Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I seem to have a rootkit


  • This topic is locked This topic is locked
2 replies to this topic

#1 cleeezzz

cleeezzz

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 21 January 2011 - 08:54 PM

Hitman Pro 3.5 (Trial) says it has detected a variation of TDL3 rootkit and I've tried removing it for a while now.

Scanners I have tried (and none of them find it):
Malwarebyte's Anti-Malware
ESET (Online + Program)
AVG (Free) + Anti-Root kit scan that comes with it
Prevx (This didn't work on my computer, automatically aborted and crashed on scan)

Also, I get an error along the lines of Generic host for win32 though it might be because of the rootkit

I will post some logs from RootRepeal, GMER, and HiJackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:53:33 PM, on 1/21/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\nvsvc32.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\windows\system32\RUNDLL32.EXE
C:\Program Files\AIM\aim.exe
C:\windows\system32\ctfmon.exe
C:\Documents and Settings\Christopher Tong\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2 .exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Common Files\Java\Java Update\jusched .exe
C:\Program Files\AVG\AVG10\avgtray .exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\PnkBstrA.exe
C:\windows\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\windows\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\wuauclt.exe
C:\windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\Rar$EX00.672\RootRepeal.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=ZUGO&form=ZGAPHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\windows\system32\PxSecure.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\windows\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\windows\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\windows\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [UpdReg] C:\windows\UpdReg.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Aim] "C:\Program Files\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Christopher Tong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C546B07-4296-407C-B89F-8578067DEDEE}: NameServer = 68.87.76.182,68.87.78.134
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 10456 bytes
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time:		2011/01/21 17:43
Program Version:		Version 1.3.5.0
Windows Version:		Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\windows\System32\Drivers\dump_atapi.sys
Address: 0xA61BC000	Size: 98304	File Visible: No	Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\windows\System32\Drivers\dump_WMILIB.SYS
Address: 0xAF18C000	Size: 8192	File Visible: No	Signed: -
Status: -

Name: giveio.sys
Image Path: giveio.sys
Address: 0xB8671000	Size: 1664	File Visible: No	Signed: -
Status: -

Name: PCI_PNP5142
Image Path: \Driver\PCI_PNP5142
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\windows\system32\drivers\rootrepeal.sys
Address: 0xA38D2000	Size: 49152	File Visible: No	Signed: -
Status: -

Name: speedfan.sys
Image Path: speedfan.sys
Address: 0xB85AC000	Size: 5248	File Visible: No	Signed: -
Status: -

Name: spit.sys
Image Path: spit.sys
Address: 0xB7EB4000	Size: 995328	File Visible: No	Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000	Size: 0	File Visible: No	Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\b290421a9041e607.dat:af034939-7e77-434a-8a1b-cf1ba4adab05
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\service[5].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\adlink%2F5132%2F1628984%2F0%2F170%2FAdId%3D1364184%3BBnId%3D1%3Bitime%3D661026994%3Blink%3D;ord=661026994[1].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\%3Bkvvchoiceselect%3Dtrue%3B%3B%3Bkvtakeover%3Dtrue;loc=100;noperf=1;target=_blank;cc=2;sub1=1628984;sub2=1628983;sub3=1628985;sub4=1628987;misc=847384699[1]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\16597-113353-17922-72[1].htm
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\18e1966e4daa6023e7350dd535adde2f[1].jpg
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\1x1[3].gif
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\312070423[2]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\312070423[3]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\;subnid=1;bnid=1;adid=1404884;header=yes;misc=819719789;dn50%25=1[1]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\AdId=1364184;BnId=1;ct=2578651722;st=440;adcid=1;itime=661067734;reqtype=5[1]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\AdId=1404884;BnId=1;ct=2576782410;st=837;adcid=1;itime=661065345;reqtype=5[1]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\adlink%2F5132%2F1628984%2F0%2F170%2FAdId%3D1364184%3BBnId%3D1%3Bitime%3D661067734%3Blink%3D;ord=661067734[1].txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\ads[5]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\ajs[8].php
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\crossdomainCAXWHW4W.xml
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\e%3Bkvvchoiceselect%3Dtrue%3B%3B%3Bkvtakeover%3Dtrue;loc=100;noperf=1;target=_blank;cc=2;sub1=1295331;sub2=1295329;sub3=1295332;sub4=1295328;misc=20956763[1]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\FilmAnnex[1].htm
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\glamadapt_jsrvCAUXMEB7.act
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\glamadapt_jsrv[11].act
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\json[11]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\kim-kardashian-012111-4[1].jpg
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\kim-kardashian-complex-magazine-2[1].jpg
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\log
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\log[11]
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\og
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\statstracker[1].txt
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\v105_IdentityAlerts_v2_mothers_728x90[1].swf
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\visitor[3].jpg
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\017DQ4R9\_default_user_fa_thumb_small[1].gif
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\localservice\local settings\temporary internet files\content.ie5\2ib19hw8\dk[4].js
Status: Size mismatch (API: 2902, Raw: 2370)

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\%3Bkvvchoiceselect%3Dtrue%3B%3B%3Bkvtakeover%3Dtrue;loc=100;noperf=1;target=_blank;cc=2;sub1=1295331;sub2=1295329;sub3=1295332;sub4=1295328;misc=116598472[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\%3Bkvvchoiceselect%3Dtrue%3B%3B%3Bkvtakeover%3Dtrue;loc=100;noperf=1;target=_blank;cc=2;sub1=1295331;sub2=1295329;sub3=1295332;sub4=1295328;misc=923975193[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\%3Bkvvchoiceselect%3Dtrue%3B%3B%3Bkvtakeover%3Dtrue;loc=100;noperf=1;target=_blank;cc=2;sub1=1628984;sub2=1628983;sub3=1628985;sub4=1628987;misc=456720564[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\150913771[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\macaulay-culkin-081810-6[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\magic_tabs[1].css
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\metsol[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\imp[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\imp[2]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\indexCA1HSJVW.gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\indexCA3OL2BK.gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\indexCAXYRE9E.gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\tv2n_instream_as3[1].swf
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\tweet_button[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\twoCA1KIGVM.php
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\twoCA4706IU.php
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\twoCA7BPUJG.php
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\twoCAJ2D8QP.php
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\twoCAMPR1EF.php
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\two[10].php
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\two[11].php
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\two[9].php
Status: Invisible to the Windows API!

Path: c:\documents and settings\localservice\local settings\temporary internet files\content.ie5\2ib19hw8\ads[2]
Status: Size mismatch (API: 3713, Raw: 362)

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\UJVCAF204QXCA3B7D5XCAA66CJYCALA0HANCA1NQ6IBCAJ0GNU2CAZO9LICCAI02J3OCA4GXCOUCAYAXUTWCA3424N8CAT3VJS2CAW17JO5CAFT5ZGHCAL3ASJSCA641D4MCAPJUS5PCARLR9X4CAWZC32L
Status: Invisible to the Windows API!

Path: c:\documents and settings\localservice\local settings\temporary internet files\content.ie5\2ib19hw8\dk[5].js
Status: Size mismatch (API: 2902, Raw: 2412)

Path: c:\documents and settings\localservice\local settings\temporary internet files\content.ie5\2ib19hw8\dk[6].js
Status: Size mismatch (API: 2410, Raw: 2412)

Path: c:\documents and settings\localservice\local settings\temporary internet files\content.ie5\2ib19hw8\dk[8].js
Status: Size mismatch (API: 2372, Raw: 2410)

Path: c:\documents and settings\localservice\local settings\temporary internet files\content.ie5\2ib19hw8\dk[9].js
Status: Size mismatch (API: 2370, Raw: 2410)

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\json[3]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\json[4]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\json[5]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\json[6]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\json[7]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\json[8]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\json[9]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\JS[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\j[1]
Status: Invisible to the Windows API!

Path: c:\documents and settings\localservice\local settings\temporary internet files\content.ie5\2ib19hw8\j[1].ad
Status: Size mismatch (API: 0, Raw: 615)

Path: c:\documents and settings\localservice\local settings\temporary internet files\content.ie5\2ib19hw8\j[2].ad
Status: Size mismatch (API: 417, Raw: 224)

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\j[3].ad
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\j[4].ad
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\ad3_liverail_com[1].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\ad3_liverail_com[2].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\ad3_liverail_com[3].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\ad3_liverail_com[4].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\ad3_liverail_com[5].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\ad3_liverail_com[6].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\ad3_liverail_com[7].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\ad3_liverail_com[8].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\ad3_liverail_com[9].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\content-module[1].css
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\contentview[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\segments[1].json
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\service[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\service[2].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\service[3].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\service[4].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\seyfried-012111-3[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\Sfh7pFyza3AnUfQ6Xn1VqJl9KLFE[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\snare[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\spc[1].php
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\spc[2].php
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\sprites_v4[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\statstracker[1].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\stCA0TVBHG.gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\stCA2Q2Y0C.gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\swfobject[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\sync[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\us_widget[1].txt
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\v9flash[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\victorias-secret-valentine-2011[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\victorias-secret-vd-2011-25[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\wbk4856.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\wbk4BBF.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\wbk4C57.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\webtv_203[1].xml
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\widget-tv[1].css
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\xd_proxy[1].php
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\XX1CAHWC75WCA9X4TFFCASSOB3RCA6OYK6CCAMSW2J5CA6TA6UOCAPYIATMCAKZG4QUCAR46RVICA42NYH9CA3RIBY9CA7H95MJCAOKSVVXCA7GICCCCAXGSHTPCALWZFDVCA9N1WJJCAP9JR6JCAF1M9YP
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\player[1].swf
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\pods[1].css
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\publicapi[1].swf
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\p_23410_128_72[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\p_23492_128_72[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\p_23629_288_162[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\p_24055_288_162[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\2174[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\2405156[1].gif
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\24055[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\24974-9[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\26268-2[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\26269-2[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\26269-2[2].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\26317-15[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\26317-15[2].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\26317-2[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\26317-2[2].js
Status: Invisible to the Windows API!

Path: c:\documents and settings\localservice\local settings\temporary internet files\content.ie5\2ib19hw8\26318-2[1].js
Status: Size mismatch (API: 2414, Raw: 2374)

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\AKYCAWHNAMQCAP8M0X5CAPTAYRXCA4TPA1JCAC5YHPLCAOAIFDGCAH3O41RCASU4EM3CAVZWQW5CA4JT7F7CAKVV0YWCAGJ0HNTCA9CRQHQCA5JSDSUCAJ6CG0XCA9W582GCACCJRU5CAOZ0J80CAY5W2FT
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\drupal[1].js
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\dynamic_preroll_playlist[1].xml
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\dynamic_preroll_playlist[2].xml
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\dynamic_preroll_playlist[3].xml
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\dynamic_preroll_playlist[4].xml
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\dynamic_preroll_playlist[5].xml
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\dynamic_preroll_playlist[6].xml
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\ads[3]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\ads[4]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\ads[5]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\ads[6]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\ads[7]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\ads[8]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\ads[9]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\ADTECH;adid=1364184;bnid=-1;target=_blank;sub1=1404894;misc=660994531;adiframe=y[1]
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\ADTECH;adid=1364184;bnid=-1;target=_blank;sub1=1404898;misc=661025685[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\ADTECH;adid=1418228;bnid=-1;target=_blank;sub1=1418216;misc=660899700;adiframe=y[1]
Status: Invisible to the Windows API!

Path: c:\documents and settings\localservice\local settings\temporary internet files\content.ie5\2ib19hw8\ad[1]
Status: Size mismatch (API: 3152, Raw: 2784)

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\inter_54[1].poll
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\in[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\io[1].com%252Fchannels%252F%253FcId%253D890024%2526utm_source%253D45b897%2526utm_term%253D11274%2526utm_campaign%253D45b897_11308_11274%2526utm_medium%253Dcpc
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\na[1].htm
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\nicki-minaj-012111-12[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\nicki-minaj-breast-signer[1].jpg
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\node[1].css
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\O45CAS2QZTGCAJRMDSNCAGCVCP6CAGKP060CA5J0N63CA8YYGIZCAYJ4TJLCA45G2PFCAV5WSKACA8QPI4ECAMV4ASLCA62949DCAF7M7W5CAN76APDCANF930ICAD2OZ0TCAYWSOIBCAZBF3Z9CAVTGNY0
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\Ch71Zv858xU[1].png
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\2IB19HW8\challenge[1]
Status: Invisible to the Windows API!

Path: c:\documents and settings\localservice\local settings\temporary internet files\content.ie5\2ib19hw8\click[1].here
Status: Size mismatch (API: 6076, Raw: 8302)

Path: C:\DoSSDT
-------------------
#: 017	Function Name: NtAllocateVirtualMemory
Status: Hooked by "C:\windows\System32\drivers\pxrts.sys" at address 0xac1caf60

#: 019	Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x87e2b8a0

#: 041	Function Name: NtCreateKey
Status: Hooked by "spit.sys" at address 0xb7eb50e0

#: 053	Function Name: NtCreateThread
Status: Hooked by "C:\windows\System32\drivers\pxrts.sys" at address 0xac1cab40

#: 057	Function Name: NtDebugActiveProcess
Status: Hooked by "C:\windows\System32\drivers\pxrts.sys" at address 0xac1caf10

#: 063	Function Name: NtDeleteKey
Status: Hooked by "C:\windows\System32\drivers\pxrts.sys" at address 0xac1ca810

#: 065	Function Name: NtDeleteValueKey
Status: Hooked by "C:\windows\System32\drivers\pxrts.sys" at address 0xac1ca8d0

#: 068	Function Name: NtDuplicateObject
Status: Hooked by "C:\windows\System32\drivers\pxrts.sys" at address 0xac1cb180

#: 071	Function Name: NtEnumerateKey
Status: Hooked by "spit.sys" at address 0xb7ecdda4

#: 073	Function Name: NtEnumerateValueKey
Status: Hooked by "spit.sys" at address 0xb7ece132

#: 119	Function Name: NtOpenKey
Status: Hooked by "spit.sys" at address 0xb7eb50c0

#: 122	Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x87e2acb0

#: 125	Function Name: NtOpenSection
Status: Hooked by "C:\windows\System32\drivers\pxrts.sys" at address 0xac1cacd0

#: 128	Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x87e2b0d0

#: 137	Function Name: NtProtectVirtualMemory
Status: Hooked by "C:\windows\System32\drivers\pxrts.sys" at address 0xac1cabe0

#: 160	Function Name: NtQueryKey
Status: Hooked by "spit.sys" at address 0xb7ece20a

#: 177	Function Name: NtQueryValueKey
Status: Hooked by "spit.sys" at address 0xb7ece08a

#: 213	Function Name: NtSetContextThread
Status: Hooked by "C:\windows\System32\drivers\pxrts.sys" at address 0xac1caaa0

#: 247	Function Name: NtSetValueKey
Status: Hooked by "C:\windows\System32\drivers\pxrts.sys" at address 0xac1ca9b0

#: 253	Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x87e2b6d0

#: 254	Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x87e2b4f0

#: 255	Function Name: NtSystemDebugControl
Status: Hooked by "C:\windows\System32\drivers\pxrts.sys" at address 0xac1cae80

#: 257	Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x87e2aee0

#: 258	Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x87e2b310

#: 277	Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xa59c88b0

Stealth Objects
-------------------
Object: Hidden Code [ETHREAD: 0x87edf020]
Process: System	Address: 0x87e29930	Size: 1000

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System	Address: 0x8a3a01f8	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System	Address: 0x892a9420	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System	Address: 0x892a9420	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System	Address: 0x892a9420	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System	Address: 0x892a9420	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x892a9420	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x892a9420	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System	Address: 0x892a9420	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System	Address: 0x892a9420	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x892a9420	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x892a9420	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x892a9420	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x892a9420	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x892a9420	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x892a9420	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x892a9420	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x892a9420	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System	Address: 0x892a9420	Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System	Address: 0x892a9420	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System	Address: 0x8947c1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System	Address: 0x8947c1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System	Address: 0x8947c1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System	Address: 0x8947c1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8947c1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8947c1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8947c1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8947c1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System	Address: 0x8947c1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8947c1f8	Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System	Address: 0x8947c1f8	Size: 121

Object: Hidden Code [Driver: GEAR, IRP_MJ_CREATE]
Process: System	Address: 0x8946d1f8	Size: 121

Object: Hidden Code [Driver: GEAR, IRP_MJ_CLOSE]
Process: System	Address: 0x8946d1f8	Size: 121

Object: Hidden Code [Driver: GEAR, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8946d1f8	Size: 121

Object: Hidden Code [Driver: GEAR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8946d1f8	Size: 121

Object: Hidden Code [Driver: GEAR, IRP_MJ_POWER]
Process: System	Address: 0x8946d1f8	Size: 121

Object: Hidden Code [Driver: GEAR, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8946d1f8	Size: 121

Object: Hidden Code [Driver: GEAR, IRP_MJ_PNP]
Process: System	Address: 0x8946d1f8	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]
Process: System	Address: 0x892e9500	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]
Process: System	Address: 0x892e9500	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]
Process: System	Address: 0x892e9500	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]
Process: System	Address: 0x892e9500	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x892e9500	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x892e9500	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]
Process: System	Address: 0x892e9500	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x892e9500	Size: 121

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]
Process: System	Address: 0x892e9500	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System	Address: 0x8a4131f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System	Address: 0x8a4131f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System	Address: 0x8a4131f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System	Address: 0x8a4131f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a4131f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a4131f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a4131f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a4131f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System	Address: 0x8a4131f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a4131f8	Size: 121

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System	Address: 0x8a4131f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System	Address: 0x894af1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System	Address: 0x894af1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x894af1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x894af1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System	Address: 0x894af1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x894af1f8	Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System	Address: 0x894af1f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System	Address: 0x8a3a31f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System	Address: 0x8a3a31f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System	Address: 0x8a3a31f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x8a3a31f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a3a31f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a3a31f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x8a3a31f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System	Address: 0x8a3a31f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System	Address: 0x8a3a31f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a3a31f8	Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System	Address: 0x8a3a31f8	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System	Address: 0x8904c500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System	Address: 0x8904c500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8904c500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8904c500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System	Address: 0x8904c500	Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System	Address: 0x8904c500	Size: 121

Object: Hidden Code [Driver: mv61xx, IRP_MJ_CREATE]
Process: System	Address: 0x8a4121f8	Size: 121

Object: Hidden Code [Driver: mv61xx, IRP_MJ_CLOSE]
Process: System	Address: 0x8a4121f8	Size: 121

Object: Hidden Code [Driver: mv61xx, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8a4121f8	Size: 121

Object: Hidden Code [Driver: mv61xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8a4121f8	Size: 121

Object: Hidden Code [Driver: mv61xx, IRP_MJ_POWER]
Process: System	Address: 0x8a4121f8	Size: 121

Object: Hidden Code [Driver: mv61xx, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8a4121f8	Size: 121

Object: Hidden Code [Driver: mv61xx, IRP_MJ_PNP]
Process: System	Address: 0x8a4121f8	Size: 121

Object: Hidden Code [Driver: a4aaik4hȅఉ䵃慄歶, IRP_MJ_CREATE]
Process: System	Address: 0x8941c500	Size: 121

Object: Hidden Code [Driver: a4aaik4hȅఉ䵃慄歶, IRP_MJ_CLOSE]
Process: System	Address: 0x8941c500	Size: 121

Object: Hidden Code [Driver: a4aaik4hȅఉ䵃慄歶, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8941c500	Size: 121

Object: Hidden Code [Driver: a4aaik4hȅఉ䵃慄歶, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8941c500	Size: 121

Object: Hidden Code [Driver: a4aaik4hȅఉ䵃慄歶, IRP_MJ_POWER]
Process: System	Address: 0x8941c500	Size: 121

Object: Hidden Code [Driver: a4aaik4hȅఉ䵃慄歶, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8941c500	Size: 121

Object: Hidden Code [Driver: a4aaik4hȅఉ䵃慄歶, IRP_MJ_PNP]
Process: System	Address: 0x8941c500	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System	Address: 0x8949b1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System	Address: 0x8949b1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x8949b1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x8949b1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System	Address: 0x8949b1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x8949b1f8	Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System	Address: 0x8949b1f8	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System	Address: 0x89297500	Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ剒敬矀, IRP_MJ_CREATE]
Process: System	Address: 0x890bf500	Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ剒敬矀, IRP_MJ_CLOSE]
Process: System	Address: 0x890bf500	Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ剒敬矀, IRP_MJ_READ]
Process: System	Address: 0x890bf500	Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ剒敬矀, IRP_MJ_QUERY_INFORMATION]
Process: System	Address: 0x890bf500	Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ剒敬矀, IRP_MJ_SET_INFORMATION]
Process: System	Address: 0x890bf500	Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ剒敬矀, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System	Address: 0x890bf500	Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ剒敬矀, IRP_MJ_DIRECTORY_CONTROL]
Process: System	Address: 0x890bf500	Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ剒敬矀, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System	Address: 0x890bf500	Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ剒敬矀, IRP_MJ_DEVICE_CONTROL]
Process: System	Address: 0x890bf500	Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ剒敬矀, IRP_MJ_SHUTDOWN]
Process: System	Address: 0x890bf500	Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ剒敬矀, IRP_MJ_LOCK_CONTROL]
Process: System	Address: 0x890bf500	Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ剒敬矀, IRP_MJ_CLEANUP]
Process: System	Address: 0x890bf500	Size: 121

Object: Hidden Code [Driver: Cdfs؅ఆ剒敬矀, IRP_MJ_PNP]
Process: System	Address: 0x890bf500	Size: 121

Shadow SSDT
-------------------
#: 383	Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xa59c7c30

#: 414	Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xa59c7b70

#: 416	Function Name: NtUserGetKeyState
Status: Hooked by "C:\windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xa59c7bc0

#: 549	Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\windows\system32\DRIVERS\AVGIDSShim.Sys" at address 0xa59c7ae0

==EOF==
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-21 18:20:09
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 ST3160815AS rev.4.AAB
Running: 0nuhqwpn.exe; Driver: C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\uwtoqpow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                                                                   ZwAllocateVirtualMemory [0xAC1CAF60]
SSDT            87E2B8A0                                                                                                                                                 ZwAssignProcessToJobObject
SSDT            spit.sys                                                                                                                                                 ZwCreateKey [0xB7EB50E0]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                                                                   ZwCreateThread [0xAC1CAB40]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                                                                   ZwDebugActiveProcess [0xAC1CAF10]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                                                                   ZwDeleteKey [0xAC1CA810]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                                                                   ZwDeleteValueKey [0xAC1CA8D0]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                                                                   ZwDuplicateObject [0xAC1CB180]
SSDT            spit.sys                                                                                                                                                 ZwEnumerateKey [0xB7ECDDA4]
SSDT            spit.sys                                                                                                                                                 ZwEnumerateValueKey [0xB7ECE132]
SSDT            spit.sys                                                                                                                                                 ZwOpenKey [0xB7EB50C0]
SSDT            87E2ACB0                                                                                                                                                 ZwOpenProcess
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                                                                   ZwOpenSection [0xAC1CACD0]
SSDT            87E2B0D0                                                                                                                                                 ZwOpenThread
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                                                                   ZwProtectVirtualMemory [0xAC1CABE0]
SSDT            spit.sys                                                                                                                                                 ZwQueryKey [0xB7ECE20A]
SSDT            spit.sys                                                                                                                                                 ZwQueryValueKey [0xB7ECE08A]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                                                                   ZwSetContextThread [0xAC1CAAA0]
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                                                                   ZwSetValueKey [0xAC1CA9B0]
SSDT            87E2B6D0                                                                                                                                                 ZwSuspendProcess
SSDT            87E2B4F0                                                                                                                                                 ZwSuspendThread
SSDT            \SystemRoot\System32\drivers\pxrts.sys (Prevx Realtime Security/Prevx)                                                                                   ZwSystemDebugControl [0xAC1CAE80]
SSDT            87E2AEE0                                                                                                                                                 ZwTerminateProcess
SSDT            87E2B310                                                                                                                                                 ZwTerminateThread
SSDT            \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. )                               ZwWriteVirtualMemory [0xA59C88B0]

INT 0x63        ?                                                                                                                                                        8A3A2BF8
INT 0x63        ?                                                                                                                                                        8A3A2BF8
INT 0x63        ?                                                                                                                                                        8A3A2BF8
INT 0x63        ?                                                                                                                                                        8A3A2BF8
INT 0x63        ?                                                                                                                                                        8A3A1BF8
INT 0x83        ?                                                                                                                                                        8A3A5DD8
INT 0x83        ?                                                                                                                                                        8A3A1BF8
INT 0x83        ?                                                                                                                                                        8A3A5DD8
INT 0x84        ?                                                                                                                                                        8A3A1BF8
INT 0xA4        ?                                                                                                                                                        8A3A1BF8
INT 0xA4        ?                                                                                                                                                        8A3A1BF8
INT 0xA4        ?                                                                                                                                                        8A3A1BF8
INT 0xA4        ?                                                                                                                                                        8A3A1BF8
INT 0xB1        ?                                                                                                                                                        8A3A5DD8
INT 0xB1        ?                                                                                                                                                        8A3A5DD8
INT 0xB4        ?                                                                                                                                                        8A3A1BF8

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 2FD8                                                                                                                     80504874 12 Bytes  [D0, B6, E2, 87, F0, B4, E2, ...]
?               spit.sys                                                                                                                                                 The system cannot find the file specified. !
.text           C:\windows\system32\DRIVERS\nv4_mini.sys                                                                                                                 section is writeable [0xB5911380, 0x566445, 0xE8000020]
.text           USBPORT.SYS!DllUnload                                                                                                                                    B58F18AC 5 Bytes  JMP 8A3A11D8 
.text           aj0arzrz.SYS                                                                                                                                             B57E8384 1 Byte  [20]
.text           aj0arzrz.SYS                                                                                                                                             B57E8384 37 Bytes  [20, 00, 00, 68, 00, 00, 00, ...]
.text           aj0arzrz.SYS                                                                                                                                             B57E83AA 24 Bytes  [00, 00, 20, 00, 00, E0, 00, ...]
.text           aj0arzrz.SYS                                                                                                                                             B57E83C4 3 Bytes  [00, 00, 00]
.text           aj0arzrz.SYS                                                                                                                                             B57E83C9 1 Byte  [00]
.text           ...                                                                                                                                                      
.text           a4aaik4h.SYS                                                                                                                                             B57AF386 35 Bytes  [00, 00, 00, 00, 00, 00, 20, ...]
.text           a4aaik4h.SYS                                                                                                                                             B57AF3AA 24 Bytes  [00, 00, 00, 00, 00, 00, 00, ...]
.text           a4aaik4h.SYS                                                                                                                                             B57AF3C4 3 Bytes  [00, 80, 02]
.text           a4aaik4h.SYS                                                                                                                                             B57AF3C9 1 Byte  [30]
.text           a4aaik4h.SYS                                                                                                                                             B57AF3C9 11 Bytes  [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text           ...                                                                                                                                                      
?               C:\windows\system32\drivers\rootrepeal.sys                                                                                                               The system cannot find the file specified. !
init            C:\windows\system32\drivers\Senfilt.sys                                                                                                                  entry point in "init" section [0x8BF90A00]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Internet Explorer\iexplore.exe[592] USER32.dll!DialogBoxParamW                                                                          7E4247AB 5 Bytes  JMP 01219315 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[592] USER32.dll!CreateWindowExW                                                                          7E42D0A3 5 Bytes  JMP 012F4832 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[592] USER32.dll!DialogBoxIndirectParamW                                                                  7E432072 5 Bytes  JMP 0140E021 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[592] USER32.dll!MessageBoxIndirectA                                                                      7E43A082 5 Bytes  JMP 0140DF51 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[592] USER32.dll!DialogBoxParamA                                                                          7E43B144 5 Bytes  JMP 0140DFBE C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[592] USER32.dll!MessageBoxExW                                                                            7E450838 5 Bytes  JMP 0140DE22 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[592] USER32.dll!MessageBoxExA                                                                            7E45085C 5 Bytes  JMP 0140DE84 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[592] USER32.dll!DialogBoxIndirectParamA                                                                  7E456D7D 5 Bytes  JMP 0140E084 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[592] USER32.dll!MessageBoxIndirectW                                                                      7E4664D5 5 Bytes  JMP 0140DEE6 C:\windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\windows\Explorer.EXE[1960] ntdll.dll!NtProtectVirtualMemory                                                                                           7C90D6EE 5 Bytes  JMP 00FF000A 
.text           C:\windows\Explorer.EXE[1960] ntdll.dll!NtWriteVirtualMemory                                                                                             7C90DFAE 5 Bytes  JMP 0121000A 
.text           C:\windows\Explorer.EXE[1960] ntdll.dll!KiUserExceptionDispatcher                                                                                        7C90E47C 5 Bytes  JMP 00FE000C 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2428] USER32.dll!TrackPopupMenu                                                                    7E46531E 5 Bytes  JMP 10402342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\windows\System32\svchost.exe[4600] ntdll.dll!NtProtectVirtualMemory                                                                                   7C90D6EE 5 Bytes  JMP 006F000A 
.text           C:\windows\System32\svchost.exe[4600] ntdll.dll!NtWriteVirtualMemory                                                                                     7C90DFAE 5 Bytes  JMP 00A9000A 
.text           C:\windows\System32\svchost.exe[4600] ntdll.dll!KiUserExceptionDispatcher                                                                                7C90E47C 5 Bytes  JMP 006E000C 
.text           C:\windows\System32\svchost.exe[4600] USER32.dll!GetCursorPos                                                                                            7E42974E 5 Bytes  JMP 00E5000A 
.text           C:\windows\System32\svchost.exe[4600] ole32.dll!CoCreateInstance                                                                                         774FF1AC 5 Bytes  JMP 00B1000A 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5188] ntdll.dll!NtProtectVirtualMemory                                                                      7C90D6EE 5 Bytes  JMP 0168000A 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5188] ntdll.dll!NtWriteVirtualMemory                                                                        7C90DFAE 5 Bytes  JMP 0172000A 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5188] ntdll.dll!KiUserExceptionDispatcher                                                                   7C90E47C 5 Bytes  JMP 0167000C 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[5188] ntdll.dll!LdrLoadDll                                                                                  7C9163C3 5 Bytes  JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[5928] kernel32.dll!SetUnhandledExceptionFilter                                                       7C84495D 4 Bytes  [C2, 04, 00, 00]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             atapi.sys[HAL.dll!READ_PORT_UCHAR]                                                                                                                       [B7EB6042] spit.sys
IAT             atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                                                               [B7EB613E] spit.sys
IAT             atapi.sys[HAL.dll!READ_PORT_USHORT]                                                                                                                      [B7EB60C0] spit.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                                                              [B7EB6800] spit.sys
IAT             atapi.sys[HAL.dll!WRITE_PORT_UCHAR]                                                                                                                      [B7EB66D6] spit.sys
IAT             \SystemRoot\System32\Drivers\aj0arzrz.SYS[HAL.dll!KfAcquireSpinLock]                                                                                     000000AD
IAT             \SystemRoot\System32\Drivers\aj0arzrz.SYS[HAL.dll!READ_PORT_UCHAR]                                                                                       000000D4
IAT             \SystemRoot\System32\Drivers\aj0arzrz.SYS[HAL.dll!KeGetCurrentIrql]                                                                                      000000A2
IAT             \SystemRoot\System32\Drivers\aj0arzrz.SYS[HAL.dll!KfRaiseIrql]                                                                                           000000AF
IAT             \SystemRoot\System32\Drivers\aj0arzrz.SYS[HAL.dll!KfLowerIrql]                                                                                           0000009C
IAT             \SystemRoot\System32\Drivers\aj0arzrz.SYS[HAL.dll!HalGetInterruptVector]                                                                                 000000A4
IAT             \SystemRoot\System32\Drivers\aj0arzrz.SYS[HAL.dll!HalTranslateBusAddress]                                                                                00000072
IAT             \SystemRoot\System32\Drivers\aj0arzrz.SYS[HAL.dll!KeStallExecutionProcessor]                                                                             000000C0
IAT             \SystemRoot\System32\Drivers\aj0arzrz.SYS[HAL.dll!KfReleaseSpinLock]                                                                                     000000B7
IAT             \SystemRoot\System32\Drivers\aj0arzrz.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                               000000FD
IAT             \SystemRoot\System32\Drivers\aj0arzrz.SYS[HAL.dll!READ_PORT_USHORT]                                                                                      00000093
IAT             \SystemRoot\System32\Drivers\aj0arzrz.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                              00000026
IAT             \SystemRoot\System32\Drivers\aj0arzrz.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                                                      00000036
IAT             \SystemRoot\System32\Drivers\aj0arzrz.SYS[WMILIB.SYS!WmiSystemControl]                                                                                   000000F7
IAT             \SystemRoot\System32\Drivers\aj0arzrz.SYS[WMILIB.SYS!WmiCompleteRequest]                                                                                 000000CC
IAT             \SystemRoot\System32\Drivers\a4aaik4h.SYS[HAL.dll!KfAcquireSpinLock]                                                                                     18C4830E
IAT             \SystemRoot\System32\Drivers\a4aaik4h.SYS[HAL.dll!READ_PORT_UCHAR]                                                                                       1C959E88
IAT             \SystemRoot\System32\Drivers\a4aaik4h.SYS[HAL.dll!KeGetCurrentIrql]                                                                                      9E880000
IAT             \SystemRoot\System32\Drivers\a4aaik4h.SYS[HAL.dll!KfRaiseIrql]                                                                                           00001CB1
IAT             \SystemRoot\System32\Drivers\a4aaik4h.SYS[HAL.dll!KfLowerIrql]                                                                                           0E798366
IAT             \SystemRoot\System32\Drivers\a4aaik4h.SYS[HAL.dll!HalGetInterruptVector]                                                                                 74AAB000
IAT             \SystemRoot\System32\Drivers\a4aaik4h.SYS[HAL.dll!HalTranslateBusAddress]                                                                                8986C636
IAT             \SystemRoot\System32\Drivers\a4aaik4h.SYS[HAL.dll!KeStallExecutionProcessor]                                                                             1A00001C
IAT             \SystemRoot\System32\Drivers\a4aaik4h.SYS[HAL.dll!KfReleaseSpinLock]                                                                                     1C8B86C6
IAT             \SystemRoot\System32\Drivers\a4aaik4h.SYS[HAL.dll!READ_PORT_BUFFER_USHORT]                                                                               C6020000
IAT             \SystemRoot\System32\Drivers\a4aaik4h.SYS[HAL.dll!READ_PORT_USHORT]                                                                                      001C9686
IAT             \SystemRoot\System32\Drivers\a4aaik4h.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT]                                                                              86C60200
IAT             \SystemRoot\System32\Drivers\a4aaik4h.SYS[HAL.dll!WRITE_PORT_UCHAR]                                                                                      00001CB2
IAT             \SystemRoot\System32\Drivers\a4aaik4h.SYS[WMILIB.SYS!WmiSystemControl]                                                                                   8800001C
IAT             \SystemRoot\System32\Drivers\a4aaik4h.SYS[WMILIB.SYS!WmiCompleteRequest]                                                                                 001CB99E

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                                                        [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                                                          [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                           [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                                                          [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                            [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                                                         [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                                                           [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                                                           [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW]                                                      [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                         [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW]                                                        [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA]                                                        [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA]                                                          [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW]                                                          [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                           [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                          [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA]                                                         [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW]                                                         [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                                                           [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                                                           [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]                                                         [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA]                                                         [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                            [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                           [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                                                          [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA]                                                          [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                           [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                          [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA]                                                         [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                          [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]                                                       [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                                                       [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                                                         [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                                                         [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW]                                                         [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                          [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW]                                                       [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA]                                                         [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]                                          [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                                         [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                                                         [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]                                                       [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT             C:\Program Files\AIM\aim.exe[1764] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA]                                                       [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                                   8A3A01F8

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                                   AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                                   eamon.sys (Amon monitor/ESET)

Device          \FileSystem\Fastfat \FatCdrom                                                                                                                            892A9420

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                                 avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device          \Driver\usbuhci \Device\USBPDO-0                                                                                                                         894AF1F8
Device          \Driver\dmio \Device\DmControl\DmIoDaemon                                                                                                                8A4131F8
Device          \Driver\dmio \Device\DmControl\DmConfig                                                                                                                  8A4131F8
Device          \Driver\dmio \Device\DmControl\DmPnP                                                                                                                     8A4131F8
Device          \Driver\dmio \Device\DmControl\DmInfo                                                                                                                    8A4131F8
Device          \Driver\usbuhci \Device\USBPDO-1                                                                                                                         894AF1F8
Device          \Driver\usbuhci \Device\USBPDO-2                                                                                                                         894AF1F8
Device          \Driver\usbehci \Device\USBPDO-3                                                                                                                         8949B1F8
Device          \Driver\usbuhci \Device\USBPDO-4                                                                                                                         894AF1F8

AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                pxrts.sys (Prevx Realtime Security/Prevx)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device          \Driver\usbuhci \Device\USBPDO-5                                                                                                                         894AF1F8
Device          \Driver\PCI_PNP5142 \Device\00000056                                                                                                                     spit.sys
Device          \Driver\sptd \Device\3623445142                                                                                                                          spit.sys
Device          \Driver\usbuhci \Device\USBPDO-6                                                                                                                         894AF1F8
Device          \Driver\PCI_PNP5142 \Device\00000057                                                                                                                     spit.sys
Device          \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                                   8A3A31F8
Device          \Driver\usbehci \Device\USBPDO-7                                                                                                                         8949B1F8
Device          \Driver\Cdrom \Device\CdRom0                                                                                                                             8947C1F8
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0                                                                                                      895E339B
Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                                       [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1                                                                                                      895E339B
Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                                       [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2                                                                                                      895E339B
Device          \Driver\atapi \Device\Ide\IdePort2                                                                                                                       [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3                                                                                                      895E339B
Device          \Driver\atapi \Device\Ide\IdePort3                                                                                                                       [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e                                                                                             895E339B
Device          \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e                                                                                                              [B7E09B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device          \Driver\sptd \Device\3623601392                                                                                                                          spit.sys
Device          \Driver\Cdrom \Device\CdRom1                                                                                                                             8947C1F8
Device          \Driver\Cdrom \Device\CdRom2                                                                                                                             8947C1F8
Device          \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                                  8904C500
Device          \Driver\NetBT \Device\NetbiosSmb                                                                                                                         8904C500
Device          \Driver\USBSTOR \Device\00000095                                                                                                                         892E9500

AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                                avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                                pxrts.sys (Prevx Realtime Security/Prevx)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                                epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                              avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                              pxrts.sys (Prevx Realtime Security/Prevx)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                              epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

Device          \Driver\USBSTOR \Device\00000098                                                                                                                         892E9500
Device          \Driver\usbuhci \Device\USBFDO-0                                                                                                                         894AF1F8
Device          \Driver\usbuhci \Device\USBFDO-1                                                                                                                         894AF1F8
Device          \FileSystem\MRxSmb \Device\LanmanDatagramReceiver                                                                                                        89297500
Device          \Driver\usbuhci \Device\USBFDO-2                                                                                                                         894AF1F8
Device          \FileSystem\MRxSmb \Device\LanmanRedirector                                                                                                              89297500
Device          \Driver\usbehci \Device\USBFDO-3                                                                                                                         8949B1F8
Device          \Driver\usbuhci \Device\USBFDO-4                                                                                                                         894AF1F8
Device          \Driver\Ftdisk \Device\FtControl                                                                                                                         8A3A31F8
Device          \Driver\usbuhci \Device\USBFDO-5                                                                                                                         894AF1F8
Device          \Driver\usbuhci \Device\USBFDO-6                                                                                                                         894AF1F8
Device          \Driver\NetBT \Device\NetBT_Tcpip_{9C546B07-4296-407C-B89F-8578067DEDEE}                                                                                 8904C500
Device          \Driver\usbehci \Device\USBFDO-7                                                                                                                         8949B1F8
Device          \Driver\aj0arzrz \Device\Scsi\aj0arzrz1Port6Path0Target0Lun0                                                                                             8946D1F8
Device          \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target14Lun0                                                                                                8A4121F8
Device          \Driver\a4aaik4h \Device\Scsi\a4aaik4h1Port5Path0Target0Lun0                                                                                             8941C500
Device          \Driver\mv61xx \Device\Scsi\mv61xx1                                                                                                                      8A4121F8
Device          \Driver\aj0arzrz \Device\Scsi\aj0arzrz1                                                                                                                  8946D1F8
Device          \Driver\a4aaik4h \Device\Scsi\a4aaik4h1                                                                                                                  8941C500
Device          \FileSystem\Fastfat \Fat                                                                                                                                 892A9420

AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                                 fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                                 AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                                 eamon.sys (Amon monitor/ESET)

Device          \FileSystem\Cdfs \Cdfs                                                                                                                                   890BF500
Device          \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST3160815AS_____________________________4.AAB___#5&2ea7e938&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}  device not found

---- Threads - GMER 1.0.15 ----

Thread          System [4:6056]                                                                                                                                          87E29930

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                                       535053272
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                                       -1362450685
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                                       2
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                      0
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                   0x3B 0xD4 0x6F 0xD7 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                      C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                                                                
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                          0x80 0x73 0xB6 0x68 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                   0x0D 0x04 0xCC 0x57 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                         
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                      C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                      0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                      1
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                   0xFB 0x0E 0xF9 0xAA ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                                
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                             0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                          0xA7 0xED 0xE4 0xFC ...
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                           
Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                     0x35 0x67 0xB1 0x27 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                     
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                          0
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                       0x3B 0xD4 0x6F 0xD7 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                          C:\Program Files\Alcohol Soft\Alcohol 120\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                                            
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                              0x80 0x73 0xB6 0x68 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                                 0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)                                     
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                       0x0D 0x04 0xCC 0x57 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                                     
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                          C:\Program Files\DAEMON Tools Lite\
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                          0xD4 0xC3 0x97 0x02 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                          1
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                                       0xFB 0x0E 0xF9 0xAA ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                            
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                                 0x20 0x01 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                              0xA7 0xED 0xE4 0xFC ...
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                                       
Reg             HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                         0x35 0x67 0xB1 0x27 ...
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout                                                                       15
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota                                                                          10000
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler                                                                                        yes
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk                                                                                       
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout                                                                       90
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota                                                                         10000
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@                                                                                               
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs                                                                                   C:\WINDOWS\system32\acaptuser32.dll
Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs                                                                      1

---- Disk sectors - GMER 1.0.15 ----

Disk            \Device\Harddisk0\DR0                                                                                                                                    sector 62: rootkit-like behavior; 
Disk            \Device\Harddisk0\DR0                                                                                                                                    sector 63: rootkit-like behavior; 

---- Files - GMER 1.0.15 ----

File            C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K91ORR0A\like[1].php                                          0 bytes

---- EOF - GMER 1.0.15 ----

Thanks in advance

Edited by Orange Blossom, 21 January 2011 - 11:58 PM.
Move to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 cleeezzz

cleeezzz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 25 January 2011 - 01:50 AM

Hey, just wanted to let you guys know I cleaned the rootkit.

I actually looked up a solved thread with a very similar problem as mine and the TDSSkiller removed the rootkit. I followed up with some scans and cleaned up whatever the rootkit was hiding. I know I wasn't supposed to do it on my own without professional assistance but I really needed the computer up and running again. I apologize if I caused any inconveniences to anyone.

Thanks,
Chris

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:23 AM

Posted 26 January 2011 - 04:20 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users