Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijacked, computer totally out of control


  • This topic is locked This topic is locked
9 replies to this topic

#1 starlightbright61

starlightbright61

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 12 April 2009 - 11:08 AM

My computer has totally gone funny things do not work, I cannot download, or get my antivirus to work, someone has taken my name and sent messages out

I hope I have done this right.

All this started yesterday, but now I have no antivirus, and when I download certain things its says there is an error, It seems to be all sorts of different things going wrong.

Thanks
Starlightbright61

Attached Files



BC AdBot (Login to Remove)

 


#2 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:09:27 AM

Posted 12 April 2009 - 11:10 AM

Hello, starlightbright61

Welcome to the Bleeping Computer Forums. My name is Jat, and I will be helping you with your situation.

If you do not make a reply in 5 days, we will have to close your topic.


You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.



I can't see much in your log. Let's scan for rootkits:

Gmer

Please download gmer.zip and save to your desktop.
  • Extract (unzip) the file to its own folder such as C:\Gmer. (Click here for information on how to do this if not sure.)
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • You may be prompted to scan immediately if GMER detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as gmer.log and copy/paste the contents in your next reply.
  • Exit GMER and re-enable all active protection when done.

Edited by Jat90, 12 April 2009 - 12:36 PM.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#3 starlightbright61

starlightbright61
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 12 April 2009 - 12:26 PM

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-12 18:18:35
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA91887E]
SSDT spdo.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spdo.sys ZwEnumerateValueKey [0xBA6C7030]
SSDT spdo.sys ZwOpenKey [0xBA6A80C0]
SSDT spdo.sys ZwQueryKey [0xBA6C7108]
SSDT spdo.sys ZwQueryValueKey [0xBA6C6F88]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA918C10]

INT 0x62 ? 89D02BF8
INT 0x82 ? 89D02BF8
INT 0x83 ? 89D13BF8
INT 0x84 ? 89AEFBF8
INT 0x94 ? 89AEFBF8
INT 0xA4 ? 89AEFBF8
INT 0xB4 ? 89AEFBF8

---- Kernel code sections - GMER 1.0.15 ----

? szkg.sys The system cannot find the file specified. !
? spdo.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B946B8AC 5 Bytes JMP 89AEF1D8
.text afdh4jjl.SYS B931A386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text afdh4jjl.SYS B931A3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text afdh4jjl.SYS B931A3C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text afdh4jjl.SYS B931A3C9 1 Byte [2E]
.text afdh4jjl.SYS B931A3C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...
.text mrxsmb.sys AF19CA8A 1 Byte [7C]
PAGE srv.sys AE30D98A 1 Byte [7C]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Kontiki\KHost.exe[304] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 02DC5570 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL
.text C:\Program Files\Kontiki\KHost.exe[304] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 02DC5280 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL
.text C:\Program Files\Internet Explorer\iexplore.exe[560] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[560] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A187F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[560] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1800 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[560] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1844 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[560] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A178C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[560] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A17C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[560] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A18BA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[560] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Java\jre6\bin\jusched.exe[2024] ws2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 012A5570 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL
.text C:\Program Files\Java\jre6\bin\jusched.exe[2024] ws2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 012A5280 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL
.text C:\WINDOWS\System32\alg.exe[3032] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00B85570 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL
.text C:\WINDOWS\System32\alg.exe[3032] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00B85280 C:\Program Files\Common Files\iS3\Anti-Spyware\SGPRXY.DLL

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spdo.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spdo.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spdo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spdo.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spdo.sys
IAT \SystemRoot\System32\Drivers\afdh4jjl.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\afdh4jjl.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
IAT \SystemRoot\System32\Drivers\afdh4jjl.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
IAT \SystemRoot\System32\Drivers\afdh4jjl.SYS[HAL.dll!KfRaiseIrql] 8B000000
IAT \SystemRoot\System32\Drivers\afdh4jjl.SYS[HAL.dll!KfLowerIrql] 56C35DE5
IAT \SystemRoot\System32\Drivers\afdh4jjl.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
IAT \SystemRoot\System32\Drivers\afdh4jjl.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
IAT \SystemRoot\System32\Drivers\afdh4jjl.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
IAT \SystemRoot\System32\Drivers\afdh4jjl.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
IAT \SystemRoot\System32\Drivers\afdh4jjl.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
IAT \SystemRoot\System32\Drivers\afdh4jjl.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
IAT \SystemRoot\System32\Drivers\afdh4jjl.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
IAT \SystemRoot\System32\Drivers\afdh4jjl.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
IAT \SystemRoot\System32\Drivers\afdh4jjl.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
IAT \SystemRoot\System32\Drivers\afdh4jjl.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B9048] spdo.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [100233E0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [10022CA0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [10023430] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10023350] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [10023310] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [10023480] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [10023310] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10023350] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [10023480] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [10022CA0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [10023310] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10023350] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [10023480] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [10022030] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [10023480] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [10023310] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10023350] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [10022CA0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [100233E0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10023390] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [10022EF0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetSysColor] [10021FE0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CallWindowProcW] [10022650] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!RegisterClassW] [10022E20] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DefWindowProcW] [10022820] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [10023480] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [10023310] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [10023430] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [10022CA0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteObject] [10022030] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] [10023430] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10023310] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10023350] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10023480] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [10022CA0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [100233E0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10023390] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [10022FF0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [10022790] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [10021FE0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [10022820] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!RegisterClassW] [10022E20] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [10022070] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!FillRect] [10023140] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [100231F0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DrawEdge] [100231A0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [10022EF0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [100222A0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [10022650] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [10022170] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [10022030] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [10023430] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10023390] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [100233E0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10023350] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10022CA0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [10023310] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10023480] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [10022790] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [10022820] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [10021FE0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [10022D50] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [10022E20] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SystemParametersInfoW] [10022EF0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcW] [10022650] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!CallWindowProcA] [100226F0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [10023350] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [10023390] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateThread] [10022CA0] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [10023480] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [10023310] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [10023310] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)
IAT C:\Program Files\HLPSOFT\Memory Optimizer\mem.exe[1108] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [10023480] C:\PROGRA~1\HLPSOFT\Memory Optimizer\Codejock.SkinFramework.Unicode.v12.0.0.ocx (Xtreme SkinFramework ActiveX Control Module/Codejock Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 89D3E1F8

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbohci \Device\USBPDO-0 89AED1F8
Device \Driver\usbohci \Device\USBPDO-1 89AED1F8
Device \Driver\usbohci \Device\USBPDO-2 89AED1F8
Device \Driver\usbehci \Device\USBPDO-3 89AC71F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 89D6E500
Device \Driver\Ftdisk \Device\HarddiskVolume2 89D6E500
Device \Driver\Cdrom \Device\CdRom0 89B011F8
Device \Driver\Cdrom \Device\CdRom1 89B011F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{19131FD8-5CB8-4049-BAED-64DFBBBA7525} 8961F1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8961F1F8
Device \Driver\NetBT \Device\NetbiosSmb 8961F1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{C03017B5-7B77-48D4-94BA-6EAB3E7015F3} 8961F1F8
Device \Driver\PCI_PNP3050 \Device\0000005c spdo.sys

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbohci \Device\USBFDO-0 89AED1F8
Device \Driver\usbohci \Device\USBFDO-1 89AED1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8960A1F8
Device \Driver\usbohci \Device\USBFDO-2 89AED1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{37F7FE93-104C-40EB-815E-D93B73518686} 8961F1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8960A1F8
Device \Driver\szkg5 \Device\MSProcess szkg.sys
Device \Driver\usbehci \Device\USBFDO-3 89AC71F8
Device \Driver\Ftdisk \Device\FtControl 89D6E500
Device \Driver\sptd \Device\2143425550 spdo.sys
Device \Driver\sisraid \Device\Scsi\sisraid1 89D7D1F8
Device \Driver\afdh4jjl \Device\Scsi\afdh4jjl1Port3Path0Target0Lun0 89AA2500
Device \Driver\afdh4jjl \Device\Scsi\afdh4jjl1 89AA2500
Device \FileSystem\Cdfs \Cdfs 899B02C0
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\Program Files\Kontiki\KHost.exe [304] 0x10000000
Library C:\Program (*** hidden *** ) @ C:\Program Files\Kontiki\KHost.exe [304] 0x02DC0000
Library C:\Program (*** hidden *** ) @ C:\Program Files\Kontiki\KHost.exe [304] 0x0F000000
Library C:\Program (*** hidden *** ) @ C:\Program Files\Kontiki\KHost.exe [304] 0x02F50000
Library C:\Program (*** hidden *** ) @ C:\Program Files\Kontiki\KHost.exe [304] 0x02FA0000
Library C:\Program (*** hidden *** ) @ C:\Program Files\Microsoft ActiveSync\wcescomm.exe [352] 0x10000000
Library C:\Program (*** hidden *** ) @ C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [368] 0x03F50000
Library C:\Program (*** hidden *** ) @ C:\Program Files\Google\Gmail Notifier\gnotify.exe [556] 0x10000000
Library C:\Program (*** hidden *** ) @ C:\PROGRA~1\Microsoft ActiveSync\rapimgr.exe [952] 0x10000000
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1164] 0x10000000
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1372] 0x10000000
Library C:\Program (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [1896] 0x10000000
Library C:\Program (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jusched.exe [2024] 0x10000000
Library C:\Program (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jusched.exe [2024] 0x012A0000
Library C:\Program (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jusched.exe [2024] 0x0F000000
Library C:\Program (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jusched.exe [2024] 0x01430000
Library C:\Program (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jusched.exe [2024] 0x01480000
Library C:\Program (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jqs.exe [2408] 0x10000000
Library C:\Program (*** hidden *** ) @ C:\Program Files\Kontiki\KService.exe [2536] 0x10000000
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [3032] 0x10000000
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [3032] 0x00B80000
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [3032] 0x0F000000
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [3032] 0x00D10000
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [3032] 0x00D60000
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [4088] 0x0F000000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7F 0xDB 0xB1 0x8B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDB 0xCA 0xB3 0xD6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x73 0xD2 0xEB 0x12 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7F 0xDB 0xB1 0x8B ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDB 0xCA 0xB3 0xD6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x73 0xD2 0xEB 0x12 ...

---- EOF - GMER 1.0.15 ----

Thanks for your help Jat90

I have followed your instructions and her is the gmer.log.

Thanks
starlightbright61

#4 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:09:27 AM

Posted 12 April 2009 - 12:38 PM

Hello,

Gmer did not find any rootkit(s). Although I see a suspicious driver loaded. Lets run MBAM:

MalwareBytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#5 starlightbright61

starlightbright61
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 12 April 2009 - 01:02 PM

Hi jat90

I have sent the gmer.log, I followed your directions, but I have just received a repeat e-mail, have I done anything wrong, I have a little understanding of computers but not much.

Please can you let me know if I have done it wrong, I turned all things off and turned the internet off then did the gmer.log.

Thanks
starlightbright61

#6 starlightbright61

starlightbright61
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 12 April 2009 - 01:05 PM

Hi

Sorry about this because my e-mail is not working I have to manually load the http address and just panic when I saw the same thing. I look again and the message is there, Its driving me daft. So sorry for the other e-mail, I will follow the new one.

Thanks

#7 starlightbright61

starlightbright61
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 12 April 2009 - 01:18 PM

Hi Jat90

I follwed your instructions, on the quick scan in came up clean, here is the log.

Malwarebytes' Anti-Malware 1.36
Database version: 1970
Windows 5.1.2600 Service Pack 3

12/04/2009 19:13:15
mbam-log-2009-04-12 (19-13-15).txt

Scan type: Quick Scan
Objects scanned: 70956
Time elapsed: 2 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 starlightbright61

starlightbright61
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 12 April 2009 - 02:13 PM

Hi

When I downloaded that malware and run it, I had no problem, so I thought I will try and download a antivirus, I have tried and I saved it to my desktop thinking that might help it run, but every antivirus that I have tried to set up on my pc comes up with file corrupt, do another download, which might solve the problem and I have tried three different antiviruses and they say all the same, so I cannot set a antivirus up on my computer, the one I have set up already says License number could not be verified, usually due to a corrupt installation, but before today it was working fine.

Do you know what can be causing this, if I cannot sort it out, I will have to reinstall the windows xp, and I will lose everything because I have no backup.

Thanks
starlightbright61

#9 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:09:27 AM

Posted 13 April 2009 - 06:08 AM

Hello,

I'm not seeing any problems in your logs. What symptoms are you having?

Lets try an online scan:

ESET Online Scan

Please go to Eset website to perform an online scan. Please use Internet Explorer as it uses ActiveX.
  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Uncheck (untick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, you will find a log in C:\Program Files\esetonlinescanner\log.txt. Please post this log in your next reply.

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#10 Jat90

Jat90

  • Members
  • 1,515 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:09:27 AM

Posted 17 April 2009 - 05:08 AM

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please send me a message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users