Sign In
Create Account
1
Hello, I've been having issues with malware lately after running a suspicioius exe. After some long scanning and manual removing and mostly malwarebytes, I've got it down to this rootkit, but malwarebytes cannot remove it. It says it removed it, but it does not. It's denying me access to all files except C:\users\myuser\, it even blocks desktop on startup. After some complete scans (which took over an hour) it found 4 infected objects (one being a false positive, but this isn't a thread about that), and that solved it, somewhat. I was able to get back onto my desktop, and everything was accessible, but programs locked up shortly after starting them, until everything was locked up and I could only move my mouse. After I restarted a few times, trying to find out what the problem was (I had thought I had wiped out the rootkit for good), it came back, and blocked my desktop on startup. After another safe mode scan with malwarebytes, it told me the rootkit was still there, and I have been unable to remove it completely. Help!
Using: Windows vista 32 bit
-
This topic is locked
Back to top
#2
Posted 14 September 2009 - 07:10 AM
-
- Experts
-
- 353 posts
True Member
- Gender:Male
- Location:pugent sound
Welcome to the forum Razgriz
There is a recent program update that handles tdss, So Update and do a quick scan, take action on items found and post the logs, if mbam suggested a PC restart do so.
Once the PC is fully restarted run another quick scan take action again and post another log, if items were found.
There is a recent program update that handles tdss, So Update and do a quick scan, take action on items found and post the logs, if mbam suggested a PC restart do so.
Once the PC is fully restarted run another quick scan take action again and post another log, if items were found.
#3
Posted 15 September 2009 - 10:42 PM
-
- Members
-
- 16 posts
New Member
Thanks for getting back to me. I had been regularly updating and scanning with mbam since then, and it did indeed "remove" it. I was overjoyed, there's only one problem. I am locked out of every single file on my computer. On startup, I am presented with a "C:users\myuser\desktop\ Access is denied." error. I have tried taking ownership of the C drive and other measures such as unlocking tools but the only location I can access is C:\users\myuser\. Safe mode is still accessible, however.
#4
Posted 16 September 2009 - 03:42 AM
-
- Experts
-
- 353 posts
True Member
- Gender:Male
- Location:pugent sound
Is this error familur ?
"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item."
"Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item."
#5
Posted 16 September 2009 - 03:46 AM
-
- Members
-
- 16 posts
New Member
No. It merely says "C:\path\ is inaccessible. Access is denied."
#6
Posted 16 September 2009 - 03:57 AM
-
- Experts
-
- 353 posts
True Member
- Gender:Male
- Location:pugent sound
Lets try this tool
You can download it to c:\ or c:\users\
http://download.blee...Bs/ComboFix.exe
A log should open when it is finished, post it.
And gmer
Download and run gmer (use the download exe button) from here >
http://www.gmer.net/#files
Double click GMER. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
Uncheck[]Sections
Uncheck[]IAT/EAT
Uncheck[]Drives/Partition other than Systemdrive (typically C:\)
Uncheck[]Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
save the log to a handy location close gmer and post that log.
You can download it to c:\ or c:\users\
http://download.blee...Bs/ComboFix.exe
A log should open when it is finished, post it.
And gmer
Download and run gmer (use the download exe button) from here >
http://www.gmer.net/#files
Double click GMER. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
Uncheck[]Sections
Uncheck[]IAT/EAT
Uncheck[]Drives/Partition other than Systemdrive (typically C:\)
Uncheck[]Show All (don't miss this one)
Then click the Scan button & wait for it to finish.
save the log to a handy location close gmer and post that log.
#7
Posted 16 September 2009 - 04:35 AM
-
- Members
-
- 16 posts
New Member
Slight problem... I had to run combofix from safe mode, as normal boot is absolutely screwed up, with afformentioned file locks and the entire computer locking up. I ran combofix from safe mode, it ran through its stages, deleted some files, and then restarted my computer. I let it boot into normal mode, and it froze up, unable to give me the log. Should I re-run it, but boot back into safe mode? Combofix also gave me a memory error when I ran it, but after clicking ok, it continued on without problem.
#8
Posted 16 September 2009 - 04:59 AM
-
- Experts
-
- 353 posts
True Member
- Gender:Male
- Location:pugent sound
Is C:\combofix.txt present ?
If so post it
whether it is or not go ahead and re-run combofix .
If so post it
whether it is or not go ahead and re-run combofix .
#9
Posted 16 September 2009 - 05:02 AM
-
- Members
-
- 16 posts
New Member
LonnyRJ, on Sep 16 2009, 12:59 AM, said:
Is C:\combofix.txt present ?
If so post it
whether it is or not go ahead and re-run combofix .
If so post it
whether it is or not go ahead and re-run combofix .
There was a combofix.txt in the combofix folder, unsure if that's what you want (attached regardless). You said to re-run it, so I'm assuming you meant let it reboot into safe mode. I will post again when it's done
Attached Files
-
ComboFix.txt 19.06K
19 downloads
#11
Posted 16 September 2009 - 05:03 PM
-
- Experts
-
- 353 posts
True Member
- Gender:Male
- Location:pugent sound
Yes do post a gmer log
Uninstall all but one of your antivirus program's reboot when prompted.....
Have the symtoms abated ?
Uninstall all but one of your antivirus program's reboot when prompted.....
Have the symtoms abated ?
#12
Posted 18 September 2009 - 07:49 PM
-
- Members
-
- 16 posts
New Member
Sorry for taking so long to get back to you, the scan just completed! I was unable to uninstall my anti-viruses before the scan, windows installer is disabled according to the add/remove program features, this may be either because of me running in safe mode or the virus. It disabled regedit, task manager, and security center when i first got it, I've since re-enabled the first two. Anyway, the file is attached below.
GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-18 15:44:22
Windows 6.0.6000
Running: wv96lcns.exe; Driver: C:\Users\Tyler\AppData\Local\Temp\kxliipow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8299F282]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8299F474]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8299EF32]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8299F67C]
INT 0x52 ? 85851BF8
INT 0x62 ? 85851BF8
INT 0x72 ? 84E18BF8
INT 0x82 ? 84E19BF8
INT 0x92 ? 84E19BF8
INT 0xB1 ? 84E17BF8
INT 0xB1 ? 84E17BF8
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 84E201F8
AttachedDevice \FileSystem\Ntfs \Ntfs FLOCKXP.SYS (File Lock Kernel/TopLang Software)
Device \FileSystem\fastfat \FatCdrom 858A51F8
Device \FileSystem\udfs \UdfsCdRom 858A61F8
Device \FileSystem\udfs \UdfsDisk 858A61F8
Device \Driver\volmgr \Device\VolMgrControl 84E1B1F8
Device \Driver\usbohci \Device\USBPDO-0 8586D1F8
Device \Driver\usbehci \Device\USBPDO-1 858621F8
AttachedDevice \Driver\tdx \Device\Tcp bdftdif.sys
Device \Driver\volmgr \Device\HarddiskVolume1 84E1B1F8
Device \Driver\sptd \Device\1429096140 spjy.sys
Device \Driver\volmgr \Device\HarddiskVolume2 84E1B1F8
Device \Driver\cdrom \Device\CdRom0 8589F1F8
Device \Driver\PCI_PNP8132 \Device\00000065 spjy.sys
Device \Driver\cdrom \Device\CdRom1 8589F1F8
Device \Driver\volmgr \Device\HarddiskVolume3 84E1B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E1D1F8
Device \Driver\atapi \Device\Ide\IdePort0 84E1D1F8
Device \Driver\atapi \Device\Ide\IdePort1 84E1D1F8
Device \Driver\PCI_PNP8132 \Device\00000066 spjy.sys
Device \Driver\nvstor32 \Device\00000073 84E1F1F8
Device \Driver\volmgr \Device\HarddiskVolume4 84E1B1F8
Device \Driver\cdrom \Device\CdRom2 8589F1F8
Device \Driver\volmgr \Device\HarddiskVolume5 84E1B1F8
Device \Driver\volmgr \Device\HarddiskVolume6 84E1B1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 869021F8
Device \Driver\Smb \Device\NetbiosSmb 868DF1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{19783DA3-8429-49B5-937B-C8F512557C03} 869021F8
Device \Driver\nvstor32 \Device\RaidPort0 84E1F1F8
AttachedDevice \Driver\tdx \Device\Udp bdftdif.sys
Device \Driver\nvstor32 \Device\RaidPort1 84E1F1F8
Device \Driver\iScsiPrt \Device\RaidPort2 858EF500
Device \Driver\usbohci \Device\USBFDO-0 8586D1F8
Device \Driver\USBSTOR \Device\0000007a 868ED1F8
Device \Driver\usbehci \Device\USBFDO-1 858621F8
Device \Driver\USBSTOR \Device\0000007b 868ED1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{33CAC489-8E40-420F-A60B-BC82633FE910} 869021F8
Device \Driver\USBSTOR \Device\0000007c 868ED1F8
Device \Driver\sptd \Device\1428940139 spjy.sys
Device \Driver\USBSTOR \Device\0000007d 868ED1F8
Device \Driver\USBSTOR \Device\0000007e 868ED1F8
Device \Driver\ar17qf3k \Device\Scsi\ar17qf3k1 858CE1F8
Device \Driver\agqjcn3u \Device\Scsi\agqjcn3u1Port7Path0Target0Lun0 858E41F8
Device \Driver\ar17qf3k \Device\Scsi\ar17qf3k1Port6Path0Target0Lun0 858CE1F8
Device \Driver\VOBID \Device\Scsi\VOBID1 84E1E1F8
Device \Driver\agqjcn3u \Device\Scsi\agqjcn3u1 858E41F8
Device \FileSystem\fastfat \Fat 858A51F8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat FLOCKXP.SYS (File Lock Kernel/TopLang Software)
Device \FileSystem\cdfs \Cdfs 858A81F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAF 0xF6 0x1C 0x38 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x75 0x25 0x84 0x90 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x59 0x92 0x1C 0x8E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x29 0x41 0x62 0x81 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x66 0x15 0x65 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0xA7 0xFC 0x17 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAF 0xF6 0x1C 0x38 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x75 0x25 0x84 0x90 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x59 0x92 0x1C 0x8E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x29 0x41 0x62 0x81 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x66 0x15 0x65 0x94 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0xA7 0xFC 0x17 ...
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.Axis@ Axis Class
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.Axis\CLSID
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.Axis\CLSID@ {91EA2710-4CC7-48DA-809F-404813CC5A04}
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.Axis\CurVer
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.Axis\CurVer@ BDChartActiveX.Axis.1
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.Axis.1@ Axis Class
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.Axis.1\CLSID
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.Axis.1\CLSID@ {91EA2710-4CC7-48DA-809F-404813CC5A04}
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.BDChartXCtrl@ BDChartXCtrl Class
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.BDChartXCtrl\CLSID
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.BDChartXCtrl\CLSID@ {93495F06-1FA4-4ED6-A07D-854A5B7ADDE5}
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.BDChartXCtrl\CurVer
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.BDChartXCtrl\CurVer@ BDChartActiveX.BDChartXCtrl.1
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.BDChartXCtrl.1@ BDChartXCtrl Class
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.BDChartXCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.BDChartXCtrl.1\CLSID@ {93495F06-1FA4-4ED6-A07D-854A5B7ADDE5}
Reg HKLM\SOFTWARE\Classes\bdelev.ElevatedHelperClass@ ElevatedHelperClass Class
Reg HKLM\SOFTWARE\Classes\bdelev.ElevatedHelperClass\CLSID
Reg HKLM\SOFTWARE\Classes\bdelev.ElevatedHelperClass\CLSID@ {2D57FEDD-C494-4428-A06F-7F628FAB9BEA}
Reg HKLM\SOFTWARE\Classes\bdelev.ElevatedHelperClass\CurVer
Reg HKLM\SOFTWARE\Classes\bdelev.ElevatedHelperClass\CurVer@ bdelev.ElevatedHelperClass.1
Reg HKLM\SOFTWARE\Classes\bdelev.ElevatedHelperClass.1@ ElevatedHelperClass Class
Reg HKLM\SOFTWARE\Classes\bdelev.ElevatedHelperClass.1\CLSID
Reg HKLM\SOFTWARE\Classes\bdelev.ElevatedHelperClass.1\CLSID@ {2D57FEDD-C494-4428-A06F-7F628FAB9BEA}
Reg HKLM\SOFTWARE\Classes\BDShellExt.BDMenu@ BDMenu Class
Reg HKLM\SOFTWARE\Classes\BDShellExt.BDMenu\CLSID
Reg HKLM\SOFTWARE\Classes\BDShellExt.BDMenu\CLSID@ {D653647D-D607-4df6-A5B8-48D2BA195F7B}
Reg HKLM\SOFTWARE\Classes\BDShellExt.BDMenu\CurVer
Reg HKLM\SOFTWARE\Classes\BDShellExt.BDMenu\CurVer@ BDShellExt.BDMenu.1
Reg HKLM\SOFTWARE\Classes\BDShellExt.BDMenu.1@ BDMenu Class
Reg HKLM\SOFTWARE\Classes\BDShellExt.BDMenu.1\CLSID
Reg HKLM\SOFTWARE\Classes\BDShellExt.BDMenu.1\CLSID@ {D653647D-D607-4df6-A5B8-48D2BA195F7B}
Reg HKLM\SOFTWARE\Classes\BitDefender Toolbar@ BitDefender Toolbar
Reg HKLM\SOFTWARE\Classes\BitDefender Toolbar\CLSID
Reg HKLM\SOFTWARE\Classes\BitDefender Toolbar\CLSID@ {381FFDE8-2394-4F90-B10D-FC6124A40F8C}
Reg HKLM\SOFTWARE\Classes\BitDefender.NetworkPlugin3@ BitDefender.NetworkPlugin3
Reg HKLM\SOFTWARE\Classes\BitDefender.NetworkPlugin3\CLSID
Reg HKLM\SOFTWARE\Classes\BitDefender.NetworkPlugin3\CLSID@ {732FF83B-DFB5-4237-8DB3-F1A3264666EB}
Reg HKLM\SOFTWARE\Classes\BitDefender.RootkitScanner@ BitDefender Rootkit Scanner
Reg HKLM\SOFTWARE\Classes\BitDefender.RootkitScanner\CLSID
Reg HKLM\SOFTWARE\Classes\BitDefender.RootkitScanner\CLSID@ {E5AFF088-92F8-41a9-8CAB-E9CDCCE967AC}
Reg HKLM\SOFTWARE\Classes\BitDefender.RootkitScanner\CurVer
Reg HKLM\SOFTWARE\Classes\BitDefender.RootkitScanner\CurVer@ BitDefender.RootkitScanner.1
Reg HKLM\SOFTWARE\Classes\BitDefender.RootkitScanner.1@ BitDefender Rootkit Scanner
Reg HKLM\SOFTWARE\Classes\BitDefender.RootkitScanner.1\CLSID
Reg HKLM\SOFTWARE\Classes\BitDefender.RootkitScanner.1\CLSID@ {E5AFF088-92F8-41a9-8CAB-E9CDCCE967AC}
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenter@ BitDefender Security Center
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenter\CLSID
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenter\CLSID@ {825AFB87-B613-4383-80B1-F22B419513ED}
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenter\CurVer
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenter\CurVer@ BitDefender.SecurityCenter.1
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenter.1@ BitDefender Security Center
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenter.1\CLSID
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenter.1\CLSID@ {825AFB87-B613-4383-80B1-F22B419513ED}
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenterSecurityPlugin@ BitDefender Security Center Security Plugin
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenterSecurityPlugin\CLSID
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenterSecurityPlugin\CLSID@ {322069D4-50F6-42f2-AD29-24666F9F2B88}
Reg HKLM\SOFTWARE\Classes\BitDefender.ThreatScanner@ BitDefender Threat Scanner
Reg HKLM\SOFTWARE\Classes\BitDefender.ThreatScanner\CLSID
Reg HKLM\SOFTWARE\Classes\BitDefender.ThreatScanner\CLSID@ {6DFC0DC7-FDC5-44C2-8B80-5977BA8F8ACC}
Reg HKLM\SOFTWARE\Classes\BitDefender.ThreatScanner\CurVer
Reg HKLM\SOFTWARE\Classes\BitDefender.ThreatScanner\CurVer@ BitDefender.ThreatScanner.1
Reg HKLM\SOFTWARE\Classes\BitDefender.ThreatScanner.1@ BitDefender Threat Scanner
Reg HKLM\SOFTWARE\Classes\BitDefender.ThreatScanner.1\CLSID
Reg HKLM\SOFTWARE\Classes\BitDefender.ThreatScanner.1\CLSID@ {6DFC0DC7-FDC5-44C2-8B80-5977BA8F8ACC}
Reg HKLM\SOFTWARE\Classes\BitDefender.UIThreatScanner@ BitDefender.UIThreatScanner
Reg HKLM\SOFTWARE\Classes\BitDefender.UIThreatScanner\CLSID
Reg HKLM\SOFTWARE\Classes\BitDefender.UIThreatScanner\CLSID@ {DAD72320-0CEB-4B96-8AF0-89ED2C7A711A}
Reg HKLM\SOFTWARE\Classes\SIMPLECONTAINERA.SimpleContainerACtrl.1@ SimpleContainerActiveX Control
Reg HKLM\SOFTWARE\Classes\SIMPLECONTAINERA.SimpleContainerACtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\SIMPLECONTAINERA.SimpleContainerACtrl.1\CLSID@ {4ACD298A-C69A-4FEF-8C17-A3890605A720}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED12CECB-3BBE-70A7-A52B-DBD2FAD35FAC}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED12CECB-3BBE-70A7-A52B-DBD2FAD35FAC}@daggbbll 0x64 0x62 0x6E 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED12CECB-3BBE-70A7-A52B-DBD2FAD35FAC}@iabihgefhkaidpmijm 0x6A 0x61 0x61 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED12CECB-3BBE-70A7-A52B-DBD2FAD35FAC}@hadiddanemllangf 0x6A 0x61 0x61 0x62 ...
---- Files - GMER 1.0.15 ----
File C:\Program Files\Steam\Steam__957__2009_9_16T22_2_17C0.mdmp 51245 bytes
File C:\Users\Tyler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLCUYDDM\darths0084[1].jpg 223254 bytes
File C:\Users\Tyler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WLK6W758\0086[1].htm 4288 bytes
---- EOF - GMER 1.0.15 ----
I received no reboot prompt, if this information helps.
GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-09-18 15:44:22
Windows 6.0.6000
Running: wv96lcns.exe; Driver: C:\Users\Tyler\AppData\Local\Temp\kxliipow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8299F282]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8299F474]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8299EF32]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8299F67C]
INT 0x52 ? 85851BF8
INT 0x62 ? 85851BF8
INT 0x72 ? 84E18BF8
INT 0x82 ? 84E19BF8
INT 0x92 ? 84E19BF8
INT 0xB1 ? 84E17BF8
INT 0xB1 ? 84E17BF8
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 84E201F8
AttachedDevice \FileSystem\Ntfs \Ntfs FLOCKXP.SYS (File Lock Kernel/TopLang Software)
Device \FileSystem\fastfat \FatCdrom 858A51F8
Device \FileSystem\udfs \UdfsCdRom 858A61F8
Device \FileSystem\udfs \UdfsDisk 858A61F8
Device \Driver\volmgr \Device\VolMgrControl 84E1B1F8
Device \Driver\usbohci \Device\USBPDO-0 8586D1F8
Device \Driver\usbehci \Device\USBPDO-1 858621F8
AttachedDevice \Driver\tdx \Device\Tcp bdftdif.sys
Device \Driver\volmgr \Device\HarddiskVolume1 84E1B1F8
Device \Driver\sptd \Device\1429096140 spjy.sys
Device \Driver\volmgr \Device\HarddiskVolume2 84E1B1F8
Device \Driver\cdrom \Device\CdRom0 8589F1F8
Device \Driver\PCI_PNP8132 \Device\00000065 spjy.sys
Device \Driver\cdrom \Device\CdRom1 8589F1F8
Device \Driver\volmgr \Device\HarddiskVolume3 84E1B1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84E1D1F8
Device \Driver\atapi \Device\Ide\IdePort0 84E1D1F8
Device \Driver\atapi \Device\Ide\IdePort1 84E1D1F8
Device \Driver\PCI_PNP8132 \Device\00000066 spjy.sys
Device \Driver\nvstor32 \Device\00000073 84E1F1F8
Device \Driver\volmgr \Device\HarddiskVolume4 84E1B1F8
Device \Driver\cdrom \Device\CdRom2 8589F1F8
Device \Driver\volmgr \Device\HarddiskVolume5 84E1B1F8
Device \Driver\volmgr \Device\HarddiskVolume6 84E1B1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 869021F8
Device \Driver\Smb \Device\NetbiosSmb 868DF1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{19783DA3-8429-49B5-937B-C8F512557C03} 869021F8
Device \Driver\nvstor32 \Device\RaidPort0 84E1F1F8
AttachedDevice \Driver\tdx \Device\Udp bdftdif.sys
Device \Driver\nvstor32 \Device\RaidPort1 84E1F1F8
Device \Driver\iScsiPrt \Device\RaidPort2 858EF500
Device \Driver\usbohci \Device\USBFDO-0 8586D1F8
Device \Driver\USBSTOR \Device\0000007a 868ED1F8
Device \Driver\usbehci \Device\USBFDO-1 858621F8
Device \Driver\USBSTOR \Device\0000007b 868ED1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{33CAC489-8E40-420F-A60B-BC82633FE910} 869021F8
Device \Driver\USBSTOR \Device\0000007c 868ED1F8
Device \Driver\sptd \Device\1428940139 spjy.sys
Device \Driver\USBSTOR \Device\0000007d 868ED1F8
Device \Driver\USBSTOR \Device\0000007e 868ED1F8
Device \Driver\ar17qf3k \Device\Scsi\ar17qf3k1 858CE1F8
Device \Driver\agqjcn3u \Device\Scsi\agqjcn3u1Port7Path0Target0Lun0 858E41F8
Device \Driver\ar17qf3k \Device\Scsi\ar17qf3k1Port6Path0Target0Lun0 858CE1F8
Device \Driver\VOBID \Device\Scsi\VOBID1 84E1E1F8
Device \Driver\agqjcn3u \Device\Scsi\agqjcn3u1 858E41F8
Device \FileSystem\fastfat \Fat 858A51F8
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat FLOCKXP.SYS (File Lock Kernel/TopLang Software)
Device \FileSystem\cdfs \Cdfs 858A81F8
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAF 0xF6 0x1C 0x38 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x75 0x25 0x84 0x90 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x59 0x92 0x1C 0x8E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x29 0x41 0x62 0x81 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x66 0x15 0x65 0x94 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0xA7 0xFC 0x17 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xAF 0xF6 0x1C 0x38 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x75 0x25 0x84 0x90 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x59 0x92 0x1C 0x8E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x29 0x41 0x62 0x81 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x66 0x15 0x65 0x94 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x90 0xA7 0xFC 0x17 ...
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.Axis@ Axis Class
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.Axis\CLSID
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.Axis\CLSID@ {91EA2710-4CC7-48DA-809F-404813CC5A04}
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.Axis\CurVer
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.Axis\CurVer@ BDChartActiveX.Axis.1
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.Axis.1@ Axis Class
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.Axis.1\CLSID
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.Axis.1\CLSID@ {91EA2710-4CC7-48DA-809F-404813CC5A04}
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.BDChartXCtrl@ BDChartXCtrl Class
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.BDChartXCtrl\CLSID
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.BDChartXCtrl\CLSID@ {93495F06-1FA4-4ED6-A07D-854A5B7ADDE5}
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.BDChartXCtrl\CurVer
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.BDChartXCtrl\CurVer@ BDChartActiveX.BDChartXCtrl.1
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.BDChartXCtrl.1@ BDChartXCtrl Class
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.BDChartXCtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\BDChartActiveX.BDChartXCtrl.1\CLSID@ {93495F06-1FA4-4ED6-A07D-854A5B7ADDE5}
Reg HKLM\SOFTWARE\Classes\bdelev.ElevatedHelperClass@ ElevatedHelperClass Class
Reg HKLM\SOFTWARE\Classes\bdelev.ElevatedHelperClass\CLSID
Reg HKLM\SOFTWARE\Classes\bdelev.ElevatedHelperClass\CLSID@ {2D57FEDD-C494-4428-A06F-7F628FAB9BEA}
Reg HKLM\SOFTWARE\Classes\bdelev.ElevatedHelperClass\CurVer
Reg HKLM\SOFTWARE\Classes\bdelev.ElevatedHelperClass\CurVer@ bdelev.ElevatedHelperClass.1
Reg HKLM\SOFTWARE\Classes\bdelev.ElevatedHelperClass.1@ ElevatedHelperClass Class
Reg HKLM\SOFTWARE\Classes\bdelev.ElevatedHelperClass.1\CLSID
Reg HKLM\SOFTWARE\Classes\bdelev.ElevatedHelperClass.1\CLSID@ {2D57FEDD-C494-4428-A06F-7F628FAB9BEA}
Reg HKLM\SOFTWARE\Classes\BDShellExt.BDMenu@ BDMenu Class
Reg HKLM\SOFTWARE\Classes\BDShellExt.BDMenu\CLSID
Reg HKLM\SOFTWARE\Classes\BDShellExt.BDMenu\CLSID@ {D653647D-D607-4df6-A5B8-48D2BA195F7B}
Reg HKLM\SOFTWARE\Classes\BDShellExt.BDMenu\CurVer
Reg HKLM\SOFTWARE\Classes\BDShellExt.BDMenu\CurVer@ BDShellExt.BDMenu.1
Reg HKLM\SOFTWARE\Classes\BDShellExt.BDMenu.1@ BDMenu Class
Reg HKLM\SOFTWARE\Classes\BDShellExt.BDMenu.1\CLSID
Reg HKLM\SOFTWARE\Classes\BDShellExt.BDMenu.1\CLSID@ {D653647D-D607-4df6-A5B8-48D2BA195F7B}
Reg HKLM\SOFTWARE\Classes\BitDefender Toolbar@ BitDefender Toolbar
Reg HKLM\SOFTWARE\Classes\BitDefender Toolbar\CLSID
Reg HKLM\SOFTWARE\Classes\BitDefender Toolbar\CLSID@ {381FFDE8-2394-4F90-B10D-FC6124A40F8C}
Reg HKLM\SOFTWARE\Classes\BitDefender.NetworkPlugin3@ BitDefender.NetworkPlugin3
Reg HKLM\SOFTWARE\Classes\BitDefender.NetworkPlugin3\CLSID
Reg HKLM\SOFTWARE\Classes\BitDefender.NetworkPlugin3\CLSID@ {732FF83B-DFB5-4237-8DB3-F1A3264666EB}
Reg HKLM\SOFTWARE\Classes\BitDefender.RootkitScanner@ BitDefender Rootkit Scanner
Reg HKLM\SOFTWARE\Classes\BitDefender.RootkitScanner\CLSID
Reg HKLM\SOFTWARE\Classes\BitDefender.RootkitScanner\CLSID@ {E5AFF088-92F8-41a9-8CAB-E9CDCCE967AC}
Reg HKLM\SOFTWARE\Classes\BitDefender.RootkitScanner\CurVer
Reg HKLM\SOFTWARE\Classes\BitDefender.RootkitScanner\CurVer@ BitDefender.RootkitScanner.1
Reg HKLM\SOFTWARE\Classes\BitDefender.RootkitScanner.1@ BitDefender Rootkit Scanner
Reg HKLM\SOFTWARE\Classes\BitDefender.RootkitScanner.1\CLSID
Reg HKLM\SOFTWARE\Classes\BitDefender.RootkitScanner.1\CLSID@ {E5AFF088-92F8-41a9-8CAB-E9CDCCE967AC}
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenter@ BitDefender Security Center
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenter\CLSID
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenter\CLSID@ {825AFB87-B613-4383-80B1-F22B419513ED}
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenter\CurVer
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenter\CurVer@ BitDefender.SecurityCenter.1
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenter.1@ BitDefender Security Center
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenter.1\CLSID
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenter.1\CLSID@ {825AFB87-B613-4383-80B1-F22B419513ED}
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenterSecurityPlugin@ BitDefender Security Center Security Plugin
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenterSecurityPlugin\CLSID
Reg HKLM\SOFTWARE\Classes\BitDefender.SecurityCenterSecurityPlugin\CLSID@ {322069D4-50F6-42f2-AD29-24666F9F2B88}
Reg HKLM\SOFTWARE\Classes\BitDefender.ThreatScanner@ BitDefender Threat Scanner
Reg HKLM\SOFTWARE\Classes\BitDefender.ThreatScanner\CLSID
Reg HKLM\SOFTWARE\Classes\BitDefender.ThreatScanner\CLSID@ {6DFC0DC7-FDC5-44C2-8B80-5977BA8F8ACC}
Reg HKLM\SOFTWARE\Classes\BitDefender.ThreatScanner\CurVer
Reg HKLM\SOFTWARE\Classes\BitDefender.ThreatScanner\CurVer@ BitDefender.ThreatScanner.1
Reg HKLM\SOFTWARE\Classes\BitDefender.ThreatScanner.1@ BitDefender Threat Scanner
Reg HKLM\SOFTWARE\Classes\BitDefender.ThreatScanner.1\CLSID
Reg HKLM\SOFTWARE\Classes\BitDefender.ThreatScanner.1\CLSID@ {6DFC0DC7-FDC5-44C2-8B80-5977BA8F8ACC}
Reg HKLM\SOFTWARE\Classes\BitDefender.UIThreatScanner@ BitDefender.UIThreatScanner
Reg HKLM\SOFTWARE\Classes\BitDefender.UIThreatScanner\CLSID
Reg HKLM\SOFTWARE\Classes\BitDefender.UIThreatScanner\CLSID@ {DAD72320-0CEB-4B96-8AF0-89ED2C7A711A}
Reg HKLM\SOFTWARE\Classes\SIMPLECONTAINERA.SimpleContainerACtrl.1@ SimpleContainerActiveX Control
Reg HKLM\SOFTWARE\Classes\SIMPLECONTAINERA.SimpleContainerACtrl.1\CLSID
Reg HKLM\SOFTWARE\Classes\SIMPLECONTAINERA.SimpleContainerACtrl.1\CLSID@ {4ACD298A-C69A-4FEF-8C17-A3890605A720}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED12CECB-3BBE-70A7-A52B-DBD2FAD35FAC}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED12CECB-3BBE-70A7-A52B-DBD2FAD35FAC}@daggbbll 0x64 0x62 0x6E 0x69 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED12CECB-3BBE-70A7-A52B-DBD2FAD35FAC}@iabihgefhkaidpmijm 0x6A 0x61 0x61 0x62 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED12CECB-3BBE-70A7-A52B-DBD2FAD35FAC}@hadiddanemllangf 0x6A 0x61 0x61 0x62 ...
---- Files - GMER 1.0.15 ----
File C:\Program Files\Steam\Steam__957__2009_9_16T22_2_17C0.mdmp 51245 bytes
File C:\Users\Tyler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BLCUYDDM\darths0084[1].jpg 223254 bytes
File C:\Users\Tyler\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WLK6W758\0086[1].htm 4288 bytes
---- EOF - GMER 1.0.15 ----
I received no reboot prompt, if this information helps.
#13
Posted 19 September 2009 - 04:43 AM
-
- Experts
-
- 353 posts
True Member
- Gender:Male
- Location:pugent sound
Gmer log looks ok
List the current problems
Quote the exact error message you see when using add/remove program features
You are in an administrators account when using it ?
Run combofix again let it update and post its log along with this text
C:\Qoobox\Add-Remove Programs.txt
List the current problems
Quote the exact error message you see when using add/remove program features
You are in an administrators account when using it ?
Run combofix again let it update and post its log along with this text
C:\Qoobox\Add-Remove Programs.txt
#14
Posted 19 September 2009 - 05:35 AM
-
- Members
-
- 16 posts
New Member
LonnyRJ, on Sep 19 2009, 12:43 AM, said:
Gmer log looks ok
List the current problems
Quote the exact error message you see when using add/remove program features
You are in an administrators account when using it ?
Run combofix again let it update and post its log along with this text
C:\Qoobox\Add-Remove Programs.txt
List the current problems
Quote the exact error message you see when using add/remove program features
You are in an administrators account when using it ?
Run combofix again let it update and post its log along with this text
C:\Qoobox\Add-Remove Programs.txt
The problems remain the same. Access is denied errors when trying to access any programs or files. All programs I can run (namely IE and explorer) simply stop responding after a minute or two.
Yes I am logged in as an administator, an image of the error message is attached, as well as the combofix log and the add-remove Programs.txt.
Attached Files
-
Add_Remove_Programs.txt 6.77K
82 downloads
-
log.txt 70.45K
43 downloads
-
error1.jpg 11.55K
5 downloads
#15
Posted 19 September 2009 - 07:26 AM
-
- Experts
-
- 353 posts
True Member
- Gender:Male
- Location:pugent sound
Have you tried this fixit tool by microsoft yet ?
If not please do so
http://support.microsoft.com/kb/313222
restart your PC after wards
Did that help ?
If not please do so
http://support.microsoft.com/kb/313222
restart your PC after wards
Did that help ?
#16
Posted 20 September 2009 - 03:04 PM
-
- Members
-
- 16 posts
New Member
I cannot run that from safe mode.
Attached Files
-
error2.jpg 13.93K
5 downloads
#17
Posted 20 September 2009 - 04:55 PM
-
- Experts
-
- 353 posts
True Member
- Gender:Male
- Location:pugent sound
Can you manage to run it in normal mode ?
If not there are manual commands you can use at that MS KB link i posted under "let me fix it myself"
If not there are manual commands you can use at that MS KB link i posted under "let me fix it myself"
#18
Posted 20 September 2009 - 06:50 PM
-
- Members
-
- 16 posts
New Member
I cannot run anything in normal mode, as I said, access is denied to all files.
I cannot find this post or thread you are referencing, could you post a link?
I cannot find this post or thread you are referencing, could you post a link?
#19
Posted 20 September 2009 - 07:00 PM
-
- Experts
-
- 353 posts
True Member
- Gender:Male
- Location:pugent sound
http://support.microsoft.com/kb/313222
In this area "let me fix it myself"
If you need help fallowing those instructions mention it.
In this area "let me fix it myself"
If you need help fallowing those instructions mention it.
#20
Posted 20 September 2009 - 07:09 PM
-
- Members
-
- 16 posts
New Member
An error seems to have occurred...
If you need the log, please tell me how to retrieve it, as I have no idea how to.
If you need the log, please tell me how to retrieve it, as I have no idea how to.
Attached Files
-
error3.jpg 31.22K
5 downloads
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
