Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Temporary redirect virus?


  • This topic is locked This topic is locked
10 replies to this topic

#1 CalusBlade

CalusBlade

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 14 August 2011 - 11:51 AM

O.K so was trying to check out something about a manga and I accidently clicked something and it auto-ran whatever program it was (not sure if it was Cached). Zonealarm ask if I want to allow it to go online and I denied it. I then tried to delete it but it disappeared. I ran a search for the file and found something with a very similar name ending with a pf file. Then I was idling in my computer with firefox on. I was gmail, facebook, and a Anime streaming site. Norton then popped up with the auto-protect static and showed I was infected by trojon.horse and it deleted that file. Then when i tried to google what that was about, I got redirected. I reset firefox and tried Chrome but didn't get redirected there. I went back to Firefox and the redirecting stopped. So am I infected?


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7465

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

8/14/2011 12:50:21 PM
mbam-log-2011-08-14 (12-50-20).txt

Scan type: Full scan (C:\|)
Objects scanned: 199474
Time elapsed: 1 hour(s), 15 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESET Online Scanner found Win32/injector.hzu trojan

Edited by CalusBlade, 14 August 2011 - 03:49 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:43 PM

Posted 14 August 2011 - 12:28 PM

If you're not seeing any ill effects right now you should be fine.
You can always post back if the issue returns.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 CalusBlade

CalusBlade
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 14 August 2011 - 09:45 PM

I happen again. The strange thing is each time I manually type the website to come here it stops. I donno what's going on.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:43 PM

Posted 14 August 2011 - 09:51 PM

Which browser is it?

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 CalusBlade

CalusBlade
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 14 August 2011 - 10:42 PM

Security Check
Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
ESET Online Scanner v3
Symantec AntiVirus
ZoneAlarm
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner (remove only)
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Adobe Reader 9.4.5
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent

Spybot Teatimer.exe is disabled!
Symantec AntiVirus DefWatch.exe
Symantec AntiVirus Rtvscan.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````


[u]Minitoolbox
MiniToolBox by Farbar
Ran by kenny (administrator) on 14-08-2011 at 23:30:03
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : C640

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)

Physical Address. . . . . . . . . : 00-0B-DB-A4-79-D6

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.10.119

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.10.1

DHCP Server . . . . . . . . . . . : 192.168.10.1

DNS Servers . . . . . . . . . . . : 192.168.10.1

Lease Obtained. . . . . . . . . . : Sunday, August 14, 2011 10:11:51 PM

Lease Expires . . . . . . . . . . : Sunday, August 21, 2011 10:11:51 PM

Server: UnKnown
Address: 192.168.10.1

Name: google.com
Addresses: 74.125.226.177, 74.125.226.176, 74.125.226.179, 74.125.226.180
74.125.226.178



Pinging google.com [74.125.226.178] with 32 bytes of data:



Reply from 74.125.226.178: bytes=32 time=11ms TTL=55

Reply from 74.125.226.178: bytes=32 time=9ms TTL=55



Ping statistics for 74.125.226.178:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 9ms, Maximum = 11ms, Average = 10ms

Server: UnKnown
Address: 192.168.10.1

Name: yahoo.com
Addresses: 67.195.160.76, 69.147.125.65, 72.30.2.43, 98.137.149.56
209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=71ms TTL=51

Reply from 209.191.122.70: bytes=32 time=71ms TTL=50



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 71ms, Maximum = 71ms, Average = 71ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0b db a4 79 d6 ...... 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible) - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.119 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.10.119 192.168.10.119 20
192.168.10.0 255.255.255.0 192.168.10.119 192.168.10.119 20
192.168.10.119 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.10.255 255.255.255.255 192.168.10.119 192.168.10.119 20
224.0.0.0 240.0.0.0 192.168.10.119 192.168.10.119 20
255.255.255.255 255.255.255.255 192.168.10.119 192.168.10.119 1
Default Gateway: 192.168.10.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/14/2011 11:12:50 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Downloader in File: C:\WINDOWS\system32\E8EE91CC.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error: (08/14/2011 11:12:30 PM) (Source: Symantec AntiVirus) (User: )
Description: Risk Found!Risk: Downloader in File: C:\WINDOWS\system32\E8EE91CC.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error: (08/14/2011 11:12:29 PM) (Source: Symantec AntiVirus) (User: )
Description: Security Risk Found!Risk: Downloader in File: C:\WINDOWS\system32\E8EE91CC.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error: (08/14/2011 10:36:56 PM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x1521e7a4.
Processing media-specific event for [explorer.exe!ws!]

Error: (08/14/2011 10:05:18 PM) (Source: Symantec AntiVirus) (User: kenny)kenny
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Terminate Thread
Action Taken: Blocked
Actor Process: C:\Documents and Settings\kenny\Desktop\TFC.exe (PID 3684)
Time: Sunday, August 14, 2011 10:05:18 PM

Error: (08/14/2011 10:05:18 PM) (Source: Symantec AntiVirus) (User: kenny)kenny
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info: Terminate Thread
Action Taken: Blocked
Actor Process: C:\Documents and Settings\kenny\Desktop\TFC.exe (PID 3684)
Time: Sunday, August 14, 2011 10:05:18 PM

Error: (08/14/2011 10:05:18 PM) (Source: Symantec AntiVirus) (User: kenny)kenny
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Terminate Thread
Action Taken: Blocked
Actor Process: C:\Documents and Settings\kenny\Desktop\TFC.exe (PID 3684)
Time: Sunday, August 14, 2011 10:05:18 PM

Error: (08/14/2011 10:05:18 PM) (Source: Symantec AntiVirus) (User: kenny)kenny
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Terminate Thread
Action Taken: Blocked
Actor Process: C:\Documents and Settings\kenny\Desktop\TFC.exe (PID 3684)
Time: Sunday, August 14, 2011 10:05:18 PM

Error: (08/14/2011 10:05:18 PM) (Source: Symantec AntiVirus) (User: kenny)kenny
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Terminate Thread
Action Taken: Blocked
Actor Process: C:\Documents and Settings\kenny\Desktop\TFC.exe (PID 3684)
Time: Sunday, August 14, 2011 10:05:18 PM

Error: (08/14/2011 10:05:18 PM) (Source: Symantec AntiVirus) (User: kenny)kenny
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Terminate Thread
Action Taken: Blocked
Actor Process: C:\Documents and Settings\kenny\Desktop\TFC.exe (PID 3684)
Time: Sunday, August 14, 2011 10:05:18 PM


System errors:
=============
Error: (08/14/2011 10:13:15 PM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%126

Error: (08/14/2011 10:13:14 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%3

Error: (08/14/2011 10:04:59 PM) (Source: Service Control Manager) (User: )
Description: The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).

Error: (08/14/2011 10:04:59 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (08/14/2011 10:04:58 PM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/14/2011 10:04:58 PM) (Source: Service Control Manager) (User: )
Description: The Seagate Service service terminated unexpectedly. It has done this 1 time(s).

Error: (08/14/2011 10:04:58 PM) (Source: Service Control Manager) (User: )
Description: The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

Error: (08/14/2011 09:47:06 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%126

Error: (08/14/2011 09:47:05 AM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%3

Error: (08/13/2011 09:48:18 AM) (Source: Service Control Manager) (User: )
Description: The Automatic Updates service terminated with the following error:
%%126


Microsoft Office Sessions:
=========================
Error: (08/14/2011 11:12:50 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Downloader in File: C:\WINDOWS\system32\E8EE91CC.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error: (08/14/2011 11:12:30 PM) (Source: Symantec AntiVirus)(User: )
Description: Risk Found!Risk: Downloader in File: C:\WINDOWS\system32\E8EE91CC.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error: (08/14/2011 11:12:29 PM) (Source: Symantec AntiVirus)(User: )
Description: Security Risk Found!Risk: Downloader in File: C:\WINDOWS\system32\E8EE91CC.exe by: Auto-Protect scan. Action: Cleaned by Deletion. Action Description:

Error: (08/14/2011 10:36:56 PM) (Source: Application Error)(User: )
Description: explorer.exe6.0.2900.5512unknown0.0.0.01521e7a4

Error: (08/14/2011 10:05:18 PM) (Source: Symantec AntiVirus)(User: kenny)kenny
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Terminate Thread
Action Taken: Blocked
Actor Process: C:\Documents and Settings\kenny\Desktop\TFC.exe (PID 3684)
Time: Sunday, August 14, 2011 10:05:18 PM

Error: (08/14/2011 10:05:18 PM) (Source: Symantec AntiVirus)(User: kenny)kenny
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info: Terminate Thread
Action Taken: Blocked
Actor Process: C:\Documents and Settings\kenny\Desktop\TFC.exe (PID 3684)
Time: Sunday, August 14, 2011 10:05:18 PM

Error: (08/14/2011 10:05:18 PM) (Source: Symantec AntiVirus)(User: kenny)kenny
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Terminate Thread
Action Taken: Blocked
Actor Process: C:\Documents and Settings\kenny\Desktop\TFC.exe (PID 3684)
Time: Sunday, August 14, 2011 10:05:18 PM

Error: (08/14/2011 10:05:18 PM) (Source: Symantec AntiVirus)(User: kenny)kenny
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Terminate Thread
Action Taken: Blocked
Actor Process: C:\Documents and Settings\kenny\Desktop\TFC.exe (PID 3684)
Time: Sunday, August 14, 2011 10:05:18 PM

Error: (08/14/2011 10:05:18 PM) (Source: Symantec AntiVirus)(User: kenny)kenny
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Terminate Thread
Action Taken: Blocked
Actor Process: C:\Documents and Settings\kenny\Desktop\TFC.exe (PID 3684)
Time: Sunday, August 14, 2011 10:05:18 PM

Error: (08/14/2011 10:05:18 PM) (Source: Symantec AntiVirus)(User: kenny)kenny
Description: SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Terminate Thread
Action Taken: Blocked
Actor Process: C:\Documents and Settings\kenny\Desktop\TFC.exe (PID 3684)
Time: Sunday, August 14, 2011 10:05:18 PM


=========================== Installed Programs ============================

Access Drivers (Version: 2.8)
Acoustica Audio Converter Pro (Version: 1.0 b20)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 10 ActiveX (Version: 10.2.159.1)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Reader 9.4.5 (Version: 9.4.5)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
AIM 7
Any Video Converter 3.2.3
Apple Application Support (Version: 1.5.1)
Apple Mobile Device Support (Version: 3.4.0.25)
Apple Software Update (Version: 2.1.1.116)
Ask Toolbar (Version: 1.12.2.0)
ATI Display Driver (Version: 7.93-030812a1-011052C-Dell)
AVS Update Manager 1.0
AVS Video Converter 6
AVS Video Converter 7
AVS Video Editor 4
AVS Video Recorder 2.4
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.4
Bonjour (Version: 2.0.5.0)
CCleaner (remove only)
Compatibility Pack for the 2007 Office system (Version: 12.0.6021.5000)
Dell ResourceCD
Download Updater (AOL LLC)
ESET Online Scanner v3
Fighter Factory Classic (Version: 1.2.0.2010)
Free Video Converter V 2.9 (Version: 2.9.0.0)
Google Update Helper (Version: 1.2.183.23)
Grand Chase
HighMAT Extension to Microsoft Windows XP CD Writing Wizard (Version: 1.1.1905.1)
Hitman Pro 3.5 (Version: 3.5.9.129)
IrfanView (remove only)
iTunes (Version: 10.2.2.14)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
League of Legends (Version: 1.0020)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.61)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft AppLocale (Version: 1.0.0)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office Outlook 2003 (Version: 11.0.7969.0)
Microsoft Office XP Standard (Version: 10.0.6626.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Windows Application Compatibility Database
Microsoft XML Parser (Version: 8.20.8730.4)
Mozilla Firefox 5.0 (x86 en-US) (Version: 5.0)
PCTEL 2304WT V.92 MDC Modem Drivers
QuickTime (Version: 7.69.80.9)
Seagate Manager Installer (Version: 2.01.0600)
Shattered Galaxy (Version: 0.181)
SpeedFan (remove only)
Spybot - Search & Destroy (Version: 1.6.2)
SpywareBlaster 4.3 (Version: 4.3.0)
SuccubusQuest短編
SUPERAntiSpyware Professional (Version: 4.26.0.1002)
Symantec AntiVirus (Version: 10.1.5000.5)
Synaptics Pointing Device Driver
System Requirements Lab CYRI (Version: 4.3.1.0)
TRENDnet TEW-421PC or TEW-423PI (Version: 1.00.0000)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
VLC media player 1.0.5 (Version: 1.0.5)
WebFldrs XP (Version: 9.50.5318)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Player 10
Windows XP Service Pack 3 (Version: 20080414.031525)
WinPcap 4.1.2 (Version: 4.1.0.2001)
WinRAR archiver
Wonderland Online (Version: 6.0.0)
ZoneAlarm (Version: 9.2.057.000)
μTorrent (Version: 2.2.0)

========================= Memory info: ===================================

Percentage of memory in use: 72%
Total physical RAM: 1023.43 MB
Available physical RAM: 282.79 MB
Total Pagefile: 1624.56 MB
Available Pagefile: 806.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1999.28 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:37.25 GB) (Free:5.33 GB) NTFS

========================= Users: ========================================

User accounts for \\C640

ASPNET Guest HelpAssistant
kenny pluto SUPPORT_388945a0


== End of log ==

Norton Auto-Protect result popped out and said I had a virus called downloader. It was cleaned by deletion. Spybot found my windows firewall is disabled. I donno if this is a big deal or not because i have cable and the firewall thing doesn't show but when i did scan before I had all these problems, it never said anything.
I'll do the other two tomorrow since it's getting late.

Also there's another problem but I don't think this is a virus issue. Seems that my sound icon by the windows clock doesn't load right during start up. It takes around 10-20 minutes to load and I can't do really anything till it loads.

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:43 PM

Posted 14 August 2011 - 10:47 PM

Spybot found my windows firewall is disabled

I can see you're using ZoneAlarm as your firewall, correct?
If so Windows firewall must be off.

I still need GMER log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 CalusBlade

CalusBlade
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 15 August 2011 - 03:36 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-15 16:35:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N040ATCS05-0 rev.CS4OA63A
Running: dqpyp3vo.exe; Driver: C:\DOCUME~1\kenny\LOCALS~1\Temp\pxtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT 8697A668 ZwAlertResumeThread
SSDT 869422F8 ZwAlertThread
SSDT 86A2E308 ZwAllocateVirtualMemory
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF0BCF534]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF0BC9782]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xF0BE86DC]
SSDT 868A9340 ZwCreateMutant
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF0BCFCC0]
SSDT 86978CF0 ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF0BCFDF6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF0BCA398]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xF0BE9FE4]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF0EDA350]
SSDT spvx.sys ZwEnumerateKey [0xF768CDA4]
SSDT spvx.sys ZwEnumerateValueKey [0xF768D132]
SSDT 8674F0E8 ZwFreeVirtualMemory
SSDT 867358B8 ZwImpersonateAnonymousToken
SSDT 868262A0 ZwImpersonateThread
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF0BEA93C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF0BEAB44]
SSDT 869DCE70 ZwMapViewOfSection
SSDT 86A2B300 ZwOpenEvent
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF0BC9FAA]
SSDT spvx.sys ZwOpenKey [0xF76740C0]
SSDT 868AFA20 ZwOpenProcessToken
SSDT 869F3330 ZwOpenThreadToken
SSDT spvx.sys ZwQueryKey [0xF768D20A]
SSDT 867A7EB8 ZwQueryValueKey
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF0BEB8D2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF0BEB208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF0BCF0F4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF0BEC2A4]
SSDT 8688F8F8 ZwResumeThread
SSDT 867B42A0 ZwSetContextThread
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF0BCA75C]
SSDT 86AD30E8 ZwSetInformationProcess
SSDT 869146A0 ZwSetInformationThread
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xF0BEBE12]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF0EDA580]
SSDT 86A25908 ZwSuspendProcess
SSDT 86943258 ZwSuspendThread
SSDT 86A2F2F8 ZwTerminateProcess
SSDT 8682E818 ZwTerminateThread
SSDT 867900E8 ZwUnmapViewOfSection
SSDT 8672A3D0 ZwWriteVirtualMemory

INT 0x3B ? 869B7BF8
INT 0x3E ? 86B69BF8
INT 0x3F ? 86B69BF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 81 804E26ED 3 Bytes [22, 94, 86]
.text ntoskrnl.exe!_abnormal_termination + 198 804E2804 4 Bytes [E8, F0, 74, 86]
.text ntoskrnl.exe!_abnormal_termination + 3DC 804E2A48 8 Bytes [E8, 30, AD, 86, A0, 46, 91, ...]
.text ntoskrnl.exe!_abnormal_termination + 478 804E2AE4 4 Bytes [E8, 00, 79, 86]
? spvx.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F72668AC 5 Bytes JMP 869B71D8
.text az7z7hui.SYS F712E386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text az7z7hui.SYS F712E3AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text az7z7hui.SYS F712E3C4 3 Bytes [00, 80, 02]
.text az7z7hui.SYS F712E3C9 1 Byte [30]
.text az7z7hui.SYS F712E3C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1544] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 1068EDA6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1544] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 1068ED38 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1544] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104A5451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1544] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104A5A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0214BA48
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0214CA1A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0214C58F
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 0214C7B6
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0214B987
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0214C634
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0214C6E2
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 0214BE21
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 0214CCA4
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 0214D1D8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 0214CBD8
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 0214D0F4
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 0214D598
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 0214D665
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 0214BF00
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 0214D00D
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] USER32.dll!DrawTextW 7E42D7E2 5 Bytes JMP 0214CE4B
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 0214CAC1
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 0214CD70
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] USER32.dll!DrawTextExA 7E43C739 5 Bytes JMP 0214CF26
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] WININET.dll!InternetCrackUrlA 771C7561 5 Bytes JMP 0214D92B
.text C:\Program Files\Mozilla Firefox\firefox.exe[3752] WININET.dll!InternetCrackUrlW 771F9EEE 5 Bytes JMP 0214DA74

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86B6D2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F769FDDC] spvx.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F769FE30] spvx.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7675042] spvx.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F767513E] spvx.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F76750C0] spvx.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7675800] spvx.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F76756D6] spvx.sys
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 869B72D8
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7684B90] spvx.sys
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!swprintf] 001CBA86
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8986
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C8B
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!MmFreeMappingAddress] 96868801
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CB286
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!MmUnmapIoSpace] 88968B00
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IofCompleteRequest] 001CA496
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IofCallDriver] 001CC186
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] C286880C
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CC386
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C98
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!ObfDereferenceObject] 22F6E852
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!ZwClose] 1CB48E8D
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 000022E4
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoCreateDevice] 00001CA0
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 22D2E850
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!ZwOpenKey] 1CBC968D
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoStartTimer] 000022C0
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoInitializeTimer] 001CC38E
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CC58688
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC386
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C98
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2292E851
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CB4868D
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!MmUnlockPages] 00002280
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CC38E
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CC58688
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CC396
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CC5
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CC5
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CC68E
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC886
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoAllocateIrp] 11E85000
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000022
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CC08E
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!MmLockPagableDataSection] C4968B00
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CCC8E
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!ExFreePoolWithTag] D0968900
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!InitSafeBootMode] D4C68150
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!PoCallDriver] 0021E7E8
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\az7z7hui.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F0BD4672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F0BD44C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F0BD4CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F0BD2C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F0BD2C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F0BD4672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F0BD44C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F0BD4CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F0BD4672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F0BD2C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F0BD4CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F0BD44C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F0BD4CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F0BD44C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F0BD4672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F0BB23C4] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F0BD2C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F0BD4672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F0BD44C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F0BD4CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F0BD4672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F0BD2C2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F0BD4CBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F0BD44C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F0BCB2AA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F0BCB60C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F0BCAD40] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F0BCB41C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86B671F8

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)

Device \Driver\usbuhci \Device\USBPDO-0 86A0C1F8
Device \Driver\sptd \Device\2010288016 spvx.sys
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Ftdisk \Device\HarddiskVolume1 86B6A1F8
Device \Driver\Cdrom \Device\CdRom0 8688A1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F75D0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F75D0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F75D0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 8681E500
Device \Driver\NetBT \Device\NetbiosSmb 8681E500
Device \Driver\PCI_PNP5280 \Device\0000005b spvx.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{068F006D-D7CF-43C8-9C52-8E1D9095CE11} 8681E500
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 86A0C1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86817500
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86817500
Device \Driver\Ftdisk \Device\FtControl 86B6A1F8
Device \Driver\az7z7hui \Device\Scsi\az7z7hui1Port2Path0Target1Lun0 869531F8
Device \Driver\az7z7hui \Device\Scsi\az7z7hui1 869531F8
Device \FileSystem\Cdfs \Cdfs 867F2500

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\System32\alg.exe? (*** hidden *** ) [MANUAL] ALG <-- ROOTKIT !!!
Service C:\WINDOWS\system32\cisvc.exe? (*** hidden *** ) [MANUAL] cisvc <-- ROOTKIT !!!
Service C:\WINDOWS\system32\clipsrv.exe? (*** hidden *** ) [MANUAL] ClipSrv <-- ROOTKIT !!!
Service C:\WINDOWS\system32\imapi.exe? (*** hidden *** ) [DISABLED] ImapiService <-- ROOTKIT !!!
Service C:\WINDOWS\system32\lsass.exe? (*** hidden *** ) [AUTO] PolicyAgent <-- ROOTKIT !!!
Service C:\WINDOWS\system32\lsass.exe? (*** hidden *** ) [AUTO] ProtectedStorage <-- ROOTKIT !!!
Service C:\WINDOWS\system32\spoolsv.exe? (*** hidden *** ) [AUTO] Spooler <-- ROOTKIT !!!
Service C:\WINDOWS\System32\ups.exe? (*** hidden *** ) [MANUAL] UPS <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD3 0xBD 0x76 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAB 0x78 0xDA 0x87 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC6 0xD0 0xCD 0x0B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xE3 0x1F 0x60 0x19 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD3 0xBD 0x76 0xC2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xAB 0x78 0xDA 0x87 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC6 0xD0 0xCD 0x0B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xE3 0x1F 0x60 0x19 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@EncoderType 1

---- EOF - GMER 1.0.15 ----

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,662 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:43 PM

Posted 15 August 2011 - 04:21 PM

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,853 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:43 PM

Posted 15 August 2011 - 09:36 PM

Question:

Does this topic concern the same computer you were receiving assistance with here? http://www.bleepingcomputer.com/forums/topic409595.html

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#10 CalusBlade

CalusBlade
  • Topic Starter

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Local time:06:43 PM

Posted 16 August 2011 - 06:38 AM

Not sure, a few days passed before I got these problems.

#11 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,853 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:43 PM

Posted 16 August 2011 - 11:34 AM

Hello,

Just in case it IS the same computer, I have edited your new log topic to include that link with a note stating that you aren't sure if it's the same computer or not.

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic414568.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users