View Full Version : SB etc Cant Run
handy2009
2009-09-10, 06:46
Spybot closes and permissions on its .exe changed
This bug disables all scanning programs including spybot, Hijackthis etc.
Spybot closes after clicking check for problems. It it thereafter unavailable due to altered permissions on the .exe. This occurs for hijackthis too altho i can run it over and over unlike SB. Complete removal and reinstallation results in repeat of same problem.
After reading some of the other msg`s i ran GMER this was found
will post in new post to big :)
====================
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
If the infection prevents HJT from running, please start a topic, make note of the situation and wait for a response. Please do not add logs from other scans. :)
handy2009
2009-09-10, 06:50
GMER 1.0.15.15077 [eth3fhov.exe] - http://www.gmer.net
Rootkit scan 2009-09-10 14:44:16
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwCreateKey [0xA1D0BD72]
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwCreateProcess [0xA1CEC9A6]
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwCreateProcessEx [0xA1CECB98]
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwDeleteKey [0xA1D0C568]
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwDeleteValueKey [0xA1D0C820]
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwOpenKey [0xA1D0AA80]
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwRenameKey [0xA1D0CC8A]
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwSetValueKey [0xA1D0C036]
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwTerminateProcess [0xA1CEC656]
Code 8A4D59A8 ZwDuplicateObject
Code 8A6494D8 ZwSetInformationFile
Code 8A650950 ZwSetSystemInformation
Code 8A67A3B0 ZwWriteFile
Code 8A4D59A7 NtDuplicateObject
Code 8A6494D7 NtSetInformationFile
Code 8A67A3AF NtWriteFile
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!IoGetBootDiskInformation + 66F 80576917 7 Bytes JMP 8AF2BD34
PAGE ntkrnlpa.exe!NtSetInformationFile 8057B010 7 Bytes JMP 8A6494DC
PAGE ntkrnlpa.exe!NtWriteFile 8057CEF2 7 Bytes JMP 8A67A3B4
PAGE ntkrnlpa.exe!ObCloseHandle + 17 805BC4F3 7 Bytes JMP 8A6799AC
PAGE ntkrnlpa.exe!NtDuplicateObject 805BDFD0 7 Bytes JMP 8A4D59AC
PAGE ntkrnlpa.exe!ZwSetSystemInformation 8060F3E4 5 Bytes JMP 8A650954
? win32k.sys:1 The filename, directory name, or volume label syntax is incorrect. !
? win32k.sys:2 The filename, directory name, or volume label syntax is incorrect. !
PAGE Fastfat.SYS A272B9C8 7 Bytes JMP 8A4D7484
? system32\drivers\PCTCore.sys The system cannot find the path specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[628] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[628] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[628] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[628] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[628] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[628] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[628] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[628] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[628] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[628] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[628] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[628] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1180] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1180] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1436] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1436] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1436] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1684] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1684] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\WINDOWS\system32\svchost.exe[1684] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\Program Files\NDAS\System\ndassvc.exe[1832] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\Program Files\NDAS\System\ndassvc.exe[1832] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\Program Files\NDAS\System\ndassvc.exe[1832] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\WINDOWS\system32\spoolsv.exe[1940] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\WINDOWS\system32\spoolsv.exe[1940] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\WINDOWS\system32\spoolsv.exe[1940] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2360] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2360] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2360] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2360] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2360] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2360] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2360] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2360] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2360] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2360] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2360] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2360] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2360] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2360] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2360] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[2360] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2360] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3356] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3356] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3356] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3356] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3356] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\The Bat!\thebat.exe[3384] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\Program Files\The Bat!\thebat.exe[3384] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\Program Files\The Bat!\thebat.exe[3384] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3888] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9521 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3888] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3888] USER32.dll!CallNextHookEx + 4A 7E42B410 7 Bytes CALL 35672D96 \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3888] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3888] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3888] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3888] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3888] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3888] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3888] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3888] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3888] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3888] GDI32.dll!GetHFONT + 51 77F17EA7 7 Bytes CALL 35672DC2 \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3888] GDI32.dll!GetTextExtentPoint32W + E4 77F18081 7 Bytes CALL 35672DDE \\?\globalroot\Device\__max++>\00180FE4.x86.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[3888] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3888] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\Explorer.EXE[124] @ C:\WINDOWS\Explorer.EXE [USER32.dll!TranslateMessage] 011B5A04
IAT C:\WINDOWS\Explorer.EXE[124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 011B5495
IAT C:\WINDOWS\Explorer.EXE[124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 011B53DA
IAT C:\WINDOWS\Explorer.EXE[124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 011B5375
IAT C:\WINDOWS\Explorer.EXE[124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 011B5343
IAT C:\WINDOWS\Explorer.EXE[124] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 011B575A
IAT C:\WINDOWS\Explorer.EXE[124] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 011B5A04
IAT C:\WINDOWS\Explorer.EXE[124] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 011B5A04
IAT C:\WINDOWS\Explorer.EXE[124] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 011B5A04
IAT C:\WINDOWS\Explorer.EXE[124] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 011B575A
IAT C:\WINDOWS\Explorer.EXE[124] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 011B5495
IAT C:\Program Files\Internet Explorer\iexplore.exe[628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\00180FE4.x86.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135495
IAT C:\Program Files\Internet Explorer\iexplore.exe[628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001353DA
IAT C:\Program Files\Internet Explorer\iexplore.exe[628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135375
IAT C:\Program Files\Internet Explorer\iexplore.exe[628] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135343
IAT C:\Program Files\Internet Explorer\iexplore.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\Internet Explorer\iexplore.exe[628] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\Internet Explorer\iexplore.exe[628] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 0013575A
IAT C:\Program Files\Internet Explorer\iexplore.exe[628] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0013575A
IAT C:\Program Files\Internet Explorer\iexplore.exe[628] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\Internet Explorer\iexplore.exe[628] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135495
IAT C:\WINDOWS\system32\services.exe[992] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile] 00E35495
IAT C:\WINDOWS\system32\services.exe[992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00E35495
IAT C:\WINDOWS\system32\services.exe[992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00E353DA
IAT C:\WINDOWS\system32\services.exe[992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00E35375
IAT C:\WINDOWS\system32\services.exe[992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00E35343
IAT C:\WINDOWS\system32\services.exe[992] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00E35495
IAT C:\WINDOWS\system32\services.exe[992] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00E35A04
IAT C:\WINDOWS\system32\services.exe[992] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 00E3575A
IAT C:\WINDOWS\system32\services.exe[992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00E35A04
IAT C:\WINDOWS\system32\services.exe[992] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00E3575A
IAT C:\WINDOWS\system32\services.exe[992] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00E35A04
IAT C:\WINDOWS\system32\lsass.exe[1004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00BA5495
IAT C:\WINDOWS\system32\lsass.exe[1004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00BA53DA
IAT C:\WINDOWS\system32\lsass.exe[1004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00BA5375
IAT C:\WINDOWS\system32\lsass.exe[1004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00BA5343
IAT C:\WINDOWS\system32\lsass.exe[1004] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll] 00BA53DA
IAT C:\WINDOWS\system32\lsass.exe[1004] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00BA5495
IAT C:\WINDOWS\system32\lsass.exe[1004] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll] 00BA53DA
IAT C:\WINDOWS\system32\lsass.exe[1004] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress] 00BA5375
IAT C:\WINDOWS\system32\lsass.exe[1004] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00BA575A
IAT C:\WINDOWS\system32\lsass.exe[1004] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00BA5A04
IAT C:\WINDOWS\system32\lsass.exe[1004] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00BA5A04
IAT C:\WINDOWS\system32\lsass.exe[1004] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00BA575A
IAT C:\WINDOWS\system32\lsass.exe[1004] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00BA5A04
IAT C:\WINDOWS\system32\svchost.exe[1180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\00180FE4.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\00180FE4.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1180] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00AE5343
IAT C:\WINDOWS\system32\svchost.exe[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00C35495
IAT C:\WINDOWS\system32\svchost.exe[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00C353DA
IAT C:\WINDOWS\system32\svchost.exe[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00C35375
IAT C:\WINDOWS\system32\svchost.exe[1232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00C35343
IAT C:\WINDOWS\system32\svchost.exe[1232] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 00C3575A
IAT C:\WINDOWS\system32\svchost.exe[1232] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00C35A04
IAT C:\WINDOWS\system32\svchost.exe[1232] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00C35A04
IAT C:\WINDOWS\system32\svchost.exe[1232] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 00C3575A
IAT C:\WINDOWS\system32\svchost.exe[1232] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00C35A04
IAT C:\WINDOWS\system32\svchost.exe[1232] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00C35495
IAT C:\WINDOWS\System32\svchost.exe[1376] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 013C5495
IAT C:\WINDOWS\System32\svchost.exe[1376] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 013C53DA
IAT C:\WINDOWS\System32\svchost.exe[1376] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 013C5375
IAT C:\WINDOWS\System32\svchost.exe[1376] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 013C5343
IAT C:\WINDOWS\System32\svchost.exe[1376] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 013C575A
IAT C:\WINDOWS\System32\svchost.exe[1376] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 013C5A04
IAT C:\WINDOWS\System32\svchost.exe[1376] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 013C5A04
IAT C:\WINDOWS\System32\svchost.exe[1376] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 013C575A
IAT C:\WINDOWS\System32\svchost.exe[1376] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 013C5A04
IAT C:\WINDOWS\System32\svchost.exe[1376] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 013C5495
IAT C:\WINDOWS\system32\svchost.exe[1436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\00180FE4.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\00180FE4.x86.dll
IAT C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe[1540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135495
IAT C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe[1540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001353DA
IAT C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe[1540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135375
IAT C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe[1540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135343
IAT C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe[1540] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0013575A
IAT C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe[1540] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe[1540] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe[1540] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe[1540] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 0013575A
IAT C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe[1540] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135495
IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405495
IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004053DA
IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405375
IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405343
IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0040575A
IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405A04
IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405A04
IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 0040575A
IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405A04
IAT C:\WINDOWS\system32\svchost.exe[1552] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405495
IAT C:\WINDOWS\system32\svchost.exe[1684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\00180FE4.x86.dll
IAT C:\WINDOWS\system32\svchost.exe[1684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\00180FE4.x86.dll
IAT C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe[1716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135495
IAT C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe[1716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001353DA
IAT C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe[1716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135375
IAT C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe[1716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135343
IAT C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe[1716] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe[1716] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 0013575A
IAT C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe[1716] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe[1716] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0013575A
IAT C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe[1716] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe[1716] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135495
IAT C:\Program Files\NDAS\System\ndassvc.exe[1832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\00180FE4.x86.dll
IAT C:\Program Files\NDAS\System\ndassvc.exe[1832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405495
IAT C:\Program Files\NDAS\System\ndassvc.exe[1832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004053DA
IAT C:\Program Files\NDAS\System\ndassvc.exe[1832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405375
IAT C:\Program Files\NDAS\System\ndassvc.exe[1832] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405343
IAT C:\Program Files\NDAS\System\ndassvc.exe[1832] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405495
IAT C:\Program Files\NDAS\System\ndassvc.exe[1832] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405A04
IAT C:\Program Files\NDAS\System\ndassvc.exe[1832] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0040575A
IAT C:\Program Files\NDAS\System\ndassvc.exe[1832] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405A04
IAT C:\Program Files\NDAS\System\ndassvc.exe[1832] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00405A04
IAT C:\Program Files\NDAS\System\ndassvc.exe[1832] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 0040575A
IAT C:\WINDOWS\system32\spoolsv.exe[1940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\00180FE4.x86.dll
IAT C:\WINDOWS\system32\spoolsv.exe[1940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] [35672A1E] \\?\globalroot\Device\__max++>\00180FE4.x86.dll
IAT C:\Program Files\Authentium\Command AntiVirus\schscnt.exe[1988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135495
IAT C:\Program Files\Authentium\Command AntiVirus\schscnt.exe[1988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001353DA
IAT C:\Program Files\Authentium\Command AntiVirus\schscnt.exe[1988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135375
IAT C:\Program Files\Authentium\Command AntiVirus\schscnt.exe[1988] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135343
IAT C:\Program Files\Authentium\Command AntiVirus\schscnt.exe[1988] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\Authentium\Command AntiVirus\schscnt.exe[1988] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0013575A
IAT C:\Program Files\Authentium\Command AntiVirus\schscnt.exe[1988] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\Authentium\Command AntiVirus\schscnt.exe[1988] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\Authentium\Command AntiVirus\schscnt.exe[1988] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 0013575A
IAT C:\Program Files\Authentium\Command AntiVirus\schscnt.exe[1988] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135495
IAT F:\Virus and Spyware\GMER\eth3fhov.exe[2136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135495
IAT F:\Virus and Spyware\GMER\eth3fhov.exe[2136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001353DA
IAT F:\Virus and Spyware\GMER\eth3fhov.exe[2136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135375
IAT F:\Virus and Spyware\GMER\eth3fhov.exe[2136] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135343
IAT F:\Virus and Spyware\GMER\eth3fhov.exe[2136] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135A04
IAT F:\Virus and Spyware\GMER\eth3fhov.exe[2136] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 0013575A
IAT F:\Virus and Spyware\GMER\eth3fhov.exe[2136] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135A04
IAT F:\Virus and Spyware\GMER\eth3fhov.exe[2136] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0013575A
IAT F:\Virus and Spyware\GMER\eth3fhov.exe[2136] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135A04
IAT F:\Virus and Spyware\GMER\eth3fhov.exe[2136] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135495
IAT C:\WINDOWS\System32\alg.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405495
IAT C:\WINDOWS\System32\alg.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004053DA
IAT C:\WINDOWS\System32\alg.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405375
IAT C:\WINDOWS\System32\alg.exe[2328] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405343
IAT C:\WINDOWS\System32\alg.exe[2328] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0040575A
IAT C:\WINDOWS\System32\alg.exe[2328] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405A04
IAT C:\WINDOWS\System32\alg.exe[2328] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405495
IAT C:\WINDOWS\System32\alg.exe[2328] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405A04
IAT C:\WINDOWS\System32\alg.exe[2328] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 0040575A
IAT C:\WINDOWS\System32\alg.exe[2328] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405A04
IAT C:\Program Files\Internet Explorer\iexplore.exe[2360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\00180FE4.x86.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135495
IAT C:\Program Files\Internet Explorer\iexplore.exe[2360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001353DA
IAT C:\Program Files\Internet Explorer\iexplore.exe[2360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135375
IAT C:\Program Files\Internet Explorer\iexplore.exe[2360] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135343
IAT C:\Program Files\Internet Explorer\iexplore.exe[2360] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\Internet Explorer\iexplore.exe[2360] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\Internet Explorer\iexplore.exe[2360] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 0013575A
IAT C:\Program Files\Internet Explorer\iexplore.exe[2360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2360] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0013575A
IAT C:\Program Files\Internet Explorer\iexplore.exe[2360] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\Internet Explorer\iexplore.exe[2360] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135495
IAT C:\WINDOWS\System32\svchost.exe[3068] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00405495
IAT C:\WINDOWS\System32\svchost.exe[3068] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 004053DA
IAT C:\WINDOWS\System32\svchost.exe[3068] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00405375
IAT C:\WINDOWS\System32\svchost.exe[3068] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00405343
IAT C:\WINDOWS\System32\svchost.exe[3068] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0040575A
IAT C:\WINDOWS\System32\svchost.exe[3068] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00405A04
IAT C:\WINDOWS\System32\svchost.exe[3068] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00405A04
IAT C:\WINDOWS\System32\svchost.exe[3068] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 0040575A
IAT C:\WINDOWS\System32\svchost.exe[3068] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00405A04
IAT C:\WINDOWS\System32\svchost.exe[3068] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00405495
IAT C:\Program Files\Internet Explorer\iexplore.exe[3356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\00180FE4.x86.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135495
IAT C:\Program Files\Internet Explorer\iexplore.exe[3356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001353DA
IAT C:\Program Files\Internet Explorer\iexplore.exe[3356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135375
IAT C:\Program Files\Internet Explorer\iexplore.exe[3356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135343
IAT C:\Program Files\Internet Explorer\iexplore.exe[3356] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\Internet Explorer\iexplore.exe[3356] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\Internet Explorer\iexplore.exe[3356] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 0013575A
IAT C:\Program Files\Internet Explorer\iexplore.exe[3356] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3356] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0013575A
IAT C:\Program Files\Internet Explorer\iexplore.exe[3356] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\Internet Explorer\iexplore.exe[3356] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135495
IAT C:\Program Files\The Bat!\thebat.exe[3384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\00180FE4.x86.dll
IAT C:\Program Files\The Bat!\thebat.exe[3384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135495
IAT C:\Program Files\The Bat!\thebat.exe[3384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001353DA
IAT C:\Program Files\The Bat!\thebat.exe[3384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135375
IAT C:\Program Files\The Bat!\thebat.exe[3384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135343
IAT C:\Program Files\The Bat!\thebat.exe[3384] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0013575A
IAT C:\Program Files\The Bat!\thebat.exe[3384] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\The Bat!\thebat.exe[3384] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\The Bat!\thebat.exe[3384] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\The Bat!\thebat.exe[3384] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData] 0013575A
IAT C:\Program Files\The Bat!\thebat.exe[3384] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135495
IAT C:\Program Files\Internet Explorer\iexplore.exe[3888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtWriteFile] [35672A94] \\?\globalroot\Device\__max++>\00180FE4.x86.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[3888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile] 00135495
IAT C:\Program Files\Internet Explorer\iexplore.exe[3888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001353DA
IAT C:\Program Files\Internet Explorer\iexplore.exe[3888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00135375
IAT C:\Program Files\Internet Explorer\iexplore.exe[3888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread] 00135343
IAT C:\Program Files\Internet Explorer\iexplore.exe[3888] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\Internet Explorer\iexplore.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\Internet Explorer\iexplore.exe[3888] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData] 0013575A
IAT C:\Program Files\Internet Explorer\iexplore.exe[3888] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[3888] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData] 0013575A
IAT C:\Program Files\Internet Explorer\iexplore.exe[3888] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage] 00135A04
IAT C:\Program Files\Internet Explorer\iexplore.exe[3888] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile] 00135495
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs lfsfilt.sys (NDAS LFS Filter/XIMETA, Inc.)
Device \FileSystem\Fastfat \FatCdrom Code 8A4D7480
Device \FileSystem\Fastfat \Fat Code 8A4D7480
AttachedDevice \FileSystem\Fastfat \Fat lfsfilt.sys (NDAS LFS Filter/XIMETA, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
handy2009
2009-09-10, 06:53
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs lfsfilt.sys (NDAS LFS Filter/XIMETA, Inc.)
Device \FileSystem\Fastfat \FatCdrom Code 8A4D7480
Device \FileSystem\Fastfat \Fat Code 8A4D7480
AttachedDevice \FileSystem\Fastfat \Fat lfsfilt.sys (NDAS LFS Filter/XIMETA, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\Device\__max++>\00180FE4.x86.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [628] 0x35670000
Library \\?\globalroot\Device\__max++>\00180FE4.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1180] 0x35670000
Library \\?\globalroot\Device\__max++>\00180FE4.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1232] 0x35670000
Library \\?\globalroot\Device\__max++>\00180FE4.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1376] 0x35670000
Library \\?\globalroot\Device\__max++>\00180FE4.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1436] 0x35670000
Library \\?\globalroot\Device\__max++>\00180FE4.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1684] 0x35670000
Library \\?\globalroot\Device\__max++>\00180FE4.x86.dll (*** hidden *** ) @ C:\Program Files\NDAS\System\ndassvc.exe [1832] 0x35670000
Library \\?\globalroot\Device\__max++>\00180FE4.x86.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [1940] 0x35670000
Library \\?\globalroot\Device\__max++>\00180FE4.x86.dll (*** hidden *** ) @ C:\WINDOWS\System32\alg.exe [2328] 0x35670000
Library \\?\globalroot\Device\__max++>\00180FE4.x86.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [2360] 0x35670000
Library \\?\globalroot\Device\__max++>\00180FE4.x86.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3356] 0x35670000
Library \\?\globalroot\Device\__max++>\00180FE4.x86.dll (*** hidden *** ) @ C:\Program Files\The Bat!\thebat.exe [3384] 0x35670000
Library \\?\globalroot\Device\__max++>\00180FE4.x86.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3888] 0x35670000
---- Services - GMER 1.0.15 ----
Service system32\drivers\TDSSmqlt.sys (*** hidden *** ) [SYSTEM] TDSSserv.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSofxh.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfum.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSserv \systemroot\system32\drivers\TDSSmqlt.sys
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSl \systemroot\system32\TDSSofxh.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssservers \systemroot\system32\TDSSosvd.dat
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssmain \systemroot\system32\TDSSbrsr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSriqp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSScfum.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssinit \systemroot\system32\TDSSlxwp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsihc.dll
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSrhym.log
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSStkdv.log
Hello handy2009,
Perhaps you missed my edit to your first post because we posted at the same time. ;)
"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288)
Quote:
If the infection prevents HJT from running, please start a topic, make note of the situation and wait for a response. Please do not add logs from other scans. :)
Last edited by tashi (http://forums.spybot.info/posthistory.php?p=335098); Today at 22:49. Reason: Added link to forum FAQ
Also in the forum FAQ.
Posting additional comments or logs before a volunteer responds, can push you back instead of forward, because your thread ends up with a newer date. In addition helpers would think you are already being assisted because of the post count. For that reason we may merge such posts if there is time but please do not count on it.Please start a new topic, thanks. :)