Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Virus in my computer even with Spybot S& D and bitdefender free

  1. #11
    Junior Member 1995ad's Avatar
    Join Date
    Oct 2009
    Posts
    9

    Unhappy sorry

    Sorry to reply so late as my ISP had its servers not working leaving me tense. I tried what you said in the above post, the only thing that was wrong is that GMERS crashed on my computer, making my computer restart every time I ran GMER. After the computer rebooted, Microsoft game me a error reporting dialogue box telling me that a serious error has been solved. It then asked me to send the error reports and when I click for more details , it told me that th efollowing files had created the problem...

    C:\DOCUME~1\ABHILA~2\LOCALS~1\Temp\WER6bca.dir00\Mini101309-03.dmp

    C:\DOCUME~1\ABHILA~2\LOCALS~1\Temp\WER6bca.dir00\sysdata.xml


    However, Silent runners ran perfectly well.

    I have posted its log...


    "Silent Runners.vbs", revision 59, http://www.silentrunners.org/
    Operating System: Windows XP
    Output limited to non-default values, except where indicated by "{++}"


    Startup items buried in registry:
    ---------------------------------

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
    "Google Update" = ""C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c" ["Google Inc."]
    "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
    "RTHDCPL" = "RTHDCPL.EXE" ["Realtek Semiconductor Corp."]
    "Malwarebytes Anti-Malware (reboot)" = ""D:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript" ["Malwarebytes Corporation"]
    "AdobeCS4ServiceManager" = ""C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin" ["Adobe Systems Incorporated"]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = "Symantec NCO BHO"
    -> {HKLM...CLSID} = "Symantec NCO BHO"
    \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll" ["Symantec Corporation"]
    {6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = "Symantec Intrusion Prevention"
    -> {HKLM...CLSID} = "Symantec Intrusion Prevention"
    \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\17.0.0.136\IPSBHO.DLL" ["Symantec Corporation"]
    {B164E929-A1B6-4A06-B104-2CD0E90A88FF}\(Default) = (no title provided)
    -> {HKLM...CLSID} = "McAfee SiteAdvisor BHO"
    \InProcServer32\(Default) = "c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll" ["McAfee, Inc."]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
    "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
    -> {HKLM...CLSID} = "Display Panning CPL Extension"
    \InProcServer32\(Default) = "deskpan.dll" [file not found]
    "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
    -> {HKLM...CLSID} = "HyperTerminal Icon Ext"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
    "{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}" = "The Internet"
    -> {HKCU...CLSID} = "The Internet"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
    -> {HKLM...CLSID} = "7-Zip Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
    "{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler"
    -> {HKLM...CLSID} = "Outlook File Icon Extension"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL" [MS]
    "{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler"
    -> {HKLM...CLSID} = "Microsoft Office Outlook"
    \InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL" [MS]
    "{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
    -> {HKLM...CLSID} = (no title provided)
    \InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office12\msohevi.dll" [MS]
    "{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" = "Microsoft Office Metadata Handler"
    -> {HKLM...CLSID} = "Microsoft Office Metadata Handler"
    \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
    "{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" = "Microsoft Office Thumbnail Handler"
    -> {HKLM...CLSID} = "Microsoft Office Thumbnail Handler"
    \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll" [MS]
    "{11016101-E366-4D22-BC06-4ADA335C892B}" = "IE History and Feeds Shell Data Source for Windows Search"
    -> {HKLM...CLSID} = "IE History and Feeds Shell Data Source for Windows Search"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]
    "{44440D00-FF19-4AFC-B765-9A0970567D97}" = "TuneUp Theme Extension"
    -> {HKLM...CLSID} = "TuneUp Theme Extension"
    \InProcServer32\(Default) = "C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software"]
    "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}" = "TuneUp Shredder Shell Extension"
    -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll" ["TuneUp Software"]
    "{4838CD50-7E5D-4811-9B17-C47A85539F28}" = "TuneUp Disk Space Explorer Shell Extension"
    -> {HKLM...CLSID} = "TuneUp Disk Space Explorer Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2009\DseShExt-x86.dll" ["TuneUp Software"]

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
    "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
    -> {HKLM...CLSID} = "WPDShServiceObj Class"
    \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Aedebug\
    <<!>> "Debugger" = "Drwtsn32 -p %ld -e %ld" [MS]

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
    <<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

    HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
    <<!>> text/xml\CLSID = "{807563E5-5146-11D5-A672-00B0D022E945}"
    -> {HKLM...CLSID} = "Microsoft Office InfoPath XML Mime Filter"
    \InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL" [MS]

    HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
    {F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
    -> {HKLM...CLSID} = "PDF Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

    HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
    7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
    -> {HKLM...CLSID} = "7-Zip Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
    MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"
    -> {HKLM...CLSID} = "MShellExtMenu Class"
    \InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
    -> {HKLM...CLSID} = "IEContextMenu Class"
    \InProcServer32\(Default) = ""C:\Program Files\Norton Internet Security\Engine\17.0.0.136\NavShExt.dll"" ["Symantec Corporation"]
    TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
    -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll" ["TuneUp Software"]

    HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
    7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
    -> {HKLM...CLSID} = "7-Zip Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\7-Zip\7-zip.dll" ["Igor Pavlov"]
    MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"
    -> {HKLM...CLSID} = "MShellExtMenu Class"
    \InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
    TuneUp Disk Space Explorer Shell Extension\(Default) = "{4838CD50-7E5D-4811-9B17-C47A85539F28}"
    -> {HKLM...CLSID} = "TuneUp Disk Space Explorer Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2009\DseShExt-x86.dll" ["TuneUp Software"]
    TuneUp Shredder Shell Extension\(Default) = "{4858E7D9-8E12-45a3-B6A3-1CD128C9D403}"
    -> {HKLM...CLSID} = "TuneUp Shredder Shell Extension"
    \InProcServer32\(Default) = "C:\Program Files\TuneUp Utilities 2009\SDShelEx-win32.dll" ["TuneUp Software"]

    HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
    MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A}"
    -> {HKLM...CLSID} = "MShellExtMenu Class"
    \InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" ["MagicISO, Inc."]
    MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
    -> {HKLM...CLSID} = "MBAMShlExt Class"
    \InProcServer32\(Default) = "D:\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]
    Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
    -> {HKLM...CLSID} = "IEContextMenu Class"
    \InProcServer32\(Default) = ""C:\Program Files\Norton Internet Security\Engine\17.0.0.136\NavShExt.dll"" ["Symantec Corporation"]

    HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
    MBAMShlExt\(Default) = "{57CE581A-0CB6-4266-9CA0-19364C90A0B3}"
    -> {HKLM...CLSID} = "MBAMShlExt Class"
    \InProcServer32\(Default) = "D:\Malwarebytes' Anti-Malware\mbamext.dll" ["Malwarebytes Corporation"]


    Group Policies {GPedit.msc branch and setting}:
    -----------------------------------------------

    Note: detected settings may not have any effect.

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

    "MemCheckBoxInRunDlg" = (REG_DWORD) dword:0x00000000
    {unrecognized setting}

    "NoStrCmpLogical" = (REG_DWORD) dword:0x00000000
    {unrecognized setting}

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

    "HonorAutoRunSetting" = (REG_DWORD) dword:0x00000001
    {unrecognized setting}

    "NoChangeAnimation" = (REG_DWORD) dword:0x00000000
    {unrecognized setting}

    "NoStrCmpLogical" = (REG_DWORD) dword:0x00000000
    {unrecognized setting}

    HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

    "DisableRegistryTools" = (REG_DWORD) dword:0x00000000
    {User Configuration|Administrative Templates|System|
    Prevent access to registry editing tools}

    "DisableTaskMgr" = (REG_DWORD) dword:0x00000000
    {User Configuration|Administrative Templates|System|Ctrl+Alt+Del Options|
    Remove Task Manager}

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

    "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Shutdown: Allow system to be shut down without having to log on}

    "undockwithoutlogon" = (REG_DWORD) dword:0x00000001
    {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
    Devices: Allow undock without having to log on}

    "RunStartupScriptSync" = (REG_DWORD) dword:0x00000001
    {unrecognized setting}


    Active Desktop and Wallpaper:
    -----------------------------

    Active Desktop may be disabled at this entry:
    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
    HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
    "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

    Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
    HKCU\Control Panel\Desktop\
    "Wallpaper" = "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


    Windows Portable Device AutoPlay Handlers
    -----------------------------------------

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

    CDBurnerXP\
    "Provider" = "CDBurnerXP"
    "InvokeProgID" = "CDBurnerXPOpen"
    "InvokeVerb" = "open"
    HKLM\SOFTWARE\Classes\CDBurnerXPOpen\shell\open\command\(Default) = ""C:\Program Files\CDBurnerXP\cdbxpp.exe"" [null data]

    MSWPDShellNamespaceHandler\
    "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501"
    "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}"
    "InitCmdLine" = " "
    -> {HKLM...CLSID} = "WPDShextAutoplay"
    \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS]

    PDVD8PlayCDAudioOnArrival\
    "Provider" = "PowerDVD 8"
    "InvokeProgID" = "AudioCD"
    "InvokeVerb" = "PlayWithPowerDVD8"
    HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPowerDVD8\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" "%L"" ["CyberLink Corp."]

    PDVD8PlayDVDMovieOnArrival\
    "Provider" = "PowerDVD 8"
    "InvokeProgID" = "DVD"
    "InvokeVerb" = "PlayWithPowerDVD8"
    HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD8\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" "%L"" ["CyberLink Corp."]

    PDVD8PlayVCDMovieOnArrival\
    "Provider" = "PowerDVD 8"
    "InvokeProgID" = "VCD"
    "InvokeVerb" = "PlayWithPowerDVD8"
    HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD8\Command\(Default) = ""C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" "%L"" ["CyberLink Corp."]


    Enabled Scheduled Tasks:
    ------------------------

    "1-Click Maintenance" -> launches: "C:\Program Files\TuneUp Utilities 2009\OneClickStarter.exe /schedulestart" ["TuneUp Software GmbH"]
    "GoogleUpdateTaskMachineCore" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
    "GoogleUpdateTaskMachineUA" -> launches: "C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
    "GoogleUpdateTaskUserS-1-5-21-839522115-1409082233-725345543-1005Core" -> launches: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c" ["Google Inc."]
    "GoogleUpdateTaskUserS-1-5-21-839522115-1409082233-725345543-1005UA" -> launches: "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler" ["Google Inc."]
    "OGALogon" -> launches: "C:\WINDOWS\system32\OGAEXEC.exe /batch" [MS]
    "User_Feed_Synchronization-{18B500E5-5166-4099-B935-C582BBECC8A4}" -> launches: "C:\WINDOWS\system32\msfeedssync.exe sync" [MS]


    Winsock2 Service Provider DLLs:
    -------------------------------

    Namespace Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
    000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
    000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
    000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

    Transport Service Providers

    HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
    0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
    %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 16
    %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


    Toolbars, Explorer Bars, Extensions:
    ------------------------------------

    Toolbars

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
    "{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" = "McAfee SiteAdvisor"
    -> {HKLM...CLSID} = "McAfee SiteAdvisor Toolbar"
    \InProcServer32\(Default) = "c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll" ["McAfee, Inc."]
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" = "Norton Toolbar"
    -> {HKLM...CLSID} = "Norton Toolbar"
    \InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Engine\17.0.0.136\coIEPlg.dll" ["Symantec Corporation"]

    Explorer Bars

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

    HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research"
    Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
    InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL" [MS]


    Miscellaneous IE Hijack Points
    ------------------------------

    C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

    Added lines (compared with English-language version):
    [Strings]: START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    [Strings]: MS_START_PAGE_URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

    Missing lines (compared with English-language version):
    [Strings]: 2 lines

    HK TuneUp Program Statistics Service, TuneUp.ProgramStatisticsSvc, "C:\WINDOWS\System32\TUProgSt.exe" ["TuneUp Software"]
    TuneUp Theme Extension, UxTuneUp, "C:\WINDOWS\System32\svchost.exe -k netsvcs" {"C:\WINDOWS\System32\uxtuneup.dll" ["TuneUp Software"]}
    WebClient, WebClient, "C:\WINDOWS\system32\svchost.exe -k LocalService" {"C:\WINDOWS\System32\webclnt.dll" [null data]}


    Print Monitors:
    ---------------

    HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
    Bullzip PDF Print Monitor\Driver = "bzpdf.dll" ["Bullzip"]


    ---------- (launch time: 2009-10-13 16:59:53)
    <<!>>: Suspicious data at a malware launch point.
    <<H>>: Suspicious data at a browser hijack point.

    + This report excludes default entries except where indicated.
    + To see *everywhere* the script checks and *everything* it finds,
    launch it from a command prompt or a shortcut with the -all parameter.
    + To search all directories of local fixed drives for DESKTOP.INI
    DLL launch points, use the -supp parameter or answer "No" at the
    first message box and "Yes" at the second message box.
    ---------- (total run time: 153 seconds, including 13 seconds for message boxes)



    ----------------------------------------------------------------------

    I have made some changes to my system. These are

    > I removed Bit defender and put Norton Internet Security Suite 2010.

    > I have also installed adobe dream weaver cs4.

    both of these software's are completely genuine and they are activated as well.


    Thanking you.

  2. #12
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Hi

    Ok nothing bad in that log.

    Please try running the GMER scan in safe mode.

    Post the log to here along with a fresh HijackThis log.
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

  3. #13
    Junior Member 1995ad's Avatar
    Join Date
    Oct 2009
    Posts
    9

    Exclamation Suddenly

    I have done what you said except the gmer in safe mode which I shall post as soon as possible. The reason for me writing this urgently is that fact that my computer has become dog slow when its booting up. The welcome screen appears for 5 minutes and the desktop takes another 5 minutes to load.


    Another problem I have noticed is that svchost.exe in the task manager takes 99 percent CPU and is hence slowing down the computer. Please help. My computer has never been this slow.

  4. #14
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Ok. Please post the logs I requested and we'll have a look.
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

  5. #15
    Junior Member 1995ad's Avatar
    Join Date
    Oct 2009
    Posts
    9

    Angry Sorry for the dealy


    Sorry for replying too late. I was so hooked up with my projects that I had no time to do this. My computer is at an all time worst speed and it leaves my head cracking. I have posted the log of GMER, which I ran in Safe Mode.

    The log is posted as follows:
    ---------------------------------------------------------------------------------

    GMER 1.0.15.15125 - http://www.gmer.net
    Rootkit scan 2009-10-20 11:59:11
    Windows 5.1.2600 Service Pack 3
    Running: gmer.exe; Driver: C:\DOCUME~1\ABHILA~2\LOCALS~1\Temp\uwlcrpog.sys


    ---- System - GMER 1.0.15 ----

    SSDT sppe.sys ZwCreateKey [0xF84BD0E0]
    SSDT sppe.sys ZwEnumerateKey [0xF84DBCA4]
    SSDT sppe.sys ZwEnumerateValueKey [0xF84DC032]
    SSDT sppe.sys ZwOpenKey [0xF84BD0C0]
    SSDT sppe.sys ZwQueryKey [0xF84DC10A]
    SSDT sppe.sys ZwQueryValueKey [0xF84DBF8A]
    SSDT sppe.sys ZwSetValueKey [0xF84DC19C]

    INT 0x62 ? 82FDEBF8
    INT 0x63 ? 82DCBBF8
    INT 0x82 ? 82FDEBF8
    INT 0xA4 ? 82DCBBF8
    INT 0xB4 ? 82FDEBF8
    INT 0xB4 ? 82FDEBF8
    INT 0xB4 ? 82DCBBF8
    INT 0xB4 ? 82FDEBF8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!_abnormal_termination + 169 804E27C5 3 Bytes [BC, 4D, F8]
    ? sppe.sys The system cannot find the file specified. !
    ? SYMEFA.SYS The system cannot find the file specified. !
    ? SYMDS.SYS The system cannot find the file specified. !
    .text USBPORT.SYS!DllUnload F818A62C 5 Bytes JMP 82DCB1D8
    .text a7yped2w.SYS F8117386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
    .text a7yped2w.SYS F81173AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
    .text a7yped2w.SYS F81173C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
    .text a7yped2w.SYS F81173C9 1 Byte [30]
    .text a7yped2w.SYS F81173C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
    .text ...

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82F732D8
    IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F84EEC4C] sppe.sys
    IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F84EECA0] sppe.sys
    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F84BE042] sppe.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F84BE13E] sppe.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F84BE0C0] sppe.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F84BE800] sppe.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F84BE6D6] sppe.sys
    IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 82DCB2D8
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F84CDE9C] sppe.sys
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlInitUnicodeString] 00021083
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!swprintf] 01B05E00
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeSetEvent] 5DE58B5B
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 7E8366C3
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 0F740028
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 89320C8D
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmFreeMappingAddress] 0002288B
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 46B70F00
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 66D00328
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmUnmapIoSpace] 002A7E83
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 0C8D1574
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IofCompleteRequest] 248B8932
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlCompareUnicodeString] 0F000002
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IofCallDriver] 832A46B7
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmAllocateMappingAddress] E08303C0
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] 66D003FC
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoConnectInterrupt] 002C7E83
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoDetachDevice] 0C8D1E74
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeWaitForSingleObject] 208B8932
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeInitializeEvent] 8A000002
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] 83880846
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlInitAnsiString] 000001C0
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] 2C4EB70F
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoQueueWorkItem] 8303C183
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmMapIoSpace] D103FCE1
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 2E7E8366
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoReportDetectedDevice] 8D1C7400
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoReportResourceForDetection] 83893204
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 00000218
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!NlsMbCodePageTag] 2E4EB70F
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!PoRequestPowerIrp] 021C8B89
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] B70F0000
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] E0C12E46
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!sprintf] 03D00304
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 0CB389F2
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!ObfDereferenceObject] 80000002
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 0975013E
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 1B42E853
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!ZwClose] C4830000
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] B05E5F04
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] E58B5B01
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] CCCCC35D
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!PoStartNextPowerIrp] CCCCCCCC
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!PoCallDriver] 53EC8B55
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoCreateDevice] 08758B56
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 0214BE83
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 57000000
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!ZwOpenKey] 45C60674
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlFreeUnicodeString] 1EEB010B
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoStartTimer] 020C868B
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeInitializeTimer] C0850000
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoInitializeTimer] 808A1074
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeInitializeDpc] 00000804
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeInitializeSpinLock] A03CF024
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoInitializeIrp] 0B45950F
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!ZwCreateKey] 45C604EB
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 458A000B
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 88C0840B
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!ZwSetValueKey] 840F0946
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeInsertQueueDpc] 000000C1
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 14B30E8B
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoStartPacket] 1C8286C6
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 88010000
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 001C859E
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoFreeMdl] A19E8800
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmUnlockPages] C600001C
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 001C8686
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 86C60100
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 00001CA2
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 70518B01
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeSynchronizeExecution] 8D52006A
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoStartNextPacket] 001C8886
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeBugCheckEx] 55E85000
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 8B000023
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeSetTimer] 70518B0E
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeCancelTimer] 8D52016A
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!_allmul] 001CA486
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmProbeAndLockPages] 41E85000
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!_except_handler3] 8B000023
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!PoSetPowerState] 18C4830E
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 1C8D9E88
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 9E880000
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!_aulldiv] 00001CA9
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!strstr] 0E798366
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!_strupr] 74AAB000
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeQuerySystemTime] 8186C636
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 1A00001C
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!KeTickCount] 1C8386C6
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] C6020000
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoDeleteDevice] 001C8E86
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 86C60200
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoAllocateWorkItem] 00001CAA
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoAllocateIrp] 959E8802
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoAllocateMdl] 8800001C
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB19E
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmLockPagableDataSection] 96868800
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8800001C
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CB286
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!ExFreePoolWithTag] C61AEB00
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoFreeIrp] 001C8186
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!IoFreeWorkItem] 86C61200
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!InitSafeBootMode] 00001C83
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlCompareMemory] 8E868801
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 8800001C
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!memmove] 001CAA86
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[ntoskrnl.exe!MmHighestUserAddress] 80968B00
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!KfAcquireSpinLock] 0C8D1C46
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!READ_PORT_UCHAR] B08B8932
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!KeGetCurrentIrql] 89000001
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!KfRaiseIrql] 0001BC83
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!KfLowerIrql] 24468B00
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!HalGetInterruptVector] 89820C8D
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!HalTranslateBusAddress] D18BF84D
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!KeStallExecutionProcessor] 860F1639
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!KfReleaseSpinLock] 000000BD
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 0208B389
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!READ_PORT_USHORT] 83660000
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 7400067E
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[HAL.dll!WRITE_PORT_UCHAR] 89D60320
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[WMILIB.SYS!WmiSystemControl] 8D168B00
    IAT \SystemRoot\System32\Drivers\a7yped2w.SYS[WMILIB.SYS!WmiCompleteRequest] F0003284

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 82FDD1F8
    Device \FileSystem\Fastfat \FatCdrom 82C671F8
    Device \Driver\usbuhci \Device\USBPDO-0 82DE41F8
    Device \Driver\dmio \Device\DmControl\DmIoDaemon 82F711F8
    Device \Driver\dmio \Device\DmControl\DmConfig 82F711F8
    Device \Driver\dmio \Device\DmControl\DmPnP 82F711F8
    Device \Driver\dmio \Device\DmControl\DmInfo 82F711F8
    Device \Driver\usbuhci \Device\USBPDO-1 82DE41F8
    Device \Driver\usbuhci \Device\USBPDO-2 82DE41F8
    Device \Driver\PCI_PNP7726 \Device\00000053 sppe.sys
    Device \Driver\PCI_PNP7726 \Device\00000053 sppe.sys
    Device \Driver\usbuhci \Device\USBPDO-3 82DE41F8
    Device \Driver\sptd \Device\3768677726 sppe.sys
    Device \Driver\usbehci \Device\USBPDO-4 82DC61F8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 82FDF1F8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 82FDF1F8
    Device \Driver\Cdrom \Device\CdRom0 82EE71F8
    Device \Driver\atapi \Device\Ide\IdePort0 82FDE1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 82FDE1F8
    Device \Driver\atapi \Device\Ide\IdePort1 82FDE1F8
    Device \Driver\atapi \Device\Ide\IdePort2 82FDE1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 82FDE1F8
    Device \Driver\atapi \Device\Ide\IdePort3 82FDE1F8
    Device \Driver\usbuhci \Device\USBFDO-0 82DE41F8
    Device \Driver\usbuhci \Device\USBFDO-1 82DE41F8
    Device \Driver\usbuhci \Device\USBFDO-2 82DE41F8
    Device \Driver\usbuhci \Device\USBFDO-3 82DE41F8
    Device \Driver\usbehci \Device\USBFDO-4 82DC61F8
    Device \Driver\Ftdisk \Device\FtControl 82FDF1F8
    Device \Driver\a7yped2w \Device\Scsi\a7yped2w1 82EE61F8
    Device \FileSystem\Fastfat \Fat 82C671F8

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\Cdfs \Cdfs 82C69470

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq@start 4
    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq@type 1
    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq@group file system
    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq@imagepath \systemroot\system32\drivers\gasfkylooqxwpu.sys
    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\main (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\main@aid 10438
    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\main@sid 0
    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\main@cmddelay 14400
    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\main\delete (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\main\injector (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\main\injector@* gasfkywsp8.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\main\injector@svchost.exe gasfkycony.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\main\tasks (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\modules (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\modules@gasfkyrk.sys \systemroot\system32\drivers\gasfkylooqxwpu.sys
    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\modules@gasfkycmd.dll \systemroot\system32\gasfkyymdwyrbn.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\modules@gasfkylog.dat \systemroot\system32\gasfkympfwbwem.dat
    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\modules@gasfkywsp.dll \systemroot\system32\gasfkyjipyyqxn.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\modules@gasfky.dat \systemroot\system32\gasfkyqvnsspuk.dat
    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\modules@gasfkywsp8.dll \systemroot\system32\gasfkyrvitawvb.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\modules@gasfkycon.dll \systemroot\system32\gasfkyqhdpfucb.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\gasfkytivkosiq\modules@gasfkycony.dll \systemroot\system32\gasfkyrfoaxxnu.dll
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF6 0x64 0xE1 0x90 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4E 0xA9 0x94 0xF4 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1E 0xAB 0x76 0xE8 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF6 0x64 0xE1 0x90 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4E 0xA9 0x94 0xF4 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9C 0x0B 0xC5 0x8E ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF6 0x64 0xE1 0x90 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4E 0xA9 0x94 0xF4 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1E 0xAB 0x76 0xE8 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF6 0x64 0xE1 0x90 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x4E 0xA9 0x94 0xF4 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1E 0xAB 0x76 0xE8 ...

    ---- EOF - GMER 1.0.15 ----

    ----------------------------------------------------------------------------

    My computer is very slow and please help me do something to make it alright...


    Thanking you.

  6. #16
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Hiya

    There are some hidden leftovers from one infection.

    Please download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



    Click on Yes, to continue scanning for malware.

    When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper


    If you need help, see this link:
    http://www.bleepingcomputer.com/comb...o-use-combofix
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

  7. #17
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Due to the lack of feedback this Topic is closed.

    If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

    If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    Everyone else please begin a New Topic.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •