TechSpot

Laptop's been assaulted by a clever program

By LoneSword
Nov 4, 2011
  1. HELP ME, PLEASE.

    I was online, and I have admit, it was down some dark back alleys, but I suddenly started getting some flickers from Avira about Malware being found. I thought it was unusual (the site I was on was, I thought, a relatively safe place), and simply reacted as I normally do, quarantining the problem, or deleting it whenever it's a problem. Finally, I activated a scan, and let it churn through.

    That's when the disaster started occurring. Suddenly a cascade of error boxes started appearing on the screen, mentioning certain system32 data files were corrupt and unreachable. Realizing that this problem was getting steadily out of hand, I attempted to quickly halt Avira, and deactivate my connection to the internet. I suddenly became bombarded with text bubbles about drives being unreadable, and a program came up that (appeared) to be a Windows recovery console. It immediately began scanning my drives and detecting errors. I was pleased that Windows was reacting so responsively.

    However, I was in complete dismay when I discovered that this application was failing to recover the errors. I started to panic, but a little gimmick stopped me from completely losing it.

    I noticed that it said "Buy full version." It all clicked in my head that this was a program somehow masking all access to my system recovery options, preventing me all access to Windows Explorer, Control Panel, System Restore, or anything else that might have been of crucial use in an attempt to get me to buy some bullshit online so they could steal my credit card number or something.

    My point was driven home when I clicked "Open Help & Support," and an IE window appeared with text in the box reading something to the effect of "SecureBill,"

    So, I'm overwhelmed by this problem, and I feel that the fix COULD be simple, however, my own computer blocking me access to any peripheral makes this very, very hard to manage. Can anyone help me get rid of this thing?

    EDIT: The error messages read something to the effect of "Failed to save all components for the file \\system32\000012db. The file is corrupted or unreadable. This error may be caused by a PC hardware problem." The only difference in each of the messages are the names of the files.

    The company/website is called Secure-Bill, INC.

    When I click "Click here to activate full-functional version," (which really just seemed incorrect to me), it brings up a window that asks me for a Registration Email and Activation code.

    This has to be a scam. The information my computer is giving doesn't seem like it was written by Microsoft.
     
  2. LoneSword

    LoneSword TS Rookie Topic Starter Posts: 21

    Urgh, so close. I managed to disable the program ailing me, after it accidentally allowed me access to the Control Panel. I quickly realized just about everything was still intact underneath my scrambled user interface. I finally managed use enough back doors to reach my MalwareBytes, and located the program, which I swiftly deleted.

    Regardless, it's done its damage--all connections to my Startup Menu files have been severed, none of my options are visible (Control Panel, Run, etc), my desktop is missing, my System Tray icons are ALL visible, and in order to access anything, I have to go in through a back door.

    I've tried to use System Restore, but it failed. And I don't want to attempt anything too drastic without getting a strategy from an expert, since my computer seems to be in a state of fragility. My main concern is that I feel like some of my key files may have either been deleted or renamed, especially in my C drive, because I feel like there should be quite a bit more files and folders going on...

    Basically, I'm hoping for a simple and safe way to fix the problems that I've unleashed on my system. I'm just praying this doesn't require a clean install...I'd hate to have to do that time-consuming crap again.
     
  3. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  4. LoneSword

    LoneSword TS Rookie Topic Starter Posts: 21

    Alright, sorry it took me so long to get back. Here are the logs:

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
    Run by Dan at 2:39:30 on 2011-11-15
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.1787 [GMT -5:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
    C:\Program Files\ASUS\ATK Hotkey\HControl.exe
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
    C:\Program Files\ASUS\Splendid\ACMON.exe
    C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
    C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
    C:\Program Files\ASUS\ATK Hotkey\WDC.exe
    C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
    C:\Program Files\ASUS\ATK Media\DMedia.exe
    C:\Windows\System32\ACEngSvr.exe
    C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    D:\Programs\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\winguard\wgpro7.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\System32\notepad.exe
    C:\Windows\System32\notepad.exe
    C:\Windows\System32\notepad.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ask.com/?l=dis&o=14196
    uInternet Settings,ProxyOverride = *.local
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
    uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    mRun: [HControlUser] c:\program files\asus\atk hotkey\HControlUser.exe
    mRun: [ATKMEDIA] c:\program files\asus\atk media\DMedia.exe
    mRun: [ATKOSD2] c:\program files\asus\atkosd2\ATKOSD2.exe
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "d:\programs\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [wg] c:\program files\winguard\wgpro7.exe
    mRun: [WinGuard Pro] c:\program files\winguard\wgpro7.exe
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\users\dan\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    Trusted Zone: intuit.com\ttlc
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: DhcpNameServer = 10.128.128.128
    TCP: Interfaces\{B26EC120-D3BB-4CC5-918D-A9D14878F4A9} : DhcpNameServer = 10.128.128.128
    TCP: Interfaces\{B26EC120-D3BB-4CC5-918D-A9D14878F4A9}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{B26EC120-D3BB-4CC5-918D-A9D14878F4A9}\34F6E6E6563647D41485850284F6473707F647 : DhcpNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{B26EC120-D3BB-4CC5-918D-A9D14878F4A9}\458656F514374727F6E6F6D69636F6E6 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{B26EC120-D3BB-4CC5-918D-A9D14878F4A9}\6416374734865656471686D27657563747 : DhcpNameServer = 68.87.77.134 68.87.72.134
    TCP: Interfaces\{B26EC120-D3BB-4CC5-918D-A9D14878F4A9}\75F47512231393932333 : DhcpNameServer = 64.233.217.5 64.233.217.2
    TCP: Interfaces\{B26EC120-D3BB-4CC5-918D-A9D14878F4A9}\8414C4F5F5E4564777F627B6 : DhcpNameServer = 192.168.1.1 64.233.217.3 64.233.217.5
    TCP: Interfaces\{B26EC120-D3BB-4CC5-918D-A9D14878F4A9}\8416C6F5E4564777F627B6 : DhcpNameServer = 192.168.1.254
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\dan\appdata\roaming\mozilla\firefox\profiles\e9537499.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - Google.com
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
    FF - plugin: c:\program files\tabletplugins\npwacom.dll
    FF - plugin: d:\programs\itunes\mozilla plugins\npitunes.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Stylish: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8} - %profile%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
    FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    ============= SERVICES / DRIVERS ===============
    .
    R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\drivers\ntcdrdrv.sys [2010-12-29 13440]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-28 136360]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-28 269480]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-28 66616]
    R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2010-10-16 369256]
    R2 TabletServiceWacom;TabletServiceWacom;c:\program files\tablet\wacom\Wacom_Tablet.exe [2010-10-30 4807536]
    R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2010-7-13 65640]
    R3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-8-29 6814720]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-10-26 123496]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-6-23 275048]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 NETw5s32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETw5s32.sys [2009-9-15 6114816]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-10-27 10752]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-8-16 1343400]
    .
    =============== Created Last 30 ================
    .
    2011-11-10 22:29:34 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-10 22:29:32 708608 ----a-w- c:\program files\common files\system\wab32.dll
    2011-11-10 22:29:29 2339840 ----a-w- c:\windows\system32\win32k.sys
    2011-11-05 22:38:55 100864 ----a-w- C:\axliikob.sys
    2011-10-29 08:56:45 2560 ----a-w- c:\windows\_MSRSTRT.EXE
    2011-10-25 23:16:44 6144 ----a-w- c:\program files\internet explorer\iecompat.dll
    2011-10-21 04:55:14 933888 ----a-w- c:\windows\system32\SmartTabs29.ocx
    2011-10-21 04:55:14 221184 ----a-w- c:\windows\system32\rspencr330.ocx
    2011-10-21 04:55:13 -------- d-----w- c:\program files\winguard
    2011-10-21 04:08:42 -------- d--h--w- c:\programdata\IObit
    2011-10-21 03:47:20 -------- d--h--w- c:\users\dan\Shortcuts
    .
    ==================== Find3M ====================
    .
    2011-11-07 12:17:30 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-08-31 21:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-08-27 04:43:07 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-08-27 04:43:06 233472 ----a-w- c:\windows\system32\oleacc.dll
    2011-08-26 17:07:55 443448 ----a-w- c:\windows\system32\drivers\sptd.sys
    2011-08-20 04:38:10 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-08-20 04:35:20 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-20 03:26:38 386048 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 2:40:35.27 ===============


    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8165

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    11/15/2011 2:55:50 AM
    mbam-log-2011-11-15 (02-55-43).txt

    Scan type: Quick scan
    Objects scanned: 164329
    Time elapsed: 6 minute(s), 1 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     

    Attached Files:

  5. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Please observe forum rules.
    All logs have to be pasted not attached.
     
  6. LoneSword

    LoneSword TS Rookie Topic Starter Posts: 21

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-16 01:30:23
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250827AS rev.3.AAA
    Running: y0b3ujlp.exe; Driver: C:\Users\Dan\AppData\Local\Temp\axliikob.sys


    ---- System - GMER 1.0.15 ----

    SSDT 920682EE ZwCreateSection
    SSDT 920682F3 ZwSetContextThread
    SSDT 9206828F ZwTerminateProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8368E539 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 836B3092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!RtlSidHashLookup + 350 836BA9B0 4 Bytes [EE, 82, 06, 92] {OUT DX, AL ; ADD BYTE [ESI], -0x6e}
    .text ntkrnlpa.exe!RtlSidHashLookup + 6F0 836BAD50 4 Bytes [F3, 82, 06, 92]
    .text ntkrnlpa.exe!RtlSidHashLookup + 7C8 836BAE28 4 Bytes [8F, 82, 06, 92]
    .text sptd.sys 8BC86001 31 Bytes [77, 61, 83, A6, 11, 62, 83, ...]
    .text sptd.sys 8BC86024 104 Bytes [35, FD, 70, 83, AB, AB, 76, ...]
    .text sptd.sys 8BC8608D 303 Bytes [C7, 68, 83, 43, 74, 68, 83, ...]
    .text sptd.sys 8BC861BD 15 Bytes [9E, 68, 83, 0C, CF, 8A, 83, ...] {SAHF ; PUSH 0x8acf0c83; ADC DWORD [ECX-0x2c], -0x76; ADC DWORD [ESI], 0x7e; JB 0xffffffffffffff92}
    .text sptd.sys 8BC861D4 4 Bytes [F3, A5, 6A, 4D] {REP MOVSD ; PUSH 0x4d}
    .text ...
    .sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x8BD309E3]
    ? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
    PAGE ataport.SYS!DllUnload + 1 8BEB2AD7 4 Bytes JMP 85F671C9
    PAGE PCIIDEX.SYS!DllUnload 8BED1606 5 Bytes JMP 85F6E1C8
    .text USBPORT.SYS!DllUnload 91BC1D18 5 Bytes JMP 870381C8
    PAGE peauth.sys 9FE45E20 101 Bytes [64, E8, 57, 8D, 17, C9, BB, ...]

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8BC8770C] \SystemRoot\System32\Drivers\sptd.sys
    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8BC87EEE] \SystemRoot\System32\Drivers\sptd.sys
    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8BC8820E] \SystemRoot\System32\Drivers\sptd.sys
    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8BC880CC] \SystemRoot\System32\Drivers\sptd.sys
    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8BC878F0] \SystemRoot\System32\Drivers\sptd.sys

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73FF2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73FD5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73FD56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73FF250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73FE8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73FE4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73FE50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73FE51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73FE66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73FE82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73FE8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73FE907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73FEE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2696] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73FE4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 85F711E8
    Device \FileSystem\fastfat \FatCdrom 8A78D1E8

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    Device \Driver\usbuhci \Device\USBPDO-0 86FEF1E8
    Device \Driver\usbuhci \Device\USBPDO-1 86FEF1E8
    Device \Driver\usbuhci \Device\USBPDO-2 86FEF1E8
    Device \Driver\usbehci \Device\USBPDO-3 87023430
    Device \Driver\usbuhci \Device\USBPDO-4 86FEF1E8
    Device \Driver\usbuhci \Device\USBPDO-5 86FEF1E8
    Device \Driver\usbuhci \Device\USBPDO-6 86FEF1E8
    Device \Driver\PCI_PNP8761 \Device\00000064 sptd.sys
    Device \Driver\usbehci \Device\USBPDO-7 87023430

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\cdrom \Device\CdRom0 8709C430
    Device \Driver\PCI_PNP8761 \Device\00000065 sptd.sys
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85F6C1E8
    Device \Driver\atapi \Device\Ide\IdePort0 85F6C1E8
    Device \Driver\atapi \Device\Ide\IdePort1 85F6C1E8
    Device \Driver\atapi \Device\Ide\IdePort2 85F6C1E8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 85F6C1E8
    Device \Driver\msahci \Device\Ide\PciIde0Channel0 85F6D1E8
    Device \Driver\msahci \Device\Ide\PciIde0Channel1 85F6D1E8
    Device \Driver\msahci \Device\Ide\PciIde0Channel5 85F6D1E8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\cdrom \Device\CdRom1 8709C430
    Device \Driver\NetBT \Device\NetBt_Wins_Export 8713A1E8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{B26EC120-D3BB-4CC5-918D-A9D14878F4A9} 8713A1E8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{F3D4B3B0-EB0C-46A7-B39E-B4B8A1084D83} 8713A1E8
    Device \Driver\ACPI_HAL \Device\0000005a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    Device \Driver\NetBT \Device\NetBT_Tcpip_{D1DF06C8-B1A8-47CA-95D0-42D111939701} 8713A1E8
    Device \Driver\usbuhci \Device\USBFDO-0 86FEF1E8
    Device \Driver\usbuhci \Device\USBFDO-1 86FEF1E8
    Device \Driver\usbuhci \Device\USBFDO-2 86FEF1E8
    Device \Driver\usbehci \Device\USBFDO-3 87023430
    Device \Driver\usbuhci \Device\USBFDO-4 86FEF1E8
    Device \Driver\usbuhci \Device\USBFDO-5 86FEF1E8
    Device \Driver\usbuhci \Device\USBFDO-6 86FEF1E8
    Device \Driver\usbehci \Device\USBFDO-7 87023430
    Device \Driver\aswd0nn4 \Device\Scsi\aswd0nn41 870A11E8
    Device \Driver\a6ts6xso \Device\Scsi\a6ts6xso1 873631E8
    Device \Driver\aswd0nn4 \Device\Scsi\aswd0nn41Port4Path0Target0Lun0 870A11E8
    Device \FileSystem\fastfat \Fat 8A78D1E8

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x31 0x6C 0x02 0xA4 ...
    Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3E 0xFA 0x89 0x0C ...
    Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
    Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE4 0xF9 0x6C 0x2F ...
    Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x78 0xD5 0x97 0x1E ...
    Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC2 0x8E 0xFE 0xD9 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x31 0x6C 0x02 0xA4 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3E 0xFA 0x89 0x0C ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5B 0x9B 0x57 0x25 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x78 0xD5 0x97 0x1E ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC2 0x8E 0xFE 0xD9 ...
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x31 0x6C 0x02 0xA4 ...
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x3E 0xFA 0x89 0x0C ...
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5B 0x9B 0x57 0x25 ...
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x78 0xD5 0x97 0x1E ...
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xC2 0x8E 0xFE 0xD9 ...

    ---- EOF - GMER 1.0.15 ----
     
  7. LoneSword

    LoneSword TS Rookie Topic Starter Posts: 21

    Oh, also, I think it's worth adding that most of my files are totally invisible and inaccessible. They're definitely still there, since they're taking up data, and the scans all run through them, but I can't search them, even when I search for hidden files. All of my libraries are inaccessible.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Let's see, if we can recover your missing features.
    Download and run UnHide
    Let me know, if it worked.

    I still need DDS logs.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...