I also tried to restore to an earlier date but that did not work either.
Here are the file outputs as outlined in the preparation guide.
Thanks for any help I can get on this!
DDS and GMER log below. Attached is the attach file.
I have run defogger and disabled the CD emulation.
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 19:20:40.10 on Sat 07/17/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1246.496 [GMT -6:00]
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com/
mDefault_Search_URL = hxxp://www.google.com/
mSearch Page = hxxp://www.google.com/
mSearchAssistant = hxxp://www.google.com/
mCustomizeSearch = hxxp://www.google.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [LoadMSvcmm] "c:\program files\blockbuster\blockbustermovielink\Movielink User.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-28 102448]
R3 Mach3;Mach3 Pulseing Service;c:\windows\system32\drivers\Mach3.sys [2007-10-11 106176]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100714.002\naveng.sys [2010-7-14 85424]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100714.002\navex15.sys [2010-7-14 1362608]
S2 Seagate Sync Service;Seagate Sync Service;"c:\program files\seagate\sync\seasyncservices.exe" --> c:\program files\seagate\sync\SeaSyncServices.exe [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10910.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10910.sys [?]
S3 EraserUtilDrvI9;EraserUtilDrvI9;\??\c:\program files\common files\symantec shared\eengine\eraserutildrvi9.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrvI9.sys [?]
S3 GT680xNT;Visioneer OneTouch 7300 Driver;c:\windows\system32\drivers\Gt680x.sys [2007-9-16 17376]
S3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2010-1-24 76416]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2010-1-31 7548]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2010-6-26 57856]
=============== Created Last 30 ================
2010-07-18 01:17:47 0 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-07-17 20:08:07 0 d-----w- c:\program files\Wise Registry Cleaner 3
2010-07-17 18:25:25 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-07-17 18:25:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-17 18:25:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-17 18:25:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-17 18:25:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-17 17:30:48 0 d-----w- c:\program files\Trend Micro
2010-07-14 23:44:59 38480 ------w- c:\windows\system32\IJRMF.exe
2010-07-14 23:25:22 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-14 23:24:20 0 d-----w- c:\program files\NCH Swift Sound
2010-07-14 23:24:19 0 d-----w- c:\program files\Softonic-Eng7
2010-07-14 23:24:12 0 d-----w- c:\program files\Conduit
2010-07-12 01:59:24 120 ----a-w- c:\windows\Bxisuwaq.dat
2010-07-12 01:59:24 0 ----a-w- c:\windows\Hzixanejobecebep.bin
2010-06-27 01:57:11 0 d-----w- c:\docume~1\owner\applic~1\PureEdge
2010-06-27 01:56:07 0 d-----w- c:\program files\IBM
2010-06-27 01:56:07 0 d-----w- c:\docume~1\alluse~1\applic~1\PureEdge
2010-06-27 01:32:01 68224 ----a-w- c:\temp\S3XXx64.sys
2010-06-27 01:32:01 57856 ----a-w- c:\windows\system32\drivers\SCR3XX2K.sys
2010-06-27 01:32:01 57856 ----a-w- c:\temp\SCR3XX2K.sys
2010-06-27 01:29:06 7680 ----a-r- c:\temp\STCFUx32.sys
2010-06-27 01:29:06 45056 ----a-w- c:\temp\Sx33XRES.dll
2010-06-27 01:29:06 32768 ----a-w- c:\temp\SCR3310S_V526.bin
2010-06-27 01:29:06 245760 ----a-w- c:\temp\FwUpdate.exe
2010-06-27 01:29:06 155648 ----a-w- c:\temp\FIOSx33x.dll
2010-06-27 01:29:06 106496 ----a-w- c:\temp\FwResorc.dll
2010-06-27 01:29:06 10240 ----a-r- c:\temp\STCFUx64.sys
2010-06-25 22:19:51 0 d-----w- c:\program files\EA Games
2010-06-21 00:46:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Movielink
2010-06-21 00:45:53 0 d-----w- c:\program files\Blockbuster
==================== Find3M ====================
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20:32 17408 ------w- c:\windows\system32\corpol.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-02-11 03:19:49 150 -c--a-w- c:\program files\MacHbkVersionsInfo.txt
2008-08-29 00:58:00 117901 -c--a-w- c:\program files\jerry182985.bbcd
2003-08-29 19:12:00 61440 -c--a-w- c:\windows\inf\i386\Viz7300.dll
2003-08-29 19:12:00 17376 -c--a-w- c:\windows\inf\i386\Gt680x.sys
2009-02-13 03:11:00 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009021220090213\index.dat
============= FINISH: 19:22:37.02 ===============
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-18 10:14:52
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxtdapow.sys
---- System - GMER 1.0.15 ----
SSDT 89C7E0E8 ZwAlertResumeThread
SSDT 89C7E0B0 ZwAlertThread
SSDT 89DC2758 ZwAllocateVirtualMemory
SSDT 89D58EF0 ZwConnectPort
SSDT 89C7FB08 ZwCreateMutant
SSDT 89D50E88 ZwCreateThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA5721350]
SSDT 89C74858 ZwFreeVirtualMemory
SSDT 89C7FA30 ZwImpersonateAnonymousToken
SSDT 89C7E490 ZwImpersonateThread
SSDT 89C87490 ZwMapViewOfSection
SSDT 89C840A0 ZwOpenEvent
SSDT 89C749E0 ZwOpenProcessToken
SSDT 89C7D5F0 ZwOpenThreadToken
SSDT 89CB96F0 ZwQueryValueKey
SSDT 89C79E48 ZwResumeThread
SSDT 89C7D768 ZwSetContextThread
SSDT 89C74560 ZwSetInformationProcess
SSDT 89C7D8E0 ZwSetInformationThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA5721580]
SSDT 89C85268 ZwSuspendProcess
SSDT 89C7DBD0 ZwSuspendThread
SSDT 89C750C0 ZwTerminateProcess
SSDT 89C7DA58 ZwTerminateThread
SSDT 89C746E8 ZwUnmapViewOfSection
SSDT 89D930A8 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 239C 80501BD4 8 Bytes CALL 30D9E3B9
.text ntkrnlpa.exe!ZwCallbackReturn + 2798 80501FD0 4 Bytes CALL 3CD9E71B
.rsrc C:\WINDOWS\system32\drivers\pcmcia.sys entry point in ".rsrc" section [0xB9F65614]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\system32\svchost.exe[1304] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\system32\svchost.exe[1304] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0069000A
.text C:\WINDOWS\system32\svchost.exe[1304] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E3000A
.text C:\WINDOWS\Explorer.EXE[1440] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1440] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[1440] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A3000C
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E35203E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351FBF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E352003 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351F4B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351F85 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352079 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20176A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3408] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E35223B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device -> \Driver\atapi \Device\Harddisk0\DR0 89EC3EC5
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90403E1900063D11C8EF10054038389C\Usage@OutlookMAPI2 1022428673
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90403E1900063D11C8EF10054038389C\Usage@OUTLOOKFiles 1022432902
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90403E1900063D11C8EF10054038389C\Usage@ProductFiles 1022428742
Reg HKLM\SOFTWARE\Classes\CLSID\{0F0E99F5-154F-CD2E-C8DA-C9C7F4E6DEA7}\InProcServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{0F0E99F5-154F-CD2E-C8DA-C9C7F4E6DEA7}\InProcServer32@iajcpchpnknpcbbckm 0x61 0x61 0x00 0x00
Reg HKLM\SOFTWARE\Classes\CLSID\{0F0E99F5-154F-CD2E-C8DA-C9C7F4E6DEA7}\InProcServer32@iajcpchpnkhjefjogg 0x61 0x61 0x00 0x00
Reg HKLM\SOFTWARE\Classes\CLSID\{0F0E99F5-154F-CD2E-C8DA-C9C7F4E6DEA7}\InProcServer32@jajcdoemcbhebjkheaai 0x6A 0x61 0x65 0x70 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{0F0E99F5-154F-CD2E-C8DA-C9C7F4E6DEA7}\InProcServer32@iajcnngkmknlcfgcmi 0x6A 0x61 0x65 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F0E99F5-154F-CD2E-C8DA-C9C7F4E6DEA7}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F0E99F5-154F-CD2E-C8DA-C9C7F4E6DEA7}@hahdipfebddjdbbc 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F0E99F5-154F-CD2E-C8DA-C9C7F4E6DEA7}@hahdipfepbffdjjg 0x61 0x61 0x00 0x00
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F0E99F5-154F-CD2E-C8DA-C9C7F4E6DEA7}@iadkkgpfboonmfaipp 0x6A 0x61 0x65 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0F0E99F5-154F-CD2E-C8DA-C9C7F4E6DEA7}@hancmfenibegkffp 0x6A 0x61 0x65 0x70 ...
---- Files - GMER 1.0.15 ----
File C:\WINDOWS\system32\drivers\pcmcia.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification
---- EOF - GMER 1.0.15 ----