-
sorry
Sorry to reply so late as my ISP had its servers not working leaving me tense. I tried what you said in the above post, the only thing that was wrong is that GMERS crashed on my computer, making my computer restart every time I ran GMER. After the computer rebooted, Microsoft game me a error reporting dialogue box telling me that a serious error has been solved. It then asked me to send the error reports and when I click for more details , it told me that th efollowing files had created the problem...
C:\DOCUME~1\ABHILA~2\LOCALS~1\Temp\WER6bca.dir00\Mini101309-03.dmp
C:\DOCUME~1\ABHILA~2\LOCALS~1\Temp\WER6bca.dir00\sysdata.xml
However, Silent runners ran perfectly well.
I have posted its log...
"Silent Runners.vbs", revision 59, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Google Update" = ""C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
"Malwarebytes Anti-Malware (reboot)" = ""D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript" ["Malwarebytes Corporation"]
"AdobeCS4ServiceManager" = ""C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin" ["Adobe Systems Incorporated"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = "Symantec NCO BHO"
-> {HKLM...CLSID} = "Symantec NCO BHO"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll" ["Symantec Corporation"]
{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = "Symantec Intrusion Prevention"
-> {HKLM...CLSID} = "Symantec Intrusion Prevention"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL" ["Symantec Corporation"]
{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\(Default) = (no title provided)
-> {HKLM...CLSID} = "McAfee SiteAdvisor BHO"
\InProcServer32\(Default) = "c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll" ["McAfee, Inc."]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" = "The Internet"
-> {HKCU...CLSID} = "The Internet"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL" [MS]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
-> {HKLM...CLSID} = "Microsoft Office Outlook"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
-> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
-> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
"{11016101-E366-4D22-BC06-4ADA335C892B}" = "IE History and Feeds Shell Data Source for Windows Search"
-> {HKLM...CLSID} = "IE History and Feeds Shell Data Source for Windows Search"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
"{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
-> {HKLM...CLSID} = "TuneUp Theme Extension"
\InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software"]
"{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll" ["TuneUp Software"]
"{4838CD50-7E5D-4811-9B17-C47A85539F28}" = "TuneUp Disk Space Explorer Shell Extension"
-> {HKLM...CLSID} = "TuneUp Disk Space Explorer Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2009\DseShExt-x86.dll" ["TuneUp Software"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
"WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
-> {HKLM...CLSID} = "WPDShServiceObj Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Aedebug\
<<!>> "Debugger" = "Drwtsn32 -p %ld -e %ld" [MS]
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"
-> {HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = ""C:\Program Files\Norton Internet Security\Engine\17.0.0.136\NavShExt.dll"" ["Symantec Corporation"]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll" ["TuneUp Software"]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"
-> {HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
TuneUp Disk Space Explorer Shell Extension\(Default) = "{4838CD50-7E5D-4811-9B17-C47A85539F28}"
-> {HKLM...CLSID} = "TuneUp Disk Space Explorer Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2009\DseShExt-x86.dll" ["TuneUp Software"]
TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
-> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll" ["TuneUp Software"]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"
-> {HKLM...CLSID} = "MShellExtMenu Class"
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "D:\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = ""C:\Program Files\Norton Internet Security\Engine\17.0.0.136\NavShExt.dll"" ["Symantec Corporation"]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
-> {HKLM...CLSID} = "MBAMShlExt Class"
\InProcServer32\(Default) = "D:\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"MemCheckBoxInRunDlg" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoStrCmpLogical" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
"HonorAutoRunSetting" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
"NoChangeAnimation" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
"NoStrCmpLogical" = (REG_DWORD) dword:0x00000000
{unrecognized setting}
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
"DisableRegistryTools" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|
Prevent access to registry editing tools}
"DisableTaskMgr" = (REG_DWORD) dword:0x00000000
{User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options|
Remove Task Manager}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}
"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}
"RunStartupScriptSync" = (REG_DWORD) dword:0x00000001
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
CDBurnerXP\
"Provider" = "CDBurnerXP"
"InvokeProgID" = "CDBurnerXPOpen"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\CDBurnerXPOpen\shell\open\command\(Default) = ""C:\Program Files\CDBurnerXP\cdbxpp.exe"" [null data]
MSWPDShellNamespaceHandler\
"Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
"CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
"InitCmdLine" = " "
-> {HKLM...CLSID} = "WPDShextAutoplay"
\LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]
PDVD8PlayCDAudioOnArrival\
"Provider" = "PowerDVD 8"
"InvokeProgID" = "AudioCD"
"InvokeVerb" = "PlayWithPowerDVD8"
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD8\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" "%L"" ["CyberLink Corp."]
PDVD8PlayDVDMovieOnArrival\
"Provider" = "PowerDVD 8"
"InvokeProgID" = "DVD"
"InvokeVerb" = "PlayWithPowerDVD8"
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD8\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" "%L"" ["CyberLink Corp."]
PDVD8PlayVCDMovieOnArrival\
"Provider" = "PowerDVD 8"
"InvokeProgID" = "VCD"
"InvokeVerb" = "PlayWithPowerDVD8"
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD8\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" "%L"" ["CyberLink Corp."]
Enabled Scheduled Tasks:
------------------------
"1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe /schedulestart" ["TuneUp Software GmbH"]
"GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-839522115-1409082233-725345543-1005Core" -> launches: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
"GoogleUpdateTaskUserS-1-5-21-839522115-1409082233-725345543-1005UA" -> launches: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
"OGALogon" -> launches: "C:\WINDOWS\system32\OGAEXEC.exe /batch" [MS]
"User_Feed_Synchronization-{18B500E5-5166-4099-B935-C582BBECC8A4}" -> launches: "C:\WINDOWS\system32\msfeedssync.exe sync" [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 16
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" = "McAfee SiteAdvisor"
-> {HKLM...CLSID} = "McAfee SiteAdvisor Toolbar"
\InProcServer32\(Default) = "c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll" ["McAfee, Inc."]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" = "Norton Toolbar"
-> {HKLM...CLSID} = "Norton Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll" ["Symantec Corporation"]
Explorer Bars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[Strings]: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
Missing lines (compared with English-language version):
[Strings]: 2 lines
HK TuneUp Program Statistics Service, TuneUp.ProgramStatisticsSvc, "C:\WINDOWS\System32\TUProgSt.exe" ["TuneUp Software"]
TuneUp Theme Extension, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software"]}
WebClient, WebClient, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\webclnt.dll" [null data]}
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Bullzip PDF Print Monitor\Driver = "bzpdf.dll" ["Bullzip"]
---------- (launch time: 2009-10-13 16:59:53)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 153 seconds, including 13 seconds for message boxes)
----------------------------------------------------------------------
I have made some changes to my system. These are
> I removed Bit defender and put Norton Internet Security Suite 2010.
> I have also installed adobe dream weaver cs4.
both of these software's are completely genuine and they are activated as well.
Thanking you.
-
Hi :)
Ok nothing bad in that log.
Please try running the GMER scan in safe mode.
Post the log to here along with a fresh HijackThis log.
-
Suddenly
I have done what you said except the gmer in safe mode which I shall post as soon as possible. The reason for me writing this urgently is that fact that my computer has become dog slow when its booting up. The welcome screen appears for 5 minutes and the desktop takes another 5 minutes to load.
Another problem I have noticed is that svchost.exe in the task manager takes 99 percent CPU and is hence slowing down the computer. Please help. My computer has never been this slow.
-
Ok. Please post the logs I requested and we'll have a look.
-
Sorry for the dealy
:oops:
Sorry for replying too late. I was so hooked up with my projects that I had no time to do this. My computer is at an all time worst speed and it leaves my head cracking. I have posted the log of GMER, which I ran in Safe Mode.
:confused: :mad:
The log is posted as follows:
---------------------------------------------------------------------------------
GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-20 11:59:11
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ABHILA~2\LOCALS~1\Temp\uwlcrpog.sys
---- System - GMER 1.0.15 ----
SSDT sppe.sys ZwCreateKey [0xF84BD0E0]
SSDT sppe.sys ZwEnumerateKey [0xF84DBCA4]
SSDT sppe.sys ZwEnumerateValueKey [0xF84DC032]
SSDT sppe.sys ZwOpenKey [0xF84BD0C0]
SSDT sppe.sys ZwQueryKey [0xF84DC10A]
SSDT sppe.sys ZwQueryValueKey [0xF84DBF8A]
SSDT sppe.sys ZwSetValueKey [0xF84DC19C]
INT 0x62 ? 82FDEBF8
INT 0x63 ? 82DCBBF8
INT 0x82 ? 82FDEBF8
INT 0xA4 ? 82DCBBF8
INT 0xB4 ? 82FDEBF8
INT 0xB4 ? 82FDEBF8
INT 0xB4 ? 82DCBBF8
INT 0xB4 ? 82FDEBF8
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 169 804E27C5 3 Bytes [BC, 4D, F8]
? sppe.sys The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
? SYMDS.SYS The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F818A62C 5 Bytes JMP 82DCB1D8
.text a7yped2w.SYS F8117386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a7yped2w.SYS F81173AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a7yped2w.SYS F81173C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a7yped2w.SYS F81173C9 1 Byte [30]
.text a7yped2w.SYS F81173C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82F732D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F84EEC4C] sppe.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F84EECA0] sppe.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F84BE042] sppe.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F84BE13E] sppe.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84BE0C0] sppe.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F84BE800] sppe.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84BE6D6] sppe.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82DCB2D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F84CDE9C] sppe.sys
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlInitUnicodeString] 00021083
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!swprintf] 01B05E00
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeSetEvent] 5DE58B5B
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 7E8366C3
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 0F740028
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 89320C8D
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmFreeMappingAddress] 0002288B
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 46B70F00
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 66D00328
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmUnmapIoSpace] 002A7E83
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 0C8D1574
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IofCompleteRequest] 248B8932
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 0F000002
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IofCallDriver] 832A46B7
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmAllocateMappingAddress] E08303C0
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 66D003FC
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoConnectInterrupt] 002C7E83
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoDetachDevice] 0C8D1E74
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeWaitForSingleObject] 208B8932
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeInitializeEvent] 8A000002
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 83880846
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlInitAnsiString] 000001C0
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 2C4EB70F
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoQueueWorkItem] 8303C183
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmMapIoSpace] D103FCE1
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 2E7E8366
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoReportDetectedDevice] 8D1C7400
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoReportResourceForDetection] 83893204
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 00000218
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!NlsMbCodePageTag] 2E4EB70F
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!PoRequestPowerIrp] 021C8B89
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] B70F0000
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] E0C12E46
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!sprintf] 03D00304
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 0CB389F2
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!ObfDereferenceObject] 80000002
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 0975013E
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 1B42E853
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!ZwClose] C4830000
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] B05E5F04
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] E58B5B01
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] CCCCC35D
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!PoStartNextPowerIrp] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!PoCallDriver] 53EC8B55
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoCreateDevice] 08758B56
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 0214BE83
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 57000000
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!ZwOpenKey] 45C60674
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 1EEB010B
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoStartTimer] 020C868B
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeInitializeTimer] C0850000
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoInitializeTimer] 808A1074
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeInitializeDpc] 00000804
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeInitializeSpinLock] A03CF024
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoInitializeIrp] 0B45950F
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!ZwCreateKey] 45C604EB
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 458A000B
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 88C0840B
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!ZwSetValueKey] 840F0946
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeInsertQueueDpc] 000000C1
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 14B30E8B
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoStartPacket] 1C8286C6
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 88010000
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 001C859E
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoFreeMdl] A19E8800
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmUnlockPages] C600001C
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 001C8686
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 86C60100
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 00001CA2
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 70518B01
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeSynchronizeExecution] 8D52006A
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoStartNextPacket] 001C8886
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeBugCheckEx] 55E85000
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 8B000023
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeSetTimer] 70518B0E
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeCancelTimer] 8D52016A
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!_allmul] 001CA486
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmProbeAndLockPages] 41E85000
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!_except_handler3] 8B000023
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!PoSetPowerState] 18C4830E
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 1C8D9E88
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 9E880000
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!_aulldiv] 00001CA9
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!strstr] 0E798366
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!_strupr] 74AAB000
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeQuerySystemTime] 8186C636
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 1A00001C
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeTickCount] 1C8386C6
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] C6020000
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoDeleteDevice] 001C8E86
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 86C60200
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00001CAA
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoAllocateIrp] 959E8802
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoAllocateMdl] 8800001C
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB19E
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmLockPagableDataSection] 96868800
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8800001C
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CB286
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!ExFreePoolWithTag] C61AEB00
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoFreeIrp] 001C8186
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoFreeWorkItem] 86C61200
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!InitSafeBootMode] 00001C83
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlCompareMemory] 8E868801
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!memmove] 001CAA86
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmHighestUserAddress] 80968B00
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!READ_PORT_UCHAR] B08B8932
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!KeGetCurrentIrql] 89000001
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!KfRaiseIrql] 0001BC83
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!KfLowerIrql] 24468B00
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0208B389
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 82FDD1F8
Device \FileSystem\Fastfat \FatCdrom 82C671F8
Device \Driver\usbuhci \Device\USBPDO-0 82DE41F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 82F711F8
Device \Driver\dmio \Device\DmControl\DmConfig 82F711F8
Device \Driver\dmio \Device\DmControl\DmPnP 82F711F8
Device \Driver\dmio \Device\DmControl\DmInfo 82F711F8
Device \Driver\usbuhci \Device\USBPDO-1 82DE41F8
Device \Driver\usbuhci \Device\USBPDO-2 82DE41F8
Device \Driver\PCI_PNP7726 \Device\00000053 sppe.sys
Device \Driver\PCI_PNP7726 \Device\00000053 sppe.sys
Device \Driver\usbuhci \Device\USBPDO-3 82DE41F8
Device \Driver\sptd \Device\3768677726 sppe.sys
Device \Driver\usbehci \Device\USBPDO-4 82DC61F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 82FDF1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 82FDF1F8
Device \Driver\Cdrom \Device\CdRom0 82EE71F8
Device \Driver\atapi \Device\Ide\IdePort0 82FDE1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 82FDE1F8
Device \Driver\atapi \Device\Ide\IdePort1 82FDE1F8
Device \Driver\atapi \Device\Ide\IdePort2 82FDE1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 82FDE1F8
Device \Driver\atapi \Device\Ide\IdePort3 82FDE1F8
Device \Driver\usbuhci \Device\USBFDO-0 82DE41F8
Device \Driver\usbuhci \Device\USBFDO-1 82DE41F8
Device \Driver\usbuhci \Device\USBFDO-2 82DE41F8
Device \Driver\usbuhci \Device\USBFDO-3 82DE41F8
Device \Driver\usbehci \Device\USBFDO-4 82DC61F8
Device \Driver\Ftdisk \Device\FtControl 82FDF1F8
Device \Driver\a7yped2w \Device\Scsi\a7yped2w1 82EE61F8
Device \FileSystem\Fastfat \Fat 82C671F8
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 82C69470
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq@start 4
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq@imagepath \systemroot\system32\drivers\gasfkylooqxwpu.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\main@aid 10438
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\main\injector@* gasfkywsp8.dll
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\main\injector@svchost.exe gasfkycony.dll
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkylooqxwpu.sys
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\modules@gasfkycmd.dll \systemroot\system32\gasfkyymdwyrbn.dll
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\modules@gasfkylog.dat \systemroot\system32\gasfkympfwbwem.dat
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\modules@gasfkywsp.dll \systemroot\system32\gasfkyjipyyqxn.dll
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\modules@gasfky.dat \systemroot\system32\gasfkyqvnsspuk.dat
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\modules@gasfkywsp8.dll \systemroot\system32\gasfkyrvitawvb.dll
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\modules@gasfkycon.dll \systemroot\system32\gasfkyqhdpfucb.dll
Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\modules@gasfkycony.dll \systemroot\system32\gasfkyrfoaxxnu.dll
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF6 0x64 0xE1 0x90 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4E 0xA9 0x94 0xF4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1E 0xAB 0x76 0xE8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF6 0x64 0xE1 0x90 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4E 0xA9 0x94 0xF4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x0B 0xC5 0x8E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF6 0x64 0xE1 0x90 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4E 0xA9 0x94 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1E 0xAB 0x76 0xE8 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF6 0x64 0xE1 0x90 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4E 0xA9 0x94 0xF4 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1E 0xAB 0x76 0xE8 ...
---- EOF - GMER 1.0.15 ----
----------------------------------------------------------------------------
My computer is very slow and please help me do something to make it alright...
Thanking you.
:heart:
-
Hiya :)
There are some hidden leftovers from one infection.
Please download ComboFix from one of these locations:
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v7...7/whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
If you need help, see this link:
http://www.bleepingcomputer.com/comb...o-use-combofix
-
Due to the lack of feedback this Topic is closed.
If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
Everyone else please begin a New Topic.