Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with /win32.Olmarik Trojan


  • This topic is locked This topic is locked
2 replies to this topic

#1 CooLa

CooLa

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgrade
  • Local time:10:35 PM

Posted 05 December 2010 - 09:04 PM

Hi. It seems I have picked up a nasty trojan (rootkit)... W32.Olmarik trojan.

NOD32 v4 can't clean it :(... Tried MABM, Spybot, they can't even find it.... I am attaching GMER and Combofix logs...

Also, an error pops up telling me my Recycle bin has been corrupted!

Thanx in advance!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:07:14, on 6.12.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
H:\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [object dock] C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SJelite3Launch] C:\Users\Tosha\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\acaptuser32.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Acronis OS Selector activator (OS Selector) - Unknown owner - C:\Program Files\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6455 bytes

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-06 02:47:56
Windows 6.1.7600  Harddisk0\DR0 -> \Device\Ide\IdePort0 TOSHIBA_MK1637GSX rev.DL050J
Running: 0pi38614.exe; Driver: C:\Users\Tosha\AppData\Local\Temp\awloyaow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                                                                                                          82E46599 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                   82E6AF52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
?               System32\Drivers\sppk.sys                                                                                                                                The system cannot find the path specified. !
.rsrc           C:\Windows\system32\DRIVERS\atapi.sys                                                                                                                    entry point in ".rsrc" section [0x8909E024]
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                                                                 section is writeable [0x8EC18000, 0x2D5378, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                                                                    8F228CA0 5 Bytes  JMP 865121D8 
.text           adndcirk.SYS                                                                                                                                             8F32B000 12 Bytes  [44, 88, 21, 83, EE, 86, 21, ...] {INC ESP; MOV [ECX], AH; SUB ESI, -0x7a; AND [EBX-0x7cde9860], EAX}
.text           adndcirk.SYS                                                                                                                                             8F32B00D 9 Bytes  [67, 21, 83, 48, 8B, 21, 83, ...]
.text           adndcirk.SYS                                                                                                                                             8F32B017 170 Bytes  [00, DE, 37, B1, 83, E6, 35, ...]
.text           adndcirk.SYS                                                                                                                                             8F32B0C3 8 Bytes  [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text           adndcirk.SYS                                                                                                                                             8F32B0CE 4 Bytes  [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text           ...                                                                                                                                                      
.text           avylh73e.SYS                                                                                                                                             8F362000 12 Bytes  [44, 88, 21, 83, EE, 86, 21, ...] {INC ESP; MOV [ECX], AH; SUB ESI, -0x7a; AND [EBX-0x7cde9860], EAX}
.text           avylh73e.SYS                                                                                                                                             8F36200D 9 Bytes  [67, 21, 83, 48, 8B, 21, 83, ...]
.text           avylh73e.SYS                                                                                                                                             8F362017 170 Bytes  [00, DE, 37, B1, 83, E6, 35, ...]
.text           avylh73e.SYS                                                                                                                                             8F3620C3 8 Bytes  [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text           avylh73e.SYS                                                                                                                                             8F3620CE 4 Bytes  [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text           ...                                                                                                                                                      
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                                                                                      9C6B2000 290 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                                                                                      9C6B2123 456 Bytes  [D5, 6A, 9C, FE, 05, 34, D5, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 527C                                                                                                                      9C6B22EC 29 Bytes  CALL 9C6D2D3F \SystemRoot\system32\drivers\spsys.sys (security processor/Microsoft Corporation)
PAGE            spsys.sys!?SPRevision@@3PADA + 529A                                                                                                                      9C6B230A 142 Bytes  [6A, 9C, 3B, 08, 77, 04, 3B, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                                                                                      9C6B2399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            ...                                                                                                                                                      

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1720] kernel32.dll!SetUnhandledExceptionFilter                                                       769F3162 4 Bytes  [C2, 04, 00, 00]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                                                 [83A17042] \SystemRoot\System32\Drivers\sppk.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                                                [83A176D6] \SystemRoot\System32\Drivers\sppk.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                                                         [83A17800] \SystemRoot\System32\Drivers\sppk.sys
IAT             \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                                                          [83A1713E] \SystemRoot\System32\Drivers\sppk.sys
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortNotification]                                                                               000003E3
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortQuerySystemTime]                                                                            8B24568B
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortReadPortUchar]                                                                              50522046
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortStallExecution]                                                                             FFEC9FE8
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortWritePortUchar]                                                                             08C483FF
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortWritePortUlong]                                                                             0874FF85
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                                                         FF53006A
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                                                              08C483D7
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                                                       81107D8B
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortGetParentBusType]                                                                           0003E5FF
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortRequestCallback]                                                                            0F840F00
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                                                      81000001
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                                                       0003E3FF
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortCompleteRequest]                                                                            EC840F00
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortCopyMemory]                                                                                 8B000000
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortEtwTraceLog]                                                                                0001F88E
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                                                                  FC8E0B00
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                                                     0F000001
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                                                       0000DA84
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                                                       ECD8E800
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortInitialize]                                                                                 8E8BFFFF
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortGetDeviceBase]                                                                              000001F8
IAT             \SystemRoot\System32\Drivers\adndcirk.SYS[ataport.SYS!AtaPortDeviceStateChange]                                                                          01E08E01
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortNotification]                                                                               00147880
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortQuerySystemTime]                                                                            78800C75
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortReadPortUchar]                                                                              06750015
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortStallExecution]                                                                             C25DC033
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortWritePortUchar]                                                                             458B0008
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortWritePortUlong]                                                                             6A006A08
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortGetPhysicalAddress]                                                                         50056A24
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong]                                                              005AB7E8
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortGetScatterGatherList]                                                                       0001B800
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortGetParentBusType]                                                                           C25D0000
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortRequestCallback]                                                                            CCCC0008
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortWritePortBufferUshort]                                                                      CCCCCCCC
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortGetUnCachedExtension]                                                                       CCCCCCCC
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortCompleteRequest]                                                                            CCCCCCCC
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortCopyMemory]                                                                                 53EC8B55
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortEtwTraceLog]                                                                                800C5D8B
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests]                                                                  7500117B
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb]                                                                     127B806A
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb]                                                                       80647500
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortReadPortBufferUshort]                                                                       7500137B
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortInitialize]                                                                                 157B805E
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortGetDeviceBase]                                                                              56587500
IAT             \SystemRoot\System32\Drivers\avylh73e.SYS[ataport.SYS!AtaPortDeviceStateChange]                                                                          8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap]                               [6E199832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap]                                     [6E19A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlLockHeap]                                     [6E1994D8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlUnlockHeap]                                   [6E1994E8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap]                                 [6E1992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap]                                     [6E199E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlDestroyHeap]                                  [6E1994B8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlCreateHeap]                                   [6E1994A8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlExitUserProcess]                              [6E19AA9E] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap]                                    [6E1992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap]                                        [6E199E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                                  [75D45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap]                                       [6E19A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap]                                 [6E199832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap]                                   [6E1992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap]                                       [6E199E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                                 [75D45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                                [75D45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap]                                      [6E199E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap]                                     [6E199E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap]                                 [6E1992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap]                               [6E199832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                               [75D45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap]                                       [6E199E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap]                                   [6E1992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap]                                        [6E199E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap]                                    [6E1992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap]                                  [6E199832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap]                                      [6E199E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap]                                  [6E1992CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                                [75D45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2772] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                                [75D45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Users\Tosha\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe[2844] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]              [75D45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Users\Tosha\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe[2844] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                 [75D45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Users\Tosha\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe[2844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                [75D45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Users\Tosha\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe[2844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]               [75D45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Users\Tosha\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe[2844] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]               [75D45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT             C:\Users\Tosha\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe[2844] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]               [75D45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                                   852951F8
Device          \FileSystem\fastfat \FatCdrom                                                                                                                            862EA500
Device          \Driver\NetBT \Device\NetBT_Tcpip_{DFF5B701-75F9-4DCA-B104-3EE59B96922B}                                                                                 8636A1F8
Device          \Driver\volmgr \Device\VolMgrControl                                                                                                                     852911F8
Device          \Driver\usbohci \Device\USBPDO-0                                                                                                                         865131F8
Device          \Driver\usbohci \Device\USBPDO-1                                                                                                                         865131F8
Device          \Driver\PCI_PNP6600 \Device\00000052                                                                                                                     sppk.sys
Device          \Driver\usbohci \Device\USBPDO-2                                                                                                                         865131F8
Device          \Driver\PCI_PNP6600 \Device\00000053                                                                                                                     sppk.sys
Device          \Driver\usbohci \Device\USBPDO-3                                                                                                                         865131F8
Device          \Driver\usbohci \Device\USBPDO-4                                                                                                                         865131F8
Device          \Driver\usbehci \Device\USBPDO-5                                                                                                                         865161F8
Device          \Driver\ACPI_HAL \Device\00000049                                                                                                                        halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\NetBT \Device\NetBT_Tcpip_{291B4DFB-6B42-44E1-8DF7-2515BA2695D2}                                                                                 8636A1F8
Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                                                   852911F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                                                   852911F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom0                                                                                                                             8626F1F8
Device          \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3                                                                                                              852931F8
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                                       852931F8
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                                       852931F8
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                                                       852931F8
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                                                       852931F8
Device          \Driver\volmgr \Device\HarddiskVolume3                                                                                                                   852911F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                   fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \Driver\cdrom \Device\CdRom1                                                                                                                             8626F1F8
Device          \Driver\cdrom \Device\CdRom2                                                                                                                             8626F1F8
Device          \Driver\USBSTOR \Device\00000074                                                                                                                         862CD1F8
Device          \Driver\USBSTOR \Device\00000075                                                                                                                         862CD1F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                                  8636A1F8
Device          \Driver\sptd \Device\3534910601                                                                                                                          sppk.sys
Device          \Driver\sptd \Device\3535066602                                                                                                                          sppk.sys
Device          \Driver\usbohci \Device\USBFDO-0                                                                                                                         865131F8
Device          \Driver\usbohci \Device\USBFDO-1                                                                                                                         865131F8
Device          \Driver\usbohci \Device\USBFDO-2                                                                                                                         865131F8
Device          \Driver\usbohci \Device\USBFDO-3                                                                                                                         865131F8
Device          \Driver\usbohci \Device\USBFDO-4                                                                                                                         865131F8
Device          \Driver\usbehci \Device\USBFDO-5                                                                                                                         865161F8
Device          \Driver\adndcirk \Device\Scsi\adndcirk1                                                                                                                  865911F8
Device          \Driver\avylh73e \Device\Scsi\avylh73e1Port5Path0Target0Lun0                                                                                             8624B1F8
Device          \Driver\adndcirk \Device\Scsi\adndcirk1Port4Path0Target0Lun0                                                                                             865911F8
Device          \Driver\avylh73e \Device\Scsi\avylh73e1                                                                                                                  8624B1F8
Device          \FileSystem\fastfat \Fat                                                                                                                                 862EA500

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device          \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskTOSHIBA_MK1637GSX_______________________DL050J__#5&2a44dda5&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}  device not found

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0019db9b393b                                                                              
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0019db9b393b@0025cfffb3e2                                                                 0x66 0x39 0xB2 0x10 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0019db9b393b@d875333f47b0                                                                 0xC3 0xFC 0x51 0x71 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0019db9b393b@9c1874570b55                                                                 0x0F 0x83 0xFC 0xDF ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0019db9b393b@0025e754665b                                                                 0x67 0x21 0x8A 0xC7 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0019db9b393b@d8543a3dee39                                                                 0x29 0x0D 0xAD 0x58 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                                                       771343423
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                                                       285507792
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                                                       2
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                         
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                      C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                      0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                   0xC1 0x9E 0xCB 0x9F ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                                                                
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                          0xBF 0x87 0xC8 0x29 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                                                         
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                   0x29 0xB7 0xDB 0x26 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                         
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                      C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                      1
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                   0x3D 0xBD 0xAA 0x3B ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                          0xF1 0xD6 0x38 0xBE ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                     0x35 0xA6 0x6B 0xF9 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0019db9b393b (not active ControlSet)                                                          
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0019db9b393b@0025cfffb3e2                                                                     0x66 0x39 0xB2 0x10 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0019db9b393b@d875333f47b0                                                                     0xC3 0xFC 0x51 0x71 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0019db9b393b@9c1874570b55                                                                     0x0F 0x83 0xFC 0xDF ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0019db9b393b@0025e754665b                                                                     0x67 0x21 0x8A 0xC7 ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0019db9b393b@d8543a3dee39                                                                     0x29 0x0D 0xAD 0x58 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                     
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                          C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                          0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                       0xC1 0x9E 0xCB 0x9F ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                                            
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                 0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                              0xBF 0x87 0xC8 0x29 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)                                     
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                       0x29 0xB7 0xDB 0x26 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                     
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                          C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                          1
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                       0x3D 0xBD 0xAA 0x3B ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                            
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                 0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                              0xF1 0xD6 0x38 0xBE ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                         0x35 0xA6 0x6B 0xF9 ...

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                                                    sectors 312581552 (+254): rootkit-like behavior; 

---- Files - GMER 1.0.15 ----

File            C:\Windows\system32\DRIVERS\atapi.sys                                                                                                                    suspicious modification

---- EOF - GMER 1.0.15 ----

ComboFix 10-12-04.02 - Tosha 06.12.2010   2:50.5.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1250.381.1033.18.2047.1259 [GMT 1:00]
Running from: c:\users\Tosha\Desktop\ComboFix.exe
 * Resident AV is active

.

(((((((((((((((((((((((((   Files Created from 2010-11-06 to 2010-12-06  )))))))))))))))))))))))))))))))
.

2010-12-06 01:58 . 2010-12-06 01:58	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-12-05 22:21 . 2010-12-06 01:58	--------	d-----w-	c:\users\Tosha\AppData\Local\temp
2010-12-05 21:57 . 2010-12-05 21:57	--------	d-----w-	c:\users\Tosha\AppData\Roaming\Malwarebytes
2010-12-05 21:57 . 2010-11-29 16:42	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-05 21:57 . 2010-12-05 21:57	--------	d-----w-	c:\programdata\Malwarebytes
2010-12-05 21:57 . 2010-12-05 21:57	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-12-05 21:57 . 2010-11-29 16:42	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-05 21:34 . 2010-12-05 21:53	2560	----a-w-	c:\windows\_MSRSTRT.EXE
2010-12-05 21:30 . 2009-06-04 14:13	58792	------w-	c:\windows\system32\wbload.dll
2010-12-05 21:30 . 2008-04-26 14:14	42672	------w-	c:\windows\system32\wbsys.dll
2010-12-05 21:16 . 2010-12-05 21:16	--------	d-----w-	c:\program files\Devious Codeworks
2010-12-03 09:59 . 2010-12-03 09:59	--------	d-----w-	c:\program files\AnyBizSoft
2010-11-19 15:30 . 2010-11-19 15:33	--------	d-----w-	c:\program files\SmartDraw 2010
2010-11-19 12:34 . 2010-11-19 15:32	--------	d-----w-	c:\users\Tosha\AppData\Roaming\SmartDraw
2010-11-13 20:35 . 2010-11-13 20:35	--------	d-----w-	c:\program files\YouTube Downloader
2010-11-07 20:43 . 2010-11-07 20:43	335872	------w-	c:\program files\Microsoft Games\Pandora's Box\setup.exe
2010-11-07 20:43 . 2010-11-07 20:43	1982464	------w-	c:\program files\Microsoft Games\Pandora's Box\Pandora.exe
2010-11-07 20:43 . 2010-11-07 20:43	177152	------w-	c:\program files\Microsoft Games\Pandora's Box\clokspl.exe
2010-11-07 20:43 . 2010-11-07 20:43	49152	------w-	c:\program files\Microsoft Games\Pandora's Box\STATENU.DLL
2010-11-07 20:43 . 2010-11-07 20:43	12771328	------w-	c:\program files\Microsoft Games\Pandora's Box\SETUPENU.DLL
2010-11-07 20:42 . 2010-11-07 20:42	110592	------w-	c:\program files\Microsoft Games\Pandora's Box\PUZENU.DLL
2010-11-07 20:42 . 2010-11-07 20:42	40960	------w-	c:\program files\Microsoft Games\Pandora's Box\NAMEENU.DLL
2010-11-07 20:42 . 2010-11-07 20:42	81920	------w-	c:\program files\Microsoft Games\Pandora's Box\LANGENU.DLL
2010-11-07 20:42 . 2010-11-07 20:42	6784	------w-	c:\program files\Microsoft Games\Pandora's Box\CLCD16.DLL
2010-11-07 20:42 . 2010-11-07 20:42	32256	------w-	c:\program files\Microsoft Games\Pandora's Box\DRVMGT.DLL
2010-11-07 20:42 . 2010-11-07 20:42	27648	------w-	c:\program files\Microsoft Games\Pandora's Box\CLCD32.DLL
2010-11-07 20:42 . 2010-11-07 20:42	156160	------w-	c:\program files\Microsoft Games\Pandora's Box\DPLAYERX.DLL

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-05 23:10 . 2009-07-13 23:11	21584	----a-w-	c:\windows\system32\drivers\atapi.sys
2010-10-23 17:32 . 2010-10-23 17:32	170080	----a-w-	c:\windows\system32\drivers\snapman.sys
2010-10-20 17:08 . 2010-06-17 01:07	16400	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2010-09-28 18:04 . 2010-09-28 18:04	53248	----a-r-	c:\users\Tosha\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-09-08 04:30 . 2010-10-29 16:41	978432	----a-w-	c:\windows\system32\wininet.dll
2010-09-08 04:28 . 2010-10-29 16:41	44544	----a-w-	c:\windows\system32\licmgr10.dll
2010-09-08 03:22 . 2010-10-29 16:41	386048	----a-w-	c:\windows\system32\html.iec
2010-09-08 02:48 . 2010-10-29 16:41	1638912	----a-w-	c:\windows\system32\mshtml.tlb
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Tosha\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Tosha\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\Tosha\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"SJelite3Launch"="c:\users\Tosha\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe" [2010-06-28 180224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"object dock"="c:\program files\Stardock\ObjectDock\ObjectDock.exe" [2007-04-30 3450608]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-02-14 3165920]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-04-03 38840]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-08-12 2215064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29	64592	----a-w-	c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	PDBoot.exe\0autocheck autochk *

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 ALSysIO;ALSysIO;c:\users\Tosha\AppData\Local\Temp\ALSysIO.sys [x]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-23 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 OS Selector;Acronis OS Selector activator;c:\program files\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-05-25 2139400]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]


--- Other Services/Drivers In Memory ---

*Deregistered* - awloyaow
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
FF - ProfilePath - c:\users\Tosha\AppData\Roaming\Mozilla\Firefox\Profiles\ehglakk5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\users\Tosha\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Minefield\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - c:\users\Tosha\AppData\Roaming\Mozilla\Firefox\Profiles\ehglakk5.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Extension: MidnightFox: {66871bd1-5ba2-4739-b485-2a15f5969bd8} - c:\users\Tosha\AppData\Roaming\Mozilla\Firefox\Profiles\ehglakk5.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
FF - Extension: MidnightFoxy: {dc961bb0-dfb2-11dc-95ff-0800200c9a66} - c:\users\Tosha\AppData\Roaming\Mozilla\Firefox\Profiles\ehglakk5.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}
FF - Extension: Nautipolis for Firefox: {6C4BAFB6-2AC2-4405-A98D-546B55B3AE92} - c:\users\Tosha\AppData\Roaming\Mozilla\Firefox\Profiles\ehglakk5.default\extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
.

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: TOSHIBA_MK1637GSX rev.DL050J -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x860222F6]<< 
_asm { PUSH EBP; MOV EBP, ESP; MOV ECX, [0xffdf0308]; MOV EAX, [EBP+0x8]; SUB ESP, 0x14; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; CMP EAX, [ECX+0x4]; JNZ 0x59; XOR EDI, EDI;  }
1 ntkrnlpa!IofCallDriver[0x82E3F458] -> \Device\Harddisk0\DR0[0x861287C8]
3 CLASSPNP[0x8972F59E] -> ntkrnlpa!IofCallDriver[0x82E3F458] -> [0x86054918]
5 ACPI[0x83B403B2] -> ntkrnlpa!IofCallDriver[0x82E3F458] -> \IdeDeviceP0T0L0-0[0x85F73908]
[0x861F55E8] -> IRP_MJ_CREATE -> 0x860222F6
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0;  }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskTOSHIBA_MK1637GSX_______________________DL050J__#5&2a44dda5&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK 
sectors 312581806 (+255): user != kernel
Warning: possible TDL3 rootkit infection !

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3596)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
c:\users\Tosha\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
Completion time: 2010-12-06  03:02:29
ComboFix-quarantined-files.txt  2010-12-06 02:02
ComboFix2.txt  2010-12-05 23:56
ComboFix3.txt  2010-12-05 23:25
ComboFix4.txt  2010-12-05 22:21

Pre-Run: 19.765.993.472 bytes free
Post-Run: 19.710.590.976 bytes free

- - End Of File - - 727C7AE5AF6E6572807D1A7105A8D95E

Edited by Blade Zephon, 05 December 2010 - 09:36 PM.
Moved to log forum. ~BZ


BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:05:35 PM

Posted 13 December 2010 - 11:19 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:35 PM

Posted 19 December 2010 - 12:22 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users