Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hidden Icons and Disabled Task Manager


  • Please log in to reply
17 replies to this topic

#1 ulyv

ulyv

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 14 June 2011 - 02:27 PM

My computer was infected by the PUM.Hijack & PUM.Hidden virus. I ran MBAM and it removed the virus and re-enabled my taskmanager. I also ran Unide and it brought back my desktop icons but my program icons in the start menu are still missing. I also need to make sure that the virus was completed removed from my system.

Thanks

Edited by Andrew, 14 June 2011 - 03:38 PM.
Mod Edit: Moved From MRL To AII - AA


BC AdBot (Login to Remove)

 


#2 jlocke1976

jlocke1976

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:14 PM

Posted 14 June 2011 - 09:24 PM

http://www.bleepingcomputer.com/forums/topic401172.html

see that article for restoring your shortcuts

#3 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:14 PM

Posted 20 June 2011 - 05:18 AM

Can you post the logs from Mbam so we can see what was detected?

Also run the following scans:

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



#4 ulyv

ulyv
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 20 June 2011 - 12:42 PM

Hello, I have pasted the GMER and SUPERscan Results. Unfortunatley I did not save the log file for the initial MBAM scan results when the virus was detected.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/20/2011 at 12:58 PM

Application Version : 4.40.1002

Core Rules Database Version : 7289
Trace Rules Database Version: 5101

Scan type : Complete Scan
Total Scan Time : 01:50:06

Memory items scanned : 290
Memory threats detected : 0
Registry items scanned : 11913
Registry threats detected : 0
File items scanned : 223053
File threats detected : 113

Adware.Tracking Cookie
C:\Documents and Settings\Ulises\Cookies\ulises@server.cpmstar[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@yadro[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@ad.wsod[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@ads.bluelithium[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@roiservice[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@beachstreetmedia[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@ziggymedia.go2cloud[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@jmp.clickbooth[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@liveperson[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@adserver.adtechus[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@liveperson[6].txt
C:\Documents and Settings\Ulises\Cookies\ulises@ads.nba[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@brascanmedia[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@lucidmedia[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@richmedia.yahoo[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@collective-media[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@liveperson[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@liveperson[9].txt
C:\Documents and Settings\Ulises\Cookies\ulises@www.burstbeacon[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@ads.cnn[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@dc.tremormedia[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@edgeadx[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@adxpose[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@ad2.adfarm1.adition[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@a1.interclick[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@liveperson[11].txt
C:\Documents and Settings\Ulises\Cookies\ulises@liveperson[3].txt
C:\Documents and Settings\Ulises\Cookies\ulises@revsci[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@ads.10click[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@ar.atwola[4].txt
C:\Documents and Settings\Ulises\Cookies\ulises@sales.liveperson[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@at.atwola[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@adfarm1.adition[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@www.brascanmedia[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@server.iad.liveperson[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@ads.associatedcontent[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@kontera[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@couponmountain[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@interclick[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@liveperson[8].txt
C:\Documents and Settings\Ulises\Cookies\ulises@adultfriendfinder[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@clickbooth[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@tacoda.at.atwola[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@zanox[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@eyewonder[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@invitemedia[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@realmedia[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@media6degrees[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@cn.clickable[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@lucidmedia[3].txt
C:\Documents and Settings\Ulises\Cookies\ulises@babynamescountry[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@ads.pgatour[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@solvemedia[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@superstats[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@yieldmanager[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@ads.pubmatic[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@liveperson[5].txt
C:\Documents and Settings\Ulises\Cookies\ulises@ads.as4x.tmcs.ticketmaster[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@babynamescountry[3].txt
C:\Documents and Settings\Ulises\Cookies\ulises@www.accountonline[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@mm.chitika[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@mediabrandsww[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@coolsavings[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@myfloridacounty[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@counters.gigya[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@stats1.clicktracks[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@xiti[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@ar.atwola[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@liveperson[7].txt
C:\Documents and Settings\Ulises\Cookies\ulises@webtrack.dhlglobalmail[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@legolas-media[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@dmtracker[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@liveperson[10].txt
C:\Documents and Settings\Ulises\Cookies\ulises@ads.bleepingcomputer[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@question-defense[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@ar.atwola[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@click2mail[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@advertising.sheknows[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@devstats.apple[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@bizrate[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@ads.undertone[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@lucidmedia[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@atwola[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@lucidmedia[5].txt
C:\Documents and Settings\Ulises\Cookies\ulises@stats.paypal[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@ads.ncaa[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@ads.cleveland[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@sales.liveperson[3].txt
C:\Documents and Settings\Ulises\Cookies\ulises@ads.monster[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@statsadv.dadapro[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@mailingonline.click2mail[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@e-2dj6wjkyulajibo.stats.esomniture[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@www.googleadservices[1].txt
cdn4.specificclick.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\ULSY5L48 ]
adsatt.espn.go.com [ C:\Documents and Settings\Ulises\Application Data\Macromedia\Flash Player\#SharedObjects\2GTSPQKY ]
cdn4.specificclick.net [ C:\Documents and Settings\Ulises\Application Data\Macromedia\Flash Player\#SharedObjects\2GTSPQKY ]
core.insightexpressai.com [ C:\Documents and Settings\Ulises\Application Data\Macromedia\Flash Player\#SharedObjects\2GTSPQKY ]
hs.interpolls.com [ C:\Documents and Settings\Ulises\Application Data\Macromedia\Flash Player\#SharedObjects\2GTSPQKY ]
ia.media-imdb.com [ C:\Documents and Settings\Ulises\Application Data\Macromedia\Flash Player\#SharedObjects\2GTSPQKY ]
media.scanscout.com [ C:\Documents and Settings\Ulises\Application Data\Macromedia\Flash Player\#SharedObjects\2GTSPQKY ]
objects.tremormedia.com [ C:\Documents and Settings\Ulises\Application Data\Macromedia\Flash Player\#SharedObjects\2GTSPQKY ]
parksandresorts.wdpromedia.com [ C:\Documents and Settings\Ulises\Application Data\Macromedia\Flash Player\#SharedObjects\2GTSPQKY ]
regmedia.co.uk [ C:\Documents and Settings\Ulises\Application Data\Macromedia\Flash Player\#SharedObjects\2GTSPQKY ]
secure-us.imrworldwide.com [ C:\Documents and Settings\Ulises\Application Data\Macromedia\Flash Player\#SharedObjects\2GTSPQKY ]
static.cdn.360.sorensonmedia.com [ C:\Documents and Settings\Ulises\Application Data\Macromedia\Flash Player\#SharedObjects\2GTSPQKY ]
wdw1.wdpromedia.com [ C:\Documents and Settings\Ulises\Application Data\Macromedia\Flash Player\#SharedObjects\2GTSPQKY ]
wdw2.wdpromedia.com [ C:\Documents and Settings\Ulises\Application Data\Macromedia\Flash Player\#SharedObjects\2GTSPQKY ]
C:\Documents and Settings\Ulises\Cookies\ulises@ad.wsod[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@ads.nba[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@dmtracker[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@legolas-media[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@revsci[2].txt

Trojan.Unknown Origin
C:\DOCUMENTS AND SETTINGS\ULISES\MY DOCUMENTS\STATTRAK FOR BASEBALL\WEBGEN\TEST.TXT


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-20 13:36:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 WDC_WD15 rev.20.0
Running: xlh3wv30.exe; Driver: C:\DOCUME~1\Ulises\LOCALS~1\Temp\ffldqfod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xAAE3325A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xAAE2C83A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xAAE4E0AC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xAAE33A2C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xAAE47F48]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xAAE48370]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0xAAE52802]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xAAE33B8A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xAAE2D6FC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xAAE4FB54]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xAAE4F44A]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xAAE46D2C]
SSDT spvn.sys ZwEnumerateKey [0xB7EC9E4C]
SSDT spvn.sys ZwEnumerateValueKey [0xB7ECA1DA]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xAAE5051E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xAAE5075C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xAAE52BBE]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xAAE2D1EE]
SSDT spvn.sys ZwOpenKey [0xB7EAF0C0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xAAE4A460]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenThread [0xAAE4A04E]
SSDT spvn.sys ZwQueryKey [0xB7ECA2B2]
SSDT spvn.sys ZwQueryValueKey [0xB7ECA132]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xAAE515E4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xAAE50ED8]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xAAE32DF2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xAAE52044]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xAAE33526]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xAAE2DB06]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xAAE51B6C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xAAE4EB6E]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xAAE4906C]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAADA4620]

INT 0x62 ? 8B967C88
INT 0x73 ? 8B8F9C88
INT 0x94 ? 8AA48C88
INT 0xB4 ? 8B8F5C88

Code 899A0CEC ZwRequestPort
Code 899A0C4C ZwTraceEvent
Code 899A0CEB NtRequestPort
Code 899A0C4B NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C9C 80504538 12 Bytes [2C, 3A, E3, AA, 48, 7F, E4, ...] {SUB AL, 0x3a; JECXZ 0xffffffffffffffae; DEC EAX; JG 0xffffffffffffffeb; STOSB ; JO 0xffffffffffffff8d; IN AL, 0xaa}
.text ntkrnlpa.exe!NtTraceEvent 80535156 5 Bytes JMP 899A0C50
PAGE ntkrnlpa.exe!NtRequestPort 805A2A4A 5 Bytes JMP 899A0CF0
? spvn.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB596E3A0, 0x5CC259, 0xE8000020]
.text USBPORT.SYS!DllUnload B58EB8AC 5 Bytes JMP 8AA481D8
.text win32k.sys!EngSetLastError + 783D BF824159 5 Bytes JMP 899A0610
.text win32k.sys!EngCopyBits + 1409 BF85333D 5 Bytes JMP 899A0750
.text win32k.sys!EngCopyBits + 5F37 BF857E6B 5 Bytes JMP 899A06B0
.text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP 899A0A70
.text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP 899A0B10
.text win32k.sys!EngCreateClip + 1F42 BF9144AF 5 Bytes JMP 899A0BB0
.text win32k.sys!EngCreateClip + 2588 BF914AF5 5 Bytes JMP 899A0890

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[3968] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5868] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5868] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5868] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5868] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5868] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5868] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5868] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5868] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5868] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5868] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5868] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5868] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5868] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[5868] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B7EB03E6] spvn.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B7EB090E] spvn.sys
IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B7EB0F9C] spvn.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7EB090E] spvn.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7EB01D4] spvn.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7EB0116] spvn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7EB1178] spvn.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7EB0F9C] spvn.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EC1976] spvn.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AAE3847C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AAE382D2] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AAE38AC4] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AAE36A2C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AAE36A2C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AAE3847C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AAE382D2] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AAE38AC4] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AAE3847C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AAE36A2C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AAE38AC4] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AAE382D2] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AAE38AC4] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AAE382D2] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AAE3847C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AAE36A2C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AAE3847C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AAE382D2] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AAE38AC4] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [AAE38AC4] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [AAE382D2] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [AAE36A2C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [AAE3847C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AAE3847C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AAE36A2C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AAE38AC4] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AAE382D2] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[1500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01512E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01512C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01512C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1500] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01512C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BE2E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BE2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BE2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[2632] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BE2C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008E2E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008E2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008E2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[2860] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008E2C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Corel\Standby\Standby.exe[3188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A12E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Corel\Standby\Standby.exe[3188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A12C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Corel\Standby\Standby.exe[3188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A12C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Corel\Standby\Standby.exe[3188] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A12C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Ulises\Desktop\xlh3wv30.exe[5196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Ulises\Desktop\xlh3wv30.exe[5196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Ulises\Desktop\xlh3wv30.exe[5196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Ulises\Desktop\xlh3wv30.exe[5196] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[5868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [005B2E70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[5868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [005B2C30] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[5868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [005B2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[5868] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [005B2C40] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[5868] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B9651F8

AttachedDevice \FileSystem\Ntfs \Ntfs OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)

Device \FileSystem\Fastfat \FatCdrom 89FE31F8
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\usbuhci \Device\USBPDO-0 8A9CA1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B8F61F8
Device \Driver\dmio \Device\DmControl\DmConfig 8B8F61F8
Device \Driver\dmio \Device\DmControl\DmPnP 8B8F61F8
Device \Driver\dmio \Device\DmControl\DmInfo 8B8F61F8
Device \Driver\usbuhci \Device\USBPDO-1 8A9CA1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{875B43E4-671C-4B01-81BA-BC35B7A5EE36} 8A1D71F8
Device \Driver\usbuhci \Device\USBPDO-2 8A9CA1F8
Device \Driver\usbuhci \Device\USBPDO-3 8A9CA1F8
Device \Driver\usbehci \Device\USBPDO-4 8A99D1F8
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B9681F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)

Device \Driver\Ftdisk \Device\HarddiskVolume2 8B9681F8

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)

Device \Driver\Cdrom \Device\CdRom0 8A976470
Device \Driver\iaStor \Device\Ide\iaStor0 [B7D657B0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [B7E03B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [B7D657B0] iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8A976470
Device \Driver\sptd \Device\3238529596 spvn.sys
Device \Driver\Cdrom \Device\CdRom2 8A976470
Device \Driver\PCI_PNP9596 \Device\00000068 spvn.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A1D71F8
Device \Driver\sbp2port \Device\Sbp2Port0 8B8F31F8
Device \Driver\NetBT \Device\NetbiosSmb 8A1D71F8
Device \Driver\sbp2port \Device\Sbp2Port1 8B8F31F8
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\usbuhci \Device\USBFDO-0 8A9CA1F8
Device \Driver\sbp2port \Device\Sbp2\WD&My Book&0&0090a9b3_0a3e4a89_Instance00 8B8F31F8
Device \Driver\sbp2port \Device\Sbp2\WD&My Book Device&1&0090a9b3_0a3e4a89_Instance00 8B8F31F8
Device \Driver\usbuhci \Device\USBFDO-1 8A9CA1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A0491F8
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\usbuhci \Device\USBFDO-2 8A9CA1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A0491F8
Device \Driver\usbuhci \Device\USBFDO-3 8A9CA1F8
Device \Driver\Ftdisk \Device\FtControl 8B9681F8
Device \Driver\usbehci \Device\USBFDO-4 8A99D1F8
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51Port2Path3Target1fLun0 8B9661F8
Device \Driver\au9kel4m \Device\Scsi\au9kel4m1 8A953470
Device \Driver\Si3114r5 \Device\Scsi\Si3114r51 8B9661F8
Device \Driver\au9kel4m \Device\Scsi\au9kel4m1Port3Path0Target0Lun0 8A953470
Device \FileSystem\Fastfat \Fat 89FE31F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat OsaFsLoc.sys (Filesystem Lock driver/OSA Technologies)
AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)

Device \FileSystem\Cdfs \Cdfs 8A1F31F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x40 0x87 0x3F 0x50 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xBF 0xCB 0x79 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x24 0xF4 0xE6 0xA2 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x40 0x87 0x3F 0x50 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xBF 0xCB 0x79 0xE8 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x24 0xF4 0xE6 0xA2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{69A150D8-5392-D6E5-4993-3AC61DEF6DD6}\InprocServer32@ C:\Program Files\Microsoft Office\Office10\MIMEDIR.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{69A150D8-5392-D6E5-4993-3AC61DEF6DD6}\InprocServer32@InprocServer32 C84DVn-}f(YR]eAR6.jiOUTLOOKNonBootFiles>6&*tLlfnf(?Q)L[lj+'(?
Reg HKLM\SOFTWARE\Classes\CLSID\{69A150D8-5392-D6E5-4993-3AC61DEF6DD6}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{69A150D8-5392-D6E5-4993-3AC61DEF6DD6}\ProgID@ MimeDir.MimeDirWriter.1
Reg HKLM\SOFTWARE\Classes\CLSID\{69A150D8-5392-D6E5-4993-3AC61DEF6DD6}\VersionIndependentProgID@ MimeDir.MimeDirWriter
Reg HKLM\SOFTWARE\Classes\CLSID\{DF15095B-2C79-3886-7C82-938D01762F18}\InprocServer32@ C:\Program Files\ItsDeductible2006\DPDF_Gen98.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{DF15095B-2C79-3886-7C82-938D01762F18}\InprocServer32@InprocServer32 Kv]VatcuA9y}sF@)gO63>v=}xU-7nH96nv-[TFRWV?
Reg HKLM\SOFTWARE\Classes\CLSID\{DF15095B-2C79-3886-7C82-938D01762F18}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DF15095B-2C79-3886-7C82-938D01762F18}\ProgID@ DPDF_Gen.Licensing.1
Reg HKLM\SOFTWARE\Classes\CLSID\{DF15095B-2C79-3886-7C82-938D01762F18}\TypeLib@ {C86D4FD3-4C8A-4126-B5AC-06E5FD19D3D2}
Reg HKLM\SOFTWARE\Classes\CLSID\{DF15095B-2C79-3886-7C82-938D01762F18}\VersionIndependentProgID@ DPDF_Gen.Licensing

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- EOF - GMER 1.0.15 ----




#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:14 PM

Posted 20 June 2011 - 01:29 PM

Please update Super Anti-Spyware and then rerun the scan.

#6 ulyv

ulyv
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 21 June 2011 - 03:05 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/21/2011 at 12:35 PM

Application Version : 4.54.1000

Core Rules Database Version : 7295
Trace Rules Database Version: 5107

Scan type : Complete Scan
Total Scan Time : 02:04:39

Memory items scanned : 285
Memory threats detected : 0
Registry items scanned : 11912
Registry threats detected : 0
File items scanned : 233049
File threats detected : 11

Adware.Tracking Cookie
C:\Documents and Settings\Ulises\Cookies\ulises@server.cpmstar[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@ad.wsod[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@liveperson[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@revsci[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@sales.liveperson[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@interclick[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@invitemedia[1].txt
C:\Documents and Settings\Ulises\Cookies\ulises@media6degrees[2].txt
C:\Documents and Settings\Ulises\Cookies\ulises@liveperson[3].txt
C:\Documents and Settings\Ulises\Cookies\ulises@stats.paypal[2].txt
macromedia.com [ C:\Documents and Settings\Ulises\Application Data\Macromedia\Flash Player\#SharedObjects\2GTSPQKY ]




#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:14 PM

Posted 21 June 2011 - 03:09 PM

Can you check the logs tab under Malwarebytes?

#8 ulyv

ulyv
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 21 June 2011 - 10:13 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 6849

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06/14/11 2:40:15 PM
mbam-log-2011-06-14 (14-40-15).txt

Scan type: Quick scan
Objects scanned: 216511
Time elapsed: 9 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:14 PM

Posted 21 June 2011 - 10:31 PM

You need to upgrade your version of Malwarebytes.

#10 ulyv

ulyv
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 22 June 2011 - 11:03 PM

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6923

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06/23/11 12:02:11 AM
mbam-log-2011-06-23 (00-02-11).txt

Scan type: Full scan (C:\|)
Objects scanned: 415614
Time elapsed: 1 hour(s), 8 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




#11 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:14 PM

Posted 23 June 2011 - 05:11 AM

Still having issues?

#12 ulyv

ulyv
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 23 June 2011 - 08:29 AM

Yes, My program icons have not come back in my start menu.

#13 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:14 PM

Posted 23 June 2011 - 12:32 PM

Note this program should only be used to restore files and programs that have appeared to been removed by a certain family of Malicious Software known as Windows Recovery. Under no circumstances should this be used for any other purpose. It is not a program or file recovery program.

If you have been infected with a Windows Recovery Virus please download UnHide and let it do its thing.

However, if you have ran any temporary file program cleaners like CCleaner, Automatic Temp File cleaners, or others then this program will not work for you. This program takes what is copied from the respective directories by the malware and puts it back into their original places.

#14 ulyv

ulyv
  • Topic Starter

  • Members
  • 116 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:14 PM

Posted 23 June 2011 - 03:17 PM

Some of my start menu item came back and some did not. I ran UnHide twice.

#15 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:14 PM

Posted 23 June 2011 - 03:22 PM

Try this version of UnHide.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users