Sign In
Create Account
0
MBAMLOG:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.18.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: ALEXXX-12E93458 [administrator]
5/18/2012 15:42:33
mbam-log-2012-05-18 (15-42-33).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202422
Time elapsed: 1 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\WINDOWS\system32\atipdlxx32.dll (Trojan.Tracur.S) -> Delete on reboot.
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\WINDOWS\system32\atipdlxx32.dll (Trojan.Tracur.S) -> Delete on reboot.
C:\WINDOWS\system32\02000000c27ec2a91406C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000c27ec2a91406O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000c27ec2a91406P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000c27ec2a91406S.manifest (Malware.Trace) -> Quarantined and deleted successfully.
(end)
-
This topic is locked
Back to top
#22
Posted 18 May 2012 - 05:48 PM
-
- Members
-
- 30 posts
New Member
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.18.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: ALEXXX-12E93458 [administrator]
5/18/2012 15:42:33
mbam-log-2012-05-18 (15-42-33).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202422
Time elapsed: 1 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\WINDOWS\system32\atipdlxx32.dll (Trojan.Tracur.S) -> Delete on reboot.
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\WINDOWS\system32\atipdlxx32.dll (Trojan.Tracur.S) -> Delete on reboot.
C:\WINDOWS\system32\02000000c27ec2a91406C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000c27ec2a91406O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000c27ec2a91406P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000c27ec2a91406S.manifest (Malware.Trace) -> Quarantined and deleted successfully.
(end)
www.malwarebytes.org
Database version: v2012.05.18.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: ALEXXX-12E93458 [administrator]
5/18/2012 15:42:33
mbam-log-2012-05-18 (15-42-33).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202422
Time elapsed: 1 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\WINDOWS\system32\atipdlxx32.dll (Trojan.Tracur.S) -> Delete on reboot.
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\WINDOWS\system32\atipdlxx32.dll (Trojan.Tracur.S) -> Delete on reboot.
C:\WINDOWS\system32\02000000c27ec2a91406C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000c27ec2a91406O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000c27ec2a91406P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000c27ec2a91406S.manifest (Malware.Trace) -> Quarantined and deleted successfully.
(end)
#23
Posted 18 May 2012 - 06:00 PM
-
- Experts
-
- 17,320 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
Looks like you posted the same log twice.
Run MB again and lets see if it comes up clean, MrC
Run MB again and lets see if it comes up clean, MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#24
Posted 18 May 2012 - 06:06 PM
-
- Members
-
- 30 posts
New Member
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.18.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: ALEXXX-12E93458 [administrator]
5/18/2012 16:04:37
mbam-log-2012-05-18 (16-04-37).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202454
Time elapsed: 1 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\WINDOWS\system32\atipdlxx32.dll (Trojan.Tracur.S) -> Delete on reboot.
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\WINDOWS\system32\atipdlxx32.dll (Trojan.Tracur.S) -> Delete on reboot.
C:\WINDOWS\system32\02000000c27ec2a91406C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000c27ec2a91406O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000c27ec2a91406P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000c27ec2a91406S.manifest (Malware.Trace) -> Quarantined and deleted successfully.
(end)
www.malwarebytes.org
Database version: v2012.05.18.08
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: ALEXXX-12E93458 [administrator]
5/18/2012 16:04:37
mbam-log-2012-05-18 (16-04-37).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202454
Time elapsed: 1 minute(s), 49 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 1
C:\WINDOWS\system32\atipdlxx32.dll (Trojan.Tracur.S) -> Delete on reboot.
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 5
C:\WINDOWS\system32\atipdlxx32.dll (Trojan.Tracur.S) -> Delete on reboot.
C:\WINDOWS\system32\02000000c27ec2a91406C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000c27ec2a91406O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000c27ec2a91406P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000c27ec2a91406S.manifest (Malware.Trace) -> Quarantined and deleted successfully.
(end)
#25
Posted 18 May 2012 - 06:12 PM
-
- Experts
-
- 17,320 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
Lets use ComboFix to delete those files......
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
4. If ComboFix wants to update.....please allow it to.
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.
After reboot, (in case it asks to reboot)......
Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.
MrC
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:
4. If ComboFix wants to update.....please allow it to.
Quote
File::
C:\WINDOWS\system32\atipdlxx32.dll
C:\WINDOWS\system32\02000000c27ec2a91406C.manifest
C:\WINDOWS\system32\02000000c27ec2a91406P.manifest
C:\WINDOWS\system32\02000000c27ec2a91406S.manifest
C:\WINDOWS\system32\02000000c27ec2a91406O.manifest
C:\WINDOWS\system32\atipdlxx32.dll
C:\WINDOWS\system32\02000000c27ec2a91406C.manifest
C:\WINDOWS\system32\02000000c27ec2a91406P.manifest
C:\WINDOWS\system32\02000000c27ec2a91406S.manifest
C:\WINDOWS\system32\02000000c27ec2a91406O.manifest
Save this as CFScript.txt, in the same location as ComboFix.exe
Refering to the picture above, drag CFScript into ComboFix.exe
CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.
After reboot, (in case it asks to reboot)......
Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.
MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#26
Posted 18 May 2012 - 06:24 PM
-
- Members
-
- 30 posts
New Member
ComboFix 12-05-18.03 - Administrator 05/18/2012 16:16:44.4.2 - x86
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\02000000c27ec2a91406C.manifest"
"c:\windows\system32\02000000c27ec2a91406O.manifest"
"c:\windows\system32\02000000c27ec2a91406P.manifest"
"c:\windows\system32\02000000c27ec2a91406S.manifest"
"c:\windows\system32\atipdlxx32.dll"
c:\windows\system32\vbscript.dll is missing
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\02000000c27ec2a91406C.manifest
c:\windows\system32\02000000c27ec2a91406O.manifest
c:\windows\system32\02000000c27ec2a91406P.manifest
c:\windows\system32\02000000c27ec2a91406S.manifest
c:\windows\system32\atipdlxx32.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-18 to 2012-05-18 )))))))))))))))))))))))))))))))
.
.
2012-05-18 22:47 . 2011-08-16 22:08 1208832 ----a-w- c:\windows\system32\odpdx3232.exe
2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\windows\system32\wbem\snmp
2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\windows\system32\xircom
2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\windows\system32\oobe
2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\windows\srchasst
2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\windows\msagent
2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\program files\microsoft frontpage
2012-05-14 23:57 . 2012-05-14 23:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-14 23:17 . 2012-05-14 23:22 -------- d-----w- c:\windows\SxsCaPendDel
2012-05-14 23:14 . 2012-05-14 23:14 -------- d-----w- c:\windows\system32\syncdb
2012-04-29 23:41 . 2012-04-29 23:41 -------- d-----w- c:\program files\Common Files\Java
2012-04-29 23:40 . 2012-04-29 23:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-29 23:40 . 2012-04-29 23:40 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-29 23:40 . 2010-08-02 04:07 472864 -c--a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56 . 2010-02-08 23:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 21:24 . 2012-03-30 21:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2012-03-26 21:24 . 2012-03-30 21:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2012-03-26 21:24 . 2012-03-30 21:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2012-03-26 21:24 . 2012-03-30 21:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2012-03-26 21:24 . 2012-03-30 21:47 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-03-03 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2012-05-16_22.38.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-18 23:21 . 2012-05-18 23:21 16384 c:\windows\Temp\Perflib_Perfdata_730.dat
+ 2001-08-23 13:00 . 2012-05-18 23:12 58170 c:\windows\system32\perfc009.dat
- 2001-08-23 13:00 . 2012-05-16 22:29 58170 c:\windows\system32\perfc009.dat
+ 2001-08-23 13:00 . 2012-05-18 23:12 392690 c:\windows\system32\perfh009.dat
- 2001-08-23 13:00 . 2012-05-16 22:29 392690 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2008-04-14 99840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 03:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-03-26 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-03-26 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-03-26 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-03-26 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-03-26 25704]
S0 mv614x;mv614x;c:\windows\system32\DRIVERS\mv614x.sys [2006-01-06 34432]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-30 691696]
S2 iPod Service32;iPod Service ;c:\windows\system32\atipdlxx32.exe [2011-08-16 1208832]
S3 LynxWDM;LynxWDM;c:\windows\system32\DRIVERS\LynxWDM.sys [2008-06-27 196744]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2007-10-24 23288]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1425521274-1177238915-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-22 21:52]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1425521274-1177238915-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-22 21:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://gmail.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-18 16:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(3968)
c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\odpdx3232.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-05-18 16:23:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-18 23:23
ComboFix2.txt 2012-05-18 22:34
ComboFix3.txt 2012-05-16 22:40
.
Pre-Run: 34,929,643,520 bytes free
Post-Run: 34,985,824,256 bytes free
.
- - End Of File - - F082CB6E869ED7D6170F1D4124FAE054
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\02000000c27ec2a91406C.manifest"
"c:\windows\system32\02000000c27ec2a91406O.manifest"
"c:\windows\system32\02000000c27ec2a91406P.manifest"
"c:\windows\system32\02000000c27ec2a91406S.manifest"
"c:\windows\system32\atipdlxx32.dll"
c:\windows\system32\vbscript.dll is missing
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\02000000c27ec2a91406C.manifest
c:\windows\system32\02000000c27ec2a91406O.manifest
c:\windows\system32\02000000c27ec2a91406P.manifest
c:\windows\system32\02000000c27ec2a91406S.manifest
c:\windows\system32\atipdlxx32.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-18 to 2012-05-18 )))))))))))))))))))))))))))))))
.
.
2012-05-18 22:47 . 2011-08-16 22:08 1208832 ----a-w- c:\windows\system32\odpdx3232.exe
2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\windows\system32\wbem\snmp
2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\windows\system32\xircom
2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\windows\system32\oobe
2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\windows\srchasst
2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\windows\msagent
2012-05-16 22:38 . 2012-05-16 22:38 -------- d-----w- c:\program files\microsoft frontpage
2012-05-14 23:57 . 2012-05-14 23:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-14 23:17 . 2012-05-14 23:22 -------- d-----w- c:\windows\SxsCaPendDel
2012-05-14 23:14 . 2012-05-14 23:14 -------- d-----w- c:\windows\system32\syncdb
2012-04-29 23:41 . 2012-04-29 23:41 -------- d-----w- c:\program files\Common Files\Java
2012-04-29 23:40 . 2012-04-29 23:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-04-29 23:40 . 2012-04-29 23:40 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-29 23:40 . 2010-08-02 04:07 472864 -c--a-w- c:\windows\system32\deployJava1.dll
2012-04-04 22:56 . 2010-02-08 23:45 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-26 21:24 . 2012-03-30 21:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(5).sys
2012-03-26 21:24 . 2012-03-30 21:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(4).sys
2012-03-26 21:24 . 2012-03-30 21:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(3).sys
2012-03-26 21:24 . 2012-03-30 21:48 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(2).sys
2012-03-26 21:24 . 2012-03-30 21:47 25704 ----a-w- c:\windows\system32\drivers\WsAudio_DeviceS(1).sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-03-03 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2012-05-16_22.38.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-18 23:21 . 2012-05-18 23:21 16384 c:\windows\Temp\Perflib_Perfdata_730.dat
+ 2001-08-23 13:00 . 2012-05-18 23:12 58170 c:\windows\system32\perfc009.dat
- 2001-08-23 13:00 . 2012-05-16 22:29 58170 c:\windows\system32\perfc009.dat
+ 2001-08-23 13:00 . 2012-05-18 23:12 392690 c:\windows\system32\perfh009.dat
- 2001-08-23 13:00 . 2012-05-16 22:29 392690 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2008-04-14 99840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 03:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-03-26 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-03-26 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-03-26 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-03-26 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-03-26 25704]
S0 mv614x;mv614x;c:\windows\system32\DRIVERS\mv614x.sys [2006-01-06 34432]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-30 691696]
S2 iPod Service32;iPod Service ;c:\windows\system32\atipdlxx32.exe [2011-08-16 1208832]
S3 LynxWDM;LynxWDM;c:\windows\system32\DRIVERS\LynxWDM.sys [2008-06-27 196744]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys [2007-10-24 23288]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1425521274-1177238915-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-22 21:52]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1425521274-1177238915-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-22 21:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://gmail.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-18 16:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(3968)
c:\documents and settings\Administrator\Application Data\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\odpdx3232.exe
c:\windows\system32\wdfmgr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-05-18 16:23:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-18 23:23
ComboFix2.txt 2012-05-18 22:34
ComboFix3.txt 2012-05-16 22:40
.
Pre-Run: 34,929,643,520 bytes free
Post-Run: 34,985,824,256 bytes free
.
- - End Of File - - F082CB6E869ED7D6170F1D4124FAE054
#27
Posted 18 May 2012 - 06:31 PM
-
- Experts
-
- 17,320 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
Please upload this file to one of these free virus scan sires:
c:\windows\system32\odpdx3232.exe
http://www.virustotal.com/
http://virusscan.jotti.org/en
Let me know the results, just copy back the url.
MrC
c:\windows\system32\odpdx3232.exe
http://www.virustotal.com/
http://virusscan.jotti.org/en
Let me know the results, just copy back the url.
MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#29
Posted 18 May 2012 - 06:44 PM
-
- Experts
-
- 17,320 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
OK, I want you to run VIPRE Rescue Program.
Please create a new system restore point before you run it.
I may take 2 or more hours to run.
http://live.sunbeltsoftware.com/
Just download and run it to start the program.
Let me know, MrC
Please create a new system restore point before you run it.
I may take 2 or more hours to run.
http://live.sunbeltsoftware.com/
Just download and run it to start the program.
Let me know, MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#30
Posted 18 May 2012 - 06:57 PM
-
- Members
-
- 30 posts
New Member
Thanks, I'll run it and report back Monday.
#31
Posted 18 May 2012 - 06:59 PM
-
- Experts
-
- 17,320 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
OK...Thanks, MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#32
Posted 21 May 2012 - 01:50 PM
-
- Members
-
- 30 posts
New Member
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Richard Devine Kit 2\Ric
hard Devine Kit 2 Samples\DevinePlong2.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Richard Devine Kit 2\Ric
hard Devine Kit 2 Samples\DevinePlong5.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Richard Devine Kit 2\Ric
hard Devine Kit 2 Samples\DevineRuck.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Richard Devine Kit 2\Ric
hard Devine Kit 2 Samples\Devinesnit.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Richard Devine Kit 2\Ric
hard Devine Kit 2 Samples\metal 20.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Richard Devine Kit 2\Ric
hard Devine Kit 2.kt2:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\40_wingbit1.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\45_bollydrum3.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\46_birdslice_hi.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\50_zither_hit.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\55_wings_procnoise.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\58_zitherstrumcut.nov:AFP_RESOURCE
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\63_trumpetnomore.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\67_bowlamp.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\71_erp_02.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\77_pianopedal_01.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\80_waterwind_01.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\crash_01.wav:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\crash_04.wav
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\tom_h.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit.
kt2:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman05.nov
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman10.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman14.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman21.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman27.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman28.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman31.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman36.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman37.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman38.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman41.nov
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman45.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman55.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman58.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman60.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman61.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman66.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman72.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\base.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\fm11.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\fm3.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\fm6.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\gr6.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\ic_zap.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\noi4.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\spr1.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\spr15.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\sto_bd.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\tik_sn.nov:AFP_RESOURCE
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\chirp 3.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\clap st 3.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\clap verb 1.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\clap verb 3.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\hat 1.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\hat 4.wav:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\kick 10.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\kick 7.wav:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\rim 2.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\snap st 4.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\snare 7.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\TTA 2.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples\aquashaker.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples\chorus_beat.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples\cr_congah.wav:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples\electrorimshot.wav:AFP_RESOURCE
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples\mouth4.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples\nordlead6.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples\quankick.nov:AFP_RESOURCE
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples\stock2.nov
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples\typewriter- A2.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples\typewriter_b1.wav:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Template Kits\GM2 Template.kt3:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Default\Impulses\EP Room.wav:AFP_AFPI
NFO
D:\Sample Libraries\Elektrik Piano Library\ElektrikPiano_Lib_part1.nks:AFP_AFPIN
FO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\1 - MK1\MK 1 - Martin
is Con Queso.nki:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\1 - MK1 (Medium)\MK 1
- Essential (Medium).nki:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\1 - MK1 (Medium)\MK 1
- Reverb (M).nki:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\1 - MK1 (Small)\MK 1
- Delay (S).nki:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\1 - MK1 (Small)\MK 1
- XFX Mars Rumors (S).nki:AFP_RESOURCE
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\2 - MK2\MK 2 - Phaser
.nki
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\2 - MK2 (Medium)\MK 2
- Flanger (M).nki:AFP_RESOURCE
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\2 - MK2 (Small)\MK 2
- Chorus (S).nki:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\3 - A200
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\3 - A200\A200 - Mello
w.nki
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\3 - A200 (Medium)\A20
0 - Delay and Comp (M).nki
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\3 - A200 (Small)\A200
- ADSR Envelope (S).nki:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\3 - A200 (Small)\A200
- XFX Underworld (S).nki:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\4 - E7\E7 - Funky Mam
a!.nki:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\4 - E7 (Medium)\E7 -
Chorus (M).nki:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\4 - E7 (Small):AFP_AF
PINFO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\4 - E7 (Small)\E7 - D
ubsichord (S).nki:AFP_RESOURCE
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\5 - Authentic Instrum
ents
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\5 - Authentic Instrum
ents\MK 1 - Authentic Amp.nki:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Performances 1.5\2 - MK2 FX Basics.nk
b:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Performances 1.5\4 Instruments (Small
).nkb:AFP_RESOURCE
Scanning registry...
HKEY_USERS\S-1-5-19_Classes\
HKEY_LOCAL_MACHINE\Software\Classes\OWS.PptUI\
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{525F116F-04AD-40A2-AE2F-A0C4E1AFEF98}
\
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{00000564-0000-0010-8000-00AA006D2
EA4}\
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3EBEAA5B-5166-4FEC-8625-56F078646
3D4}\
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{B66A7A1B-8FC6-448C-A2EB-3C5595747
8A1}\
HKEY_USERS\.DEFAULT\software\microsoft\windows\currentversion\policies\shell\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CiSvc\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\efs\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\Enum\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Null\Enum\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelin
e\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
Scan completed.
Scan time: 02:34:52
Rootkits: 4740 scanned, 0 found
Processes: 37 scanned, 1 found
Modules: 1810 scanned, 0 found
Folders: 16226 scanned, 0 found
Files: 209126 scanned, 37 found
Registry: 23719 scanned, 0 found
Total: 255658 scanned, 38 found
38 threat traces were detected.
Starting clean.
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\alexincorpora
te.html, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\atomsk4.html,
ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\chewyandgummy
.html, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\clutch1616.ht
ml, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\gweed11.html,
ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\ihypergg.html
, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\jin149.html,
ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\kikkoboyie.ht
ml, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\lemonsong1.ht
ml, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\llinhh.html,
ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\meaculpa893.h
tml, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\ngayth0.html,
ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\qtcooki.html,
ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\remedybix.htm
l, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\stopscurvynow
.html, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\wizardjon1.ht
ml, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\My Assignments\blackdaveonsummer.htm, ID: 41110
72, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\My Assignments\chewandgummy.htm, ID: 4111072, N
ame: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\My Assignments\chewy2.htm, ID: 4111072, Name: T
rojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\My Assignments\chewy3.htm, ID: 4111072, Name: T
rojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\My Assignments\chewy4.htm, ID: 4111072, Name: T
rojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\My Assignments\diamondyang.com\index.html, ID:
4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\My Assignments\katesoo.htm, ID: 4111072, Name:
Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\My Assignments\qtcookisummer2.htm, ID: 4111072,
Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\My Assignments\remedy.htm, ID: 4111072, Name: T
rojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\My Assignments\remedy2.htm, ID: 4111072, Name:
Trojan-Clicker.HTML.IFrame (v)
Quarantine {9E4B3814-AFD7-4615-BD04-4DB3A442A09D} completed.
[CLEANING] Item: C:\Documents and Settings\Administrator\Application Data\E67E.0
B8, ID: 4742528, Name: Backdoor.Win32.Cycbot.cfg (v)
Quarantine {C3F9AAAC-AF73-4210-AB17-8CB996222DB6} completed.
Quarantine {D7518AC2-8914-49A8-86AB-3471CAC9F367} completed.
[CLEANING] Item: C:\Qoobox\Quarantine\C\WINDOWS\system32\atipdlxx32.dll.vir, ID:
4150696, Name: Trojan.Win32.Generic!BT
Quarantine {12043099-F6BB-4F83-8024-99F1B3E8F944} completed.
Quarantine {2CBA0543-4AF5-4483-9045-8A69A6E9AAF2} completed.
[CLEANING] Item: C:\temp\atudiodevil\keygen.exe, ID: 4150696, Name: Trojan.Win32
.Generic!BT
Quarantine {DFCA85B2-185D-453C-83FF-8D45D44C98EB} completed.
Quarantine {0BD4A3EA-157D-4343-9D61-08C6F48979FC} completed.
[CLEANING] Item: D:\My Documents\Downloads\Antares Autotune\Auto-Tune_evo_VST_PC
_v6.09.exe, ID: 4150696, Name: Trojan.Win32.Generic!BT
Quarantine {F92BB632-CF2E-408D-AD61-80A977CC4AA8} completed.
Clean completed.
Clean time: 00:01:06
8 threats were cleaned.
hard Devine Kit 2 Samples\DevinePlong2.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Richard Devine Kit 2\Ric
hard Devine Kit 2 Samples\DevinePlong5.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Richard Devine Kit 2\Ric
hard Devine Kit 2 Samples\DevineRuck.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Richard Devine Kit 2\Ric
hard Devine Kit 2 Samples\Devinesnit.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Richard Devine Kit 2\Ric
hard Devine Kit 2 Samples\metal 20.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Richard Devine Kit 2\Ric
hard Devine Kit 2.kt2:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\40_wingbit1.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\45_bollydrum3.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\46_birdslice_hi.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\50_zither_hit.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\55_wings_procnoise.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\58_zitherstrumcut.nov:AFP_RESOURCE
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\63_trumpetnomore.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\67_bowlamp.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\71_erp_02.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\77_pianopedal_01.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\80_waterwind_01.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\crash_01.wav:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\crash_04.wav
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit
Samples\tom_h.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Schmutz Kit\Schmutz Kit.
kt2:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman05.nov
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman10.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman14.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman21.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman27.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman28.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman31.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman36.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman37.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman38.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman41.nov
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman45.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman55.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman58.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman60.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman61.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman66.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Sgerman Kit\Sgerman Kit
Samples\sgerman72.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\base.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\fm11.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\fm3.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\fm6.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\gr6.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\ic_zap.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\noi4.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\spr1.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\spr15.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\sto_bd.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Starwars Disco Kit\Starw
ars Disco Kit Samples\tik_sn.nov:AFP_RESOURCE
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\chirp 3.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\clap st 3.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\clap verb 1.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\clap verb 3.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\hat 1.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\hat 4.wav:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\kick 10.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\kick 7.wav:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\rim 2.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\snap st 4.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\snare 7.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Telefon Tel Aviv Kit\Tel
efon Tel Aviv Kit Samples\TTA 2.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples\aquashaker.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples\chorus_beat.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples\cr_congah.wav:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples\electrorimshot.wav:AFP_RESOURCE
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples\mouth4.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples\nordlead6.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples\quankick.nov:AFP_RESOURCE
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples\stock2.nov
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples\typewriter- A2.nov:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Synthetic Drums 2\Un_Skool Kit\Un_Skool Hi
pHop Kit Samples\typewriter_b1.wav:AFP_AFPINFO
D:\Sample Libraries\Battery 3 Library\Template Kits\GM2 Template.kt3:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Default\Impulses\EP Room.wav:AFP_AFPI
NFO
D:\Sample Libraries\Elektrik Piano Library\ElektrikPiano_Lib_part1.nks:AFP_AFPIN
FO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\1 - MK1\MK 1 - Martin
is Con Queso.nki:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\1 - MK1 (Medium)\MK 1
- Essential (Medium).nki:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\1 - MK1 (Medium)\MK 1
- Reverb (M).nki:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\1 - MK1 (Small)\MK 1
- Delay (S).nki:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\1 - MK1 (Small)\MK 1
- XFX Mars Rumors (S).nki:AFP_RESOURCE
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\2 - MK2\MK 2 - Phaser
.nki
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\2 - MK2 (Medium)\MK 2
- Flanger (M).nki:AFP_RESOURCE
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\2 - MK2 (Small)\MK 2
- Chorus (S).nki:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\3 - A200
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\3 - A200\A200 - Mello
w.nki
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\3 - A200 (Medium)\A20
0 - Delay and Comp (M).nki
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\3 - A200 (Small)\A200
- ADSR Envelope (S).nki:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\3 - A200 (Small)\A200
- XFX Underworld (S).nki:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\4 - E7\E7 - Funky Mam
a!.nki:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\4 - E7 (Medium)\E7 -
Chorus (M).nki:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\4 - E7 (Small):AFP_AF
PINFO
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\4 - E7 (Small)\E7 - D
ubsichord (S).nki:AFP_RESOURCE
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\5 - Authentic Instrum
ents
D:\Sample Libraries\Elektrik Piano Library\Instruments 1.5\5 - Authentic Instrum
ents\MK 1 - Authentic Amp.nki:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Performances 1.5\2 - MK2 FX Basics.nk
b:AFP_AFPINFO
D:\Sample Libraries\Elektrik Piano Library\Performances 1.5\4 Instruments (Small
).nkb:AFP_RESOURCE
Scanning registry...
HKEY_USERS\S-1-5-19_Classes\
HKEY_LOCAL_MACHINE\Software\Classes\OWS.PptUI\
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{525F116F-04AD-40A2-AE2F-A0C4E1AFEF98}
\
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{00000564-0000-0010-8000-00AA006D2
EA4}\
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3EBEAA5B-5166-4FEC-8625-56F078646
3D4}\
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{B66A7A1B-8FC6-448C-A2EB-3C5595747
8A1}\
HKEY_USERS\.DEFAULT\software\microsoft\windows\currentversion\policies\shell\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CiSvc\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\efs\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPSec\Enum\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Null\Enum\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\Policy\Pipelin
e\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
Scan completed.
Scan time: 02:34:52
Rootkits: 4740 scanned, 0 found
Processes: 37 scanned, 1 found
Modules: 1810 scanned, 0 found
Folders: 16226 scanned, 0 found
Files: 209126 scanned, 37 found
Registry: 23719 scanned, 0 found
Total: 255658 scanned, 38 found
38 threat traces were detected.
Starting clean.
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\alexincorpora
te.html, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\atomsk4.html,
ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\chewyandgummy
.html, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\clutch1616.ht
ml, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\gweed11.html,
ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\ihypergg.html
, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\jin149.html,
ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\kikkoboyie.ht
ml, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\lemonsong1.ht
ml, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\llinhh.html,
ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\meaculpa893.h
tml, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\ngayth0.html,
ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\qtcooki.html,
ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\remedybix.htm
l, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\stopscurvynow
.html, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\AIMLogger\alexincorporate\IM Logs\wizardjon1.ht
ml, ID: 4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\My Assignments\blackdaveonsummer.htm, ID: 41110
72, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\My Assignments\chewandgummy.htm, ID: 4111072, N
ame: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\My Assignments\chewy2.htm, ID: 4111072, Name: T
rojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\My Assignments\chewy3.htm, ID: 4111072, Name: T
rojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\My Assignments\chewy4.htm, ID: 4111072, Name: T
rojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\My Assignments\diamondyang.com\index.html, ID:
4111072, Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\My Assignments\katesoo.htm, ID: 4111072, Name:
Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\My Assignments\qtcookisummer2.htm, ID: 4111072,
Name: Trojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\My Assignments\remedy.htm, ID: 4111072, Name: T
rojan-Clicker.HTML.IFrame (v)
[CLEANING] Item: D:\My Documents\My Assignments\remedy2.htm, ID: 4111072, Name:
Trojan-Clicker.HTML.IFrame (v)
Quarantine {9E4B3814-AFD7-4615-BD04-4DB3A442A09D} completed.
[CLEANING] Item: C:\Documents and Settings\Administrator\Application Data\E67E.0
B8, ID: 4742528, Name: Backdoor.Win32.Cycbot.cfg (v)
Quarantine {C3F9AAAC-AF73-4210-AB17-8CB996222DB6} completed.
Quarantine {D7518AC2-8914-49A8-86AB-3471CAC9F367} completed.
[CLEANING] Item: C:\Qoobox\Quarantine\C\WINDOWS\system32\atipdlxx32.dll.vir, ID:
4150696, Name: Trojan.Win32.Generic!BT
Quarantine {12043099-F6BB-4F83-8024-99F1B3E8F944} completed.
Quarantine {2CBA0543-4AF5-4483-9045-8A69A6E9AAF2} completed.
[CLEANING] Item: C:\temp\atudiodevil\keygen.exe, ID: 4150696, Name: Trojan.Win32
.Generic!BT
Quarantine {DFCA85B2-185D-453C-83FF-8D45D44C98EB} completed.
Quarantine {0BD4A3EA-157D-4343-9D61-08C6F48979FC} completed.
[CLEANING] Item: D:\My Documents\Downloads\Antares Autotune\Auto-Tune_evo_VST_PC
_v6.09.exe, ID: 4150696, Name: Trojan.Win32.Generic!BT
Quarantine {F92BB632-CF2E-408D-AD61-80A977CC4AA8} completed.
Clean completed.
Clean time: 00:01:06
8 threats were cleaned.
#33
Posted 21 May 2012 - 02:34 PM
-
- Experts
-
- 17,320 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
Please Update and run a Quick Scan with MBAM, post the report.
Make sure that everything is checked, and click Remove Selected.
Please let me know how it is, MrC
Make sure that everything is checked, and click Remove Selected.
Please let me know how it is, MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#34
Posted 21 May 2012 - 02:43 PM
-
- Members
-
- 30 posts
New Member
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.21.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: ALEXXX-12E93458 [administrator]
5/21/2012 12:41:21
mbam-log-2012-05-21 (12-41-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202985
Time elapsed: 1 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\WINDOWS\system32\02000000c27ec2a91406C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000c27ec2a91406O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000c27ec2a91406P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000c27ec2a91406S.manifest (Malware.Trace) -> Quarantined and deleted successfully.
(end)
www.malwarebytes.org
Database version: v2012.05.21.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: ALEXXX-12E93458 [administrator]
5/21/2012 12:41:21
mbam-log-2012-05-21 (12-41-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202985
Time elapsed: 1 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\WINDOWS\system32\02000000c27ec2a91406C.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000c27ec2a91406O.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000c27ec2a91406P.manifest (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\02000000c27ec2a91406S.manifest (Malware.Trace) -> Quarantined and deleted successfully.
(end)
#35
Posted 21 May 2012 - 02:54 PM
-
- Experts
-
- 17,320 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
Scan for rootkits with GMER Rootkit Scanner
Download GMER Rootkit Scanner from HERE to your desktop.
Double click the .exe file (it will be named some random characters). If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in Gmer.txt or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
NOTE:
If you cannot run GMER as indicated above, please save a scan from the initial startup scan.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click the gmer.exe file.
The program will begin to run, and perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.
After the "initial scan" is complete, click on the Save button, and save the log file to your desktop, and post it in your reply
MrC
Download GMER Rootkit Scanner from HERE to your desktop.
Double click the .exe file (it will be named some random characters). If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in Gmer.txt or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and post it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
NOTE:
If you cannot run GMER as indicated above, please save a scan from the initial startup scan.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double click the gmer.exe file.
The program will begin to run, and perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.
After the "initial scan" is complete, click on the Save button, and save the log file to your desktop, and post it in your reply
MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
#36
Posted 21 May 2012 - 04:26 PM
-
- Members
-
- 30 posts
New Member
<p><span style="font-size:18px;"><strong>Gmer.txt:</strong></span></p>
<p>-----------------------------------------------------</p>
<p>GMER 1.0.15.15641 - http://www.gmer.net</p>
<div>Rootkit scan 2012-05-21 14:26:09</div>
<div>Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17 WDC_WD740GD-00FLC0 rev.33.08F33</div>
<div>Running: ie9w8jqn.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\awlyiaoc.sys</div>
<div> </div>
<div> </div>
<div>---- System - GMER 1.0.15 ----</div>
<div> </div>
<div>SSDT spjk.sys ZwCreateKey [0xF74E40E0]</div>
<div>SSDT spjk.sys ZwEnumerateKey [0xF74FCDA4]</div>
<div>SSDT spjk.sys ZwEnumerateValueKey [0xF74FD132]</div>
<div>SSDT spjk.sys ZwOpenKey [0xF74E40C0]</div>
<div>SSDT spjk.sys ZwQueryKey [0xF74FD20A]</div>
<div>SSDT spjk.sys ZwQueryValueKey [0xF74FD08A]</div>
<div>SSDT spjk.sys ZwSetValueKey [0xF74FD29C]</div>
<div> </div>
<div>INT 0x62 ? 89BA0BF8</div>
<div>INT 0x63 ? 89BA3BF8</div>
<div>INT 0x73 ? 89A39BF8</div>
<div>INT 0x82 ? 89BA0BF8</div>
<div>INT 0x84 ? 89A39BF8</div>
<div>INT 0x94 ? 89A39BF8</div>
<div>INT 0xA4 ? 89BA0BF8</div>
<div> </div>
<div>---- Devices - GMER 1.0.15 ----</div>
<div> </div>
<div>Device \FileSystem\Ntfs \Ntfs 89C101F8</div>
<div>Device \FileSystem\Fastfat \FatCdrom 891A01F8</div>
<div>Device \Driver\PCI_PNP4710 \Device\00000040 spjk.sys</div>
<div>Device \Driver\PCI_PNP4710 \Device\00000040 spjk.sys</div>
<div>Device \Driver\usbuhci \Device\USBPDO-0 89A401F8</div>
<div>Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C121F8</div>
<div>Device \Driver\dmio \Device\DmControl\DmConfig 89C121F8</div>
<div>Device \Driver\dmio \Device\DmControl\DmPnP 89C121F8</div>
<div>Device \Driver\dmio \Device\DmControl\DmInfo 89C121F8</div>
<div>Device \Driver\usbuhci \Device\USBPDO-1 89A401F8</div>
<div>Device \Driver\usbuhci \Device\USBPDO-2 89A401F8</div>
<div>Device \Driver\usbuhci \Device\USBPDO-3 89A401F8</div>
<div>Device \Driver\usbehci \Device\USBPDO-4 89A3C1F8</div>
<div>Device \Driver\Ftdisk \Device\HarddiskVolume1 89BA11F8</div>
<div>Device \Driver\Ftdisk \Device\HarddiskVolume2 89BA11F8</div>
<div>Device \Driver\Cdrom \Device\CdRom0 899B91F8</div>
<div>Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdePort2 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdePort3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\NetBT \Device\NetBT_Tcpip_{FE9C3D2F-3043-4C23-A592-1D6D3FE86BA3} 894201F8</div>
<div>Device \Driver\Cdrom \Device\CdRom1 899B91F8</div>
<div>Device \Driver\NetBT \Device\NetBt_Wins_Export 894201F8</div>
<div>Device \Driver\NetBT \Device\NetbiosSmb 894201F8</div>
<div>Device \Driver\sptd \Device\3878850960 spjk.sys</div>
<div>Device \Driver\usbuhci \Device\USBFDO-0 89A401F8</div>
<div>Device \Driver\usbuhci \Device\USBFDO-1 89A401F8</div>
<div>Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 894241F8</div>
<div>Device \Driver\usbuhci \Device\USBFDO-2 89A401F8</div>
<div>Device \FileSystem\MRxSmb \Device\LanmanRedirector 894241F8</div>
<div>Device \Driver\usbuhci \Device\USBFDO-3 89A401F8</div>
<div>Device \Driver\usbehci \Device\USBFDO-4 89A3C1F8</div>
<div>Device \Driver\Ftdisk \Device\FtControl 89BA11F8</div>
<div>Device \Driver\NetBT \Device\NetBT_Tcpip_{6DF6B719-B140-40B1-BA68-29991289C2F8} 894201F8</div>
<div>Device \Driver\avi2gbxl \Device\Scsi\avi2gbxl1 899B51F8</div>
<div>Device \Driver\mv614x \Device\Scsi\mv614x1 89C111F8</div>
<div>Device \Driver\avi2gbxl \Device\Scsi\avi2gbxl1Port5Path0Target0Lun0 899B51F8</div>
<div>Device \FileSystem\Fastfat \Fat 891A01F8</div>
<div>Device \FileSystem\Cdfs \Cdfs 893B91F8</div>
<div> </div>
<div>---- Registry - GMER 1.0.15 ----</div>
<div> </div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC </div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x80 0x69 0x9A ...</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 </div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xA6 0x39 0x34 ...</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 </div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x79 0x27 0x7A ...</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 </div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0xA3 0x77 0x6C ...</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) </div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x80 0x69 0x9A ...</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) </div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xA6 0x39 0x34 ...</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) </div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x79 0x27 0x7A ...</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) </div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0xA3 0x77 0x6C ...</div>
<div> </div>
<div>---- EOF - GMER 1.0.15 ----</div>
<div> </div>
<p>-----------------------------------------------------</p>
<p>GMER 1.0.15.15641 - http://www.gmer.net</p>
<div>Rootkit scan 2012-05-21 14:26:09</div>
<div>Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17 WDC_WD740GD-00FLC0 rev.33.08F33</div>
<div>Running: ie9w8jqn.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\awlyiaoc.sys</div>
<div> </div>
<div> </div>
<div>---- System - GMER 1.0.15 ----</div>
<div> </div>
<div>SSDT spjk.sys ZwCreateKey [0xF74E40E0]</div>
<div>SSDT spjk.sys ZwEnumerateKey [0xF74FCDA4]</div>
<div>SSDT spjk.sys ZwEnumerateValueKey [0xF74FD132]</div>
<div>SSDT spjk.sys ZwOpenKey [0xF74E40C0]</div>
<div>SSDT spjk.sys ZwQueryKey [0xF74FD20A]</div>
<div>SSDT spjk.sys ZwQueryValueKey [0xF74FD08A]</div>
<div>SSDT spjk.sys ZwSetValueKey [0xF74FD29C]</div>
<div> </div>
<div>INT 0x62 ? 89BA0BF8</div>
<div>INT 0x63 ? 89BA3BF8</div>
<div>INT 0x73 ? 89A39BF8</div>
<div>INT 0x82 ? 89BA0BF8</div>
<div>INT 0x84 ? 89A39BF8</div>
<div>INT 0x94 ? 89A39BF8</div>
<div>INT 0xA4 ? 89BA0BF8</div>
<div> </div>
<div>---- Devices - GMER 1.0.15 ----</div>
<div> </div>
<div>Device \FileSystem\Ntfs \Ntfs 89C101F8</div>
<div>Device \FileSystem\Fastfat \FatCdrom 891A01F8</div>
<div>Device \Driver\PCI_PNP4710 \Device\00000040 spjk.sys</div>
<div>Device \Driver\PCI_PNP4710 \Device\00000040 spjk.sys</div>
<div>Device \Driver\usbuhci \Device\USBPDO-0 89A401F8</div>
<div>Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C121F8</div>
<div>Device \Driver\dmio \Device\DmControl\DmConfig 89C121F8</div>
<div>Device \Driver\dmio \Device\DmControl\DmPnP 89C121F8</div>
<div>Device \Driver\dmio \Device\DmControl\DmInfo 89C121F8</div>
<div>Device \Driver\usbuhci \Device\USBPDO-1 89A401F8</div>
<div>Device \Driver\usbuhci \Device\USBPDO-2 89A401F8</div>
<div>Device \Driver\usbuhci \Device\USBPDO-3 89A401F8</div>
<div>Device \Driver\usbehci \Device\USBPDO-4 89A3C1F8</div>
<div>Device \Driver\Ftdisk \Device\HarddiskVolume1 89BA11F8</div>
<div>Device \Driver\Ftdisk \Device\HarddiskVolume2 89BA11F8</div>
<div>Device \Driver\Cdrom \Device\CdRom0 899B91F8</div>
<div>Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdePort2 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdePort3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\NetBT \Device\NetBT_Tcpip_{FE9C3D2F-3043-4C23-A592-1D6D3FE86BA3} 894201F8</div>
<div>Device \Driver\Cdrom \Device\CdRom1 899B91F8</div>
<div>Device \Driver\NetBT \Device\NetBt_Wins_Export 894201F8</div>
<div>Device \Driver\NetBT \Device\NetbiosSmb 894201F8</div>
<div>Device \Driver\sptd \Device\3878850960 spjk.sys</div>
<div>Device \Driver\usbuhci \Device\USBFDO-0 89A401F8</div>
<div>Device \Driver\usbuhci \Device\USBFDO-1 89A401F8</div>
<div>Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 894241F8</div>
<div>Device \Driver\usbuhci \Device\USBFDO-2 89A401F8</div>
<div>Device \FileSystem\MRxSmb \Device\LanmanRedirector 894241F8</div>
<div>Device \Driver\usbuhci \Device\USBFDO-3 89A401F8</div>
<div>Device \Driver\usbehci \Device\USBFDO-4 89A3C1F8</div>
<div>Device \Driver\Ftdisk \Device\FtControl 89BA11F8</div>
<div>Device \Driver\NetBT \Device\NetBT_Tcpip_{6DF6B719-B140-40B1-BA68-29991289C2F8} 894201F8</div>
<div>Device \Driver\avi2gbxl \Device\Scsi\avi2gbxl1 899B51F8</div>
<div>Device \Driver\mv614x \Device\Scsi\mv614x1 89C111F8</div>
<div>Device \Driver\avi2gbxl \Device\Scsi\avi2gbxl1Port5Path0Target0Lun0 899B51F8</div>
<div>Device \FileSystem\Fastfat \Fat 891A01F8</div>
<div>Device \FileSystem\Cdfs \Cdfs 893B91F8</div>
<div> </div>
<div>---- Registry - GMER 1.0.15 ----</div>
<div> </div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC </div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x80 0x69 0x9A ...</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 </div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xA6 0x39 0x34 ...</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 </div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x79 0x27 0x7A ...</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 </div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0xA3 0x77 0x6C ...</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) </div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x80 0x69 0x9A ...</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) </div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xA6 0x39 0x34 ...</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) </div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x79 0x27 0x7A ...</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) </div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0xA3 0x77 0x6C ...</div>
<div> </div>
<div>---- EOF - GMER 1.0.15 ----</div>
<div> </div>
#37
Posted 21 May 2012 - 04:27 PM
-
- Members
-
- 30 posts
New Member
<p> </p>
<div>GMER 1.0.15.15641 - http://www.gmer.net</div>
<div>Rootkit scan 2012-05-21 14:26:09</div>
<div>Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17 WDC_WD740GD-00FLC0 rev.33.08F33</div>
<div>Running: ie9w8jqn.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\awlyiaoc.sys</div>
<div> </div>
<div> </div>
<div>---- System - GMER 1.0.15 ----</div>
<div> </div>
<div>SSDT spjk.sys ZwCreateKey [0xF74E40E0]</div>
<div>SSDT spjk.sys ZwEnumerateKey [0xF74FCDA4]</div>
<div>SSDT spjk.sys ZwEnumerateValueKey [0xF74FD132]</div>
<div>SSDT spjk.sys ZwOpenKey [0xF74E40C0]</div>
<div>SSDT spjk.sys ZwQueryKey [0xF74FD20A]</div>
<div>SSDT spjk.sys ZwQueryValueKey [0xF74FD08A]</div>
<div>SSDT spjk.sys ZwSetValueKey [0xF74FD29C]</div>
<div> </div>
<div>INT 0x62 ? 89BA0BF8</div>
<div>INT 0x63 ? 89BA3BF8</div>
<div>INT 0x73 ? 89A39BF8</div>
<div>INT 0x82 ? 89BA0BF8</div>
<div>INT 0x84 ? 89A39BF8</div>
<div>INT 0x94 ? 89A39BF8</div>
<div>INT 0xA4 ? 89BA0BF8</div>
<div> </div>
<div>---- Devices - GMER 1.0.15 ----</div>
<div> </div>
<div>Device \FileSystem\Ntfs \Ntfs 89C101F8</div>
<div>Device \FileSystem\Fastfat \FatCdrom 891A01F8</div>
<div>Device \Driver\PCI_PNP4710 \Device\00000040 spjk.sys</div>
<div>Device \Driver\PCI_PNP4710 \Device\00000040 spjk.sys</div>
<div>Device \Driver\usbuhci \Device\USBPDO-0 89A401F8</div>
<div>Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C121F8</div>
<div>Device \Driver\dmio \Device\DmControl\DmConfig 89C121F8</div>
<div>Device \Driver\dmio \Device\DmControl\DmPnP 89C121F8</div>
<div>Device \Driver\dmio \Device\DmControl\DmInfo 89C121F8</div>
<div>Device \Driver\usbuhci \Device\USBPDO-1 89A401F8</div>
<div>Device \Driver\usbuhci \Device\USBPDO-2 89A401F8</div>
<div>Device \Driver\usbuhci \Device\USBPDO-3 89A401F8</div>
<div>Device \Driver\usbehci \Device\USBPDO-4 89A3C1F8</div>
<div>Device \Driver\Ftdisk \Device\HarddiskVolume1 89BA11F8</div>
<div>Device \Driver\Ftdisk \Device\HarddiskVolume2 89BA11F8</div>
<div>Device \Driver\Cdrom \Device\CdRom0 899B91F8</div>
<div>Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdePort2 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdePort3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\NetBT \Device\NetBT_Tcpip_{FE9C3D2F-3043-4C23-A592-1D6D3FE86BA3} 894201F8</div>
<div>Device \Driver\Cdrom \Device\CdRom1 899B91F8</div>
<div>Device \Driver\NetBT \Device\NetBt_Wins_Export 894201F8</div>
<div>Device \Driver\NetBT \Device\NetbiosSmb 894201F8</div>
<div>Device \Driver\sptd \Device\3878850960 spjk.sys</div>
<div>Device \Driver\usbuhci \Device\USBFDO-0 89A401F8</div>
<div>Device \Driver\usbuhci \Device\USBFDO-1 89A401F8</div>
<div>Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 894241F8</div>
<div>Device \Driver\usbuhci \Device\USBFDO-2 89A401F8</div>
<div>Device \FileSystem\MRxSmb \Device\LanmanRedirector 894241F8</div>
<div>Device \Driver\usbuhci \Device\USBFDO-3 89A401F8</div>
<div>Device \Driver\usbehci \Device\USBFDO-4 89A3C1F8</div>
<div>Device \Driver\Ftdisk \Device\FtControl 89BA11F8</div>
<div>Device \Driver\NetBT \Device\NetBT_Tcpip_{6DF6B719-B140-40B1-BA68-29991289C2F8} 894201F8</div>
<div>Device \Driver\avi2gbxl \Device\Scsi\avi2gbxl1 899B51F8</div>
<div>Device \Driver\mv614x \Device\Scsi\mv614x1 89C111F8</div>
<div>Device \Driver\avi2gbxl \Device\Scsi\avi2gbxl1Port5Path0Target0Lun0 899B51F8</div>
<div>Device \FileSystem\Fastfat \Fat 891A01F8</div>
<div>Device \FileSystem\Cdfs \Cdfs 893B91F8</div>
<div> </div>
<div>---- Registry - GMER 1.0.15 ----</div>
<div> </div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC </div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x80 0x69 0x9A ...</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 </div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xA6 0x39 0x34 ...</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 </div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x79 0x27 0x7A ...</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 </div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0xA3 0x77 0x6C ...</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) </div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x80 0x69 0x9A ...</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) </div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xA6 0x39 0x34 ...</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) </div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x79 0x27 0x7A ...</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) </div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0xA3 0x77 0x6C ...</div>
<div> </div>
<div>---- EOF - GMER 1.0.15 ----</div>
<div> </div>
<div>GMER 1.0.15.15641 - http://www.gmer.net</div>
<div>Rootkit scan 2012-05-21 14:26:09</div>
<div>Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17 WDC_WD740GD-00FLC0 rev.33.08F33</div>
<div>Running: ie9w8jqn.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\awlyiaoc.sys</div>
<div> </div>
<div> </div>
<div>---- System - GMER 1.0.15 ----</div>
<div> </div>
<div>SSDT spjk.sys ZwCreateKey [0xF74E40E0]</div>
<div>SSDT spjk.sys ZwEnumerateKey [0xF74FCDA4]</div>
<div>SSDT spjk.sys ZwEnumerateValueKey [0xF74FD132]</div>
<div>SSDT spjk.sys ZwOpenKey [0xF74E40C0]</div>
<div>SSDT spjk.sys ZwQueryKey [0xF74FD20A]</div>
<div>SSDT spjk.sys ZwQueryValueKey [0xF74FD08A]</div>
<div>SSDT spjk.sys ZwSetValueKey [0xF74FD29C]</div>
<div> </div>
<div>INT 0x62 ? 89BA0BF8</div>
<div>INT 0x63 ? 89BA3BF8</div>
<div>INT 0x73 ? 89A39BF8</div>
<div>INT 0x82 ? 89BA0BF8</div>
<div>INT 0x84 ? 89A39BF8</div>
<div>INT 0x94 ? 89A39BF8</div>
<div>INT 0xA4 ? 89BA0BF8</div>
<div> </div>
<div>---- Devices - GMER 1.0.15 ----</div>
<div> </div>
<div>Device \FileSystem\Ntfs \Ntfs 89C101F8</div>
<div>Device \FileSystem\Fastfat \FatCdrom 891A01F8</div>
<div>Device \Driver\PCI_PNP4710 \Device\00000040 spjk.sys</div>
<div>Device \Driver\PCI_PNP4710 \Device\00000040 spjk.sys</div>
<div>Device \Driver\usbuhci \Device\USBPDO-0 89A401F8</div>
<div>Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C121F8</div>
<div>Device \Driver\dmio \Device\DmControl\DmConfig 89C121F8</div>
<div>Device \Driver\dmio \Device\DmControl\DmPnP 89C121F8</div>
<div>Device \Driver\dmio \Device\DmControl\DmInfo 89C121F8</div>
<div>Device \Driver\usbuhci \Device\USBPDO-1 89A401F8</div>
<div>Device \Driver\usbuhci \Device\USBPDO-2 89A401F8</div>
<div>Device \Driver\usbuhci \Device\USBPDO-3 89A401F8</div>
<div>Device \Driver\usbehci \Device\USBPDO-4 89A3C1F8</div>
<div>Device \Driver\Ftdisk \Device\HarddiskVolume1 89BA11F8</div>
<div>Device \Driver\Ftdisk \Device\HarddiskVolume2 89BA11F8</div>
<div>Device \Driver\Cdrom \Device\CdRom0 899B91F8</div>
<div>Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdePort2 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdePort3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}</div>
<div>Device \Driver\NetBT \Device\NetBT_Tcpip_{FE9C3D2F-3043-4C23-A592-1D6D3FE86BA3} 894201F8</div>
<div>Device \Driver\Cdrom \Device\CdRom1 899B91F8</div>
<div>Device \Driver\NetBT \Device\NetBt_Wins_Export 894201F8</div>
<div>Device \Driver\NetBT \Device\NetbiosSmb 894201F8</div>
<div>Device \Driver\sptd \Device\3878850960 spjk.sys</div>
<div>Device \Driver\usbuhci \Device\USBFDO-0 89A401F8</div>
<div>Device \Driver\usbuhci \Device\USBFDO-1 89A401F8</div>
<div>Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 894241F8</div>
<div>Device \Driver\usbuhci \Device\USBFDO-2 89A401F8</div>
<div>Device \FileSystem\MRxSmb \Device\LanmanRedirector 894241F8</div>
<div>Device \Driver\usbuhci \Device\USBFDO-3 89A401F8</div>
<div>Device \Driver\usbehci \Device\USBFDO-4 89A3C1F8</div>
<div>Device \Driver\Ftdisk \Device\FtControl 89BA11F8</div>
<div>Device \Driver\NetBT \Device\NetBT_Tcpip_{6DF6B719-B140-40B1-BA68-29991289C2F8} 894201F8</div>
<div>Device \Driver\avi2gbxl \Device\Scsi\avi2gbxl1 899B51F8</div>
<div>Device \Driver\mv614x \Device\Scsi\mv614x1 89C111F8</div>
<div>Device \Driver\avi2gbxl \Device\Scsi\avi2gbxl1Port5Path0Target0Lun0 899B51F8</div>
<div>Device \FileSystem\Fastfat \Fat 891A01F8</div>
<div>Device \FileSystem\Cdfs \Cdfs 893B91F8</div>
<div> </div>
<div>---- Registry - GMER 1.0.15 ----</div>
<div> </div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC </div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x80 0x69 0x9A ...</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 </div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xA6 0x39 0x34 ...</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 </div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x79 0x27 0x7A ...</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 </div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0</div>
<div>Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0xA3 0x77 0x6C ...</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) </div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x80 0x69 0x9A ...</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) </div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xA6 0x39 0x34 ...</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) </div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x79 0x27 0x7A ...</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) </div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0</div>
<div>Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0xA3 0x77 0x6C ...</div>
<div> </div>
<div>---- EOF - GMER 1.0.15 ----</div>
<div> </div>
#38
Posted 21 May 2012 - 04:30 PM
-
- Members
-
- 30 posts
New Member
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-21 14:26:09
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17 WDC_WD740GD-00FLC0 rev.33.08F33
Running: ie9w8jqn.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\awlyiaoc.sys
---- System - GMER 1.0.15 ----
SSDT spjk.sys ZwCreateKey [0xF74E40E0]
SSDT spjk.sys ZwEnumerateKey [0xF74FCDA4]
SSDT spjk.sys ZwEnumerateValueKey [0xF74FD132]
SSDT spjk.sys ZwOpenKey [0xF74E40C0]
SSDT spjk.sys ZwQueryKey [0xF74FD20A]
SSDT spjk.sys ZwQueryValueKey [0xF74FD08A]
SSDT spjk.sys ZwSetValueKey [0xF74FD29C]
INT 0x62 ? 89BA0BF8
INT 0x63 ? 89BA3BF8
INT 0x73 ? 89A39BF8
INT 0x82 ? 89BA0BF8
INT 0x84 ? 89A39BF8
INT 0x94 ? 89A39BF8
INT 0xA4 ? 89BA0BF8
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 89C101F8
Device \FileSystem\Fastfat \FatCdrom 891A01F8
Device \Driver\PCI_PNP4710 \Device\00000040 spjk.sys
Device \Driver\PCI_PNP4710 \Device\00000040 spjk.sys
Device \Driver\usbuhci \Device\USBPDO-0 89A401F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C121F8
Device \Driver\dmio \Device\DmControl\DmConfig 89C121F8
Device \Driver\dmio \Device\DmControl\DmPnP 89C121F8
Device \Driver\dmio \Device\DmControl\DmInfo 89C121F8
Device \Driver\usbuhci \Device\USBPDO-1 89A401F8
Device \Driver\usbuhci \Device\USBPDO-2 89A401F8
Device \Driver\usbuhci \Device\USBPDO-3 89A401F8
Device \Driver\usbehci \Device\USBPDO-4 89A3C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89BA11F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89BA11F8
Device \Driver\Cdrom \Device\CdRom0 899B91F8
Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBT_Tcpip_{FE9C3D2F-3043-4C23-A592-1D6D3FE86BA3} 894201F8
Device \Driver\Cdrom \Device\CdRom1 899B91F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 894201F8
Device \Driver\NetBT \Device\NetbiosSmb 894201F8
Device \Driver\sptd \Device\3878850960 spjk.sys
Device \Driver\usbuhci \Device\USBFDO-0 89A401F8
Device \Driver\usbuhci \Device\USBFDO-1 89A401F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 894241F8
Device \Driver\usbuhci \Device\USBFDO-2 89A401F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 894241F8
Device \Driver\usbuhci \Device\USBFDO-3 89A401F8
Device \Driver\usbehci \Device\USBFDO-4 89A3C1F8
Device \Driver\Ftdisk \Device\FtControl 89BA11F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6DF6B719-B140-40B1-BA68-29991289C2F8} 894201F8
Device \Driver\avi2gbxl \Device\Scsi\avi2gbxl1 899B51F8
Device \Driver\mv614x \Device\Scsi\mv614x1 89C111F8
Device \Driver\avi2gbxl \Device\Scsi\avi2gbxl1Port5Path0Target0Lun0 899B51F8
Device \FileSystem\Fastfat \Fat 891A01F8
Device \FileSystem\Cdfs \Cdfs 893B91F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x80 0x69 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xA6 0x39 0x34 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x79 0x27 0x7A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0xA3 0x77 0x6C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x80 0x69 0x9A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xA6 0x39 0x34 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x79 0x27 0x7A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0xA3 0x77 0x6C ...
---- EOF - GMER 1.0.15 ----
Rootkit scan 2012-05-21 14:26:09
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17 WDC_WD740GD-00FLC0 rev.33.08F33
Running: ie9w8jqn.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\awlyiaoc.sys
---- System - GMER 1.0.15 ----
SSDT spjk.sys ZwCreateKey [0xF74E40E0]
SSDT spjk.sys ZwEnumerateKey [0xF74FCDA4]
SSDT spjk.sys ZwEnumerateValueKey [0xF74FD132]
SSDT spjk.sys ZwOpenKey [0xF74E40C0]
SSDT spjk.sys ZwQueryKey [0xF74FD20A]
SSDT spjk.sys ZwQueryValueKey [0xF74FD08A]
SSDT spjk.sys ZwSetValueKey [0xF74FD29C]
INT 0x62 ? 89BA0BF8
INT 0x63 ? 89BA3BF8
INT 0x73 ? 89A39BF8
INT 0x82 ? 89BA0BF8
INT 0x84 ? 89A39BF8
INT 0x94 ? 89A39BF8
INT 0xA4 ? 89BA0BF8
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 89C101F8
Device \FileSystem\Fastfat \FatCdrom 891A01F8
Device \Driver\PCI_PNP4710 \Device\00000040 spjk.sys
Device \Driver\PCI_PNP4710 \Device\00000040 spjk.sys
Device \Driver\usbuhci \Device\USBPDO-0 89A401F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 89C121F8
Device \Driver\dmio \Device\DmControl\DmConfig 89C121F8
Device \Driver\dmio \Device\DmControl\DmPnP 89C121F8
Device \Driver\dmio \Device\DmControl\DmInfo 89C121F8
Device \Driver\usbuhci \Device\USBPDO-1 89A401F8
Device \Driver\usbuhci \Device\USBPDO-2 89A401F8
Device \Driver\usbuhci \Device\USBPDO-3 89A401F8
Device \Driver\usbehci \Device\USBPDO-4 89A3C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 89BA11F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 89BA11F8
Device \Driver\Cdrom \Device\CdRom0 899B91F8
Device \Driver\atapi \Device\Ide\IdePort0 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 [F7978B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBT_Tcpip_{FE9C3D2F-3043-4C23-A592-1D6D3FE86BA3} 894201F8
Device \Driver\Cdrom \Device\CdRom1 899B91F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 894201F8
Device \Driver\NetBT \Device\NetbiosSmb 894201F8
Device \Driver\sptd \Device\3878850960 spjk.sys
Device \Driver\usbuhci \Device\USBFDO-0 89A401F8
Device \Driver\usbuhci \Device\USBFDO-1 89A401F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 894241F8
Device \Driver\usbuhci \Device\USBFDO-2 89A401F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 894241F8
Device \Driver\usbuhci \Device\USBFDO-3 89A401F8
Device \Driver\usbehci \Device\USBFDO-4 89A3C1F8
Device \Driver\Ftdisk \Device\FtControl 89BA11F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6DF6B719-B140-40B1-BA68-29991289C2F8} 894201F8
Device \Driver\avi2gbxl \Device\Scsi\avi2gbxl1 899B51F8
Device \Driver\mv614x \Device\Scsi\mv614x1 89C111F8
Device \Driver\avi2gbxl \Device\Scsi\avi2gbxl1Port5Path0Target0Lun0 899B51F8
Device \FileSystem\Fastfat \Fat 891A01F8
Device \FileSystem\Cdfs \Cdfs 893B91F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x80 0x69 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xA6 0x39 0x34 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x79 0x27 0x7A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0xA3 0x77 0x6C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x80 0x69 0x9A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xA6 0x39 0x34 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC5 0x79 0x27 0x7A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xA1 0xA3 0x77 0x6C ...
---- EOF - GMER 1.0.15 ----
Attached Files
-
Gmer.txt 12.6K
5 downloads
#39
Posted 21 May 2012 - 04:31 PM
-
- Members
-
- 30 posts
New Member
Ignore post #36 & #37, I don't know where those are from.
#40
Posted 21 May 2012 - 06:31 PM
-
- Experts
-
- 17,320 posts
Forum Deity
- Gender:Male
- Location:So. Plainfield, New Jersey, USA
The log looks OK.
I'll get back to you asap, MrC
I'll get back to you asap, MrC
Malware Removal Expert
I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.
Thanks MrC & crew
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
