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 12.122 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01F21028&REV_12\4&1237F73F&0&0BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01F21028&REV_12\4&1237F73F&0&0BF0
Service:

Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01F21028&REV_12\4&1237F73F&0&0AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01F21028&REV_12\4&1237F73F&0&0AF0
Service:

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer:
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: sptd
Device ID: ROOT\LEGACY_SPTD\0000
Manufacturer:
Name: sptd
PNP Device ID: ROOT\LEGACY_SPTD\0000
Service: sptd

==== System Restore Points ===================

RP60: 12/17/2010 11:35:41 PM - Windows Update
RP61: 12/21/2010 4:35:20 PM - Windows Update
RP62: 12/24/2010 11:22:03 AM - Windows Update
RP63: 12/28/2010 12:55:30 PM - Windows Update
RP64: 12/30/2010 12:32:27 PM - Windows Update
RP65: 12/31/2010 11:19:24 AM - Windows Update
RP66: 1/4/2011 5:56:40 PM - Windows Update
RP67: 1/6/2011 11:50:59 PM - Windows Update
RP68: 1/11/2011 8:22:11 PM - Windows Update
RP69: 1/12/2011 1:03:21 AM - Windows Update
RP70: 1/14/2011 3:23:57 PM - Windows Update
RP71: 1/18/2011 4:52:29 PM - Windows Update
RP73: 1/20/2011 5:34:47 PM - Installed Asoftech Photo Recovery
RP75: 1/20/2011 5:40:27 PM - Removed Asoftech Photo Recovery

==== Installed Programs ======================

µTorrent
7-Zip 4.65
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.4.1
AgfaCam Mounter
AIM 7
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Canon MP490 series MP Drivers
Combined Community Codec Pack BETA 2010-08-22
Download Updater (AOL LLC)
ffdshow v1.1.3516 [2010-07-25]
Free Studio version 4.8
Haali Media Splitter
Handbrake 0.9.4
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
Java Auto Updater
Java(TM) 6 Update 20
LIVE gaming on Windows Runtime Version 1.0.6027
Microsoft .NET Framework 4 Client Profile
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.13)
OpenOffice.org 3.2
PDF Settings CS5
QuickTime
REA's TESTware for AP Art History
Recuva
Skype Toolbars
Skype&#8482; 5.0
Starcraft
Steam
Switch Sound File Converter
Uninstall 1.0.0.1
VAIOSoft Recovery Manager
Warcraft III
Warcraft III: All Products
Windows Movie Maker 2.6
WinRAR archiver

==== Event Viewer Messages From Past Week ========

1/22/2011 2:52:38 PM, Error: NetBT [4321] - The name "ALAN-PC :0" could not be registered on the interface with IP address 192.168.1.105. The computer with the IP address 192.168.1.64 did not allow the name to be claimed by this computer.
1/22/2011 2:50:02 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/22/2011 11:16:39 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/22/2011 11:16:39 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/22/2011 11:16:39 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/22/2011 1:58:07 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/22/2011 1:58:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/22/2011 1:58:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/22/2011 1:58:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/22/2011 1:57:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/22/2011 1:57:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr sptd Wanarpv6
1/22/2011 1:57:18 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort1.
1/22/2011 1:57:14 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
1/21/2011 9:01:59 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/21/2011 9:01:59 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/21/2011 9:01:59 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/21/2011 11:08:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/21/2011 10:53:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x8c9aca48, 0x00000002, 0x00000001, 0x81e938dc). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012111-34257-01.
1/20/2011 7:34:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service iPod Service with arguments "" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}
1/20/2011 6:30:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
1/20/2011 6:03:55 PM, Error: Service Control Manager [7022] - The User Profile Service service hung on starting.
1/20/2011 5:59:36 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: [email protected]
1/20/2011 5:56:46 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 2 time(s).
1/20/2011 5:56:46 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Connections service, but this action failed with the following error: An instance of the service is already running.
1/20/2011 5:56:46 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/20/2011 5:56:46 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/20/2011 5:56:46 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/20/2011 5:56:46 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/20/2011 5:56:46 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/20/2011 5:56:46 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/20/2011 5:56:46 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
1/20/2011 5:56:46 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/20/2011 5:56:46 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/20/2011 5:56:46 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
1/20/2011 5:54:41 PM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
1/20/2011 5:54:41 PM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/20/2011 5:54:41 PM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/20/2011 5:54:41 PM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/20/2011 5:54:41 PM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/20/2011 5:54:41 PM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/20/2011 5:54:41 PM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/20/2011 5:54:41 PM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
1/20/2011 5:54:41 PM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/20/2011 5:54:41 PM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/20/2011 5:54:41 PM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
1/20/2011 5:53:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000008e (0xc0000005, 0x82c80050, 0x8ad13774, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012011-36473-01.
1/20/2011 4:21:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x97055718, 0x00000002, 0x00000001, 0x82afc418). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 012011-23618-01.
1/20/2011 12:01:25 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{696D32B3-EEEB-47DE-8191-0CAE5F90CBF8} because another computer on the network has the same name. The server could not start.
1/20/2011 12:01:25 AM, Error: NetBT [4321] - The name "ALAN-PC :20" could not be registered on the interface with IP address 192.168.1.105. The computer with the IP address 192.168.1.64 did not allow the name to be claimed by this computer.
1/20/2011 11:42:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
1/20/2011 10:06:40 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
1/19/2011 11:59:17 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/18/2011 7:37:14 PM, Error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 8 time(s).
1/18/2011 7:35:12 PM, Error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 7 time(s).
1/18/2011 7:30:10 PM, Error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 6 time(s).
1/18/2011 7:28:08 PM, Error: Service Control Manager [7034] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 3 time(s).
1/18/2011 7:28:08 PM, Error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 5 time(s).
1/18/2011 7:23:06 PM, Error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 4 time(s).
1/18/2011 7:23:06 PM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/18/2011 7:21:05 PM, Error: Service Control Manager [7034] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 3 time(s).
1/18/2011 7:21:05 PM, Error: Service Control Manager [7034] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 3 time(s).
1/18/2011 7:21:05 PM, Error: Service Control Manager [7034] - The Superfetch service terminated unexpectedly. It has done this 3 time(s).
1/18/2011 7:21:05 PM, Error: Service Control Manager [7034] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 3 time(s).
1/18/2011 7:21:05 PM, Error: Service Control Manager [7034] - The Offline Files service terminated unexpectedly. It has done this 3 time(s).
1/18/2011 7:21:05 PM, Error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 3 time(s).
1/18/2011 7:21:05 PM, Error: Service Control Manager [7034] - The Human Interface Device Access service terminated unexpectedly. It has done this 3 time(s).
1/18/2011 7:21:05 PM, Error: Service Control Manager [7034] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 3 time(s).
1/18/2011 7:21:05 PM, Error: Service Control Manager [7034] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 3 time(s).
1/16/2011 4:36:50 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
1/16/2011 3:26:01 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83} as /. The error: "5" Happened while starting this command: C:\Windows\System32\slui.exe -Embedding
1/16/2011 11:04:54 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR11.
1/16/2011 11:00:17 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume FreeAgent Drive.
1/15/2011 7:39:30 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.

==== End Of File ===========================



GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-22 15:35:19
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort1 TOSHIBA_MK2546GSX rev.LB013D
Running: x3thn6s8.exe; Driver: C:\Users\Alan\AppData\Local\Temp\kxldrpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 81E8B599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81EAFF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\Users\Alan\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtProtectVirtualMemory 77C85380 5 Bytes JMP 0018000A
.text C:\Windows\system32\svchost.exe[784] ntdll.dll!NtWriteVirtualMemory 77C85F00 5 Bytes JMP 0019000A
.text C:\Windows\system32\svchost.exe[784] ntdll.dll!KiUserExceptionDispatcher 77C86448 5 Bytes JMP 0017000A
.text C:\Windows\system32\svchost.exe[784] ole32.dll!CoCreateInstance 7638590C 5 Bytes JMP 0057000A
.text C:\Windows\system32\svchost.exe[784] USER32.dll!GetCursorPos 779EC198 5 Bytes JMP 0095000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[864] ntdll.dll!NtProtectVirtualMemory 77C85380 5 Bytes JMP 003B000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[864] ntdll.dll!NtWriteVirtualMemory 77C85F00 5 Bytes JMP 003C000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[864] ntdll.dll!KiUserExceptionDispatcher 77C86448 5 Bytes JMP 0039000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[864] ntdll.dll!LdrLoadDll 77C9F625 5 Bytes JMP 011913F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Windows\Explorer.EXE[1292] ntdll.dll!NtProtectVirtualMemory 77C85380 5 Bytes JMP 005D000A
.text C:\Windows\Explorer.EXE[1292] ntdll.dll!NtWriteVirtualMemory 77C85F00 5 Bytes JMP 005E000A
.text C:\Windows\Explorer.EXE[1292] ntdll.dll!KiUserExceptionDispatcher 77C86448 5 Bytes JMP 0026000A

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP1T0L0-2 -> \??\IDE#DiskTOSHIBA_MK2546GSX_______________________LB013D__#5&e4fc9ae&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0xC3 0xDB 0x04 0xE4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xD0 0xA4 0x4F 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xB1 0xAD 0x1D 0x1B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0xC3 0xDB 0x04 0xE4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xD0 0xA4 0x4F 0x94 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0xB1 0xAD 0x1D 0x1B ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- EOF - GMER 1.0.15 ----