Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

drtrue's HJT log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

drtrue's HJT log

Unread postby drtrue » July 26th, 2009, 11:02 am

I am having majore webpage re-directing problems when using google. I bought spydoctor and cannot even get level 2 tech support to get around the fact that I cannot even run the smart update which activates the product. What are my best options to get this out of my system? Here are the .txt logs.
GMER 1.0.15.14972 - http://www.gmer.net
Autostart scan 2009-07-26 10:50:10
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
igfxcui@DLLName = igfxdev.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
bdss@ = "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
ehRecvr@ = C:\WINDOWS\eHome\ehRecvr.exe
ehSched@ = C:\WINDOWS\eHome\ehSched.exe
JavaQuickStarterService@ = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
LIVESRV@ = "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service
McrdSvc@ = C:\WINDOWS\ehome\mcrdsvc.exe
MDM@ = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
Movielink Core Service@ = "C:\PROGRA~1\BLOCKB~1\BLOCKB~1\MovielinkCore.exe"
MSSQL$MICROSOFTSMLBIZ@ = "C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ
PLFlash DeviceIoControl Service@ = C:\WINDOWS\system32\IoctlSvc.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
VSSERV@ = "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
WinDefend@ = "C:\Program Files\Windows Defender\MsMpEng.exe"
wltrysvc@ = %SystemRoot%\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe
XCOMM@ = "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ehTrayC:\WINDOWS\ehome\ehtray.exe = C:\WINDOWS\ehome\ehtray.exe
@SigmatelSysTrayApp%ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe /*file not found*/ = %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe /*file not found*/
@SynTPEnhC:\Program Files\Synaptics\SynTP\SynTPEnh.exe = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
@IgfxTrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe
@HotKeysCmdsC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe
@PersistenceC:\WINDOWS\system32\igfxpers.exe = C:\WINDOWS\system32\igfxpers.exe
@Broadcom Wireless Manager UIC:\WINDOWS\system32\WLTRAY.exe = C:\WINDOWS\system32\WLTRAY.exe
@Windows Defender"C:\Program Files\Windows Defender\MSASCui.exe" -hide = "C:\Program Files\Windows Defender\MSASCui.exe" -hide
@BDMCon"C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg = "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
@BDAgent"C:\Program Files\Softwin\BitDefender10\bdagent.exe" = "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
@NeroFilterCheckC:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
@ /*file not found*/ = /*file not found*/
@AT&T Communication Manager"C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a = "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
@LoadMSvcmm"C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe" = "C:\Program Files\Blockbuster\BLOCKBUSTERMovielink\Movielink User.exe"
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@H/PC Connection Agent"C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" = "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
@RegistryMechanicC:\Program Files\Registry Mechanic\RegMech.exe /H /*file not found*/ = C:\Program Files\Registry Mechanic\RegMech.exe /H /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad >>>
@WPDShServiceObjC:\WINDOWS\system32\WPDShServiceObj.dll = C:\WINDOWS\system32\WPDShServiceObj.dll
@UPnPMonitorC:\WINDOWS\system32\upnpui.dll = C:\WINDOWS\system32\upnpui.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} = C:\PROGRA~1\WIFD1F~1\MpShHook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{2F603045-309F-11CF-9774-0020AFD0CFF6} /*Synaptics Control Panel*/C:\Program Files\Synaptics\SynTP\SynTPCpl.dll = C:\Program Files\Synaptics\SynTP\SynTPCpl.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/c:\WINDOWS\system32\dfshim.dll = c:\WINDOWS\system32\dfshim.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} /*NeroCoverEd Live Icons*/C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll = C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll = C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
@{49BF5420-FA7F-11cf-8011-00A0C90A8F78} /*Mobile Device*/C:\PROGRA~1\MI3AA1~1\Wcesview.dll = C:\PROGRA~1\MI3AA1~1\Wcesview.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{e57ce731-33e8-4c51-8354-bb4de9d215d1} /*Universal Plug and Play Devices*/C:\WINDOWS\system32\upnpui.dll = C:\WINDOWS\system32\upnpui.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\Cover Designer@{73FCA462-9BD5-4065-A73F-A8E5F6904EF7} = C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers >>>
@{D653647D-D607-4df6-A5B8-48D2BA195F7B}C:\Program Files\Softwin\BitDefender10\bdshelxt.dll = C:\Program Files\Softwin\BitDefender10\bdshelxt.dll
@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers >>>
@{D653647D-D607-4df6-A5B8-48D2BA195F7B}C:\Program Files\Softwin\BitDefender10\bdshelxt.dll = C:\Program Files\Softwin\BitDefender10\bdshelxt.dll
@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{500BCA15-57A7-4eaf-8143-8C619470B13D}C:\WINDOWS\system32\msxml71.dll = C:\WINDOWS\system32\msxml71.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://partnerpage.google.com/radianceenergies.com = http://partnerpage.google.com/radianceenergies.com
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = bmnet.dll
000000000002@PackedCatalogItem = bmnet.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003@PackedCatalogItem = bmnet.dll

---- EOF - GMER 1.0.15 ----
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-26 10:47:46
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xB9EB6514]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9EA5282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9EA5474]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xB9EB6D00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xB9EB6FB8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xB9EB53FA]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9EB7422]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xB9EB67D8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xB9EA4F32]

Code 894A0888 ZwEnumerateKey
Code 894B6958 ZwFlushInstructionCache
Code 894A01A6 IofCallDriver
Code 890581AE IofCompleteRequest
Code 894B7A0D ZwSaveKey
Code 89907525 ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 894A01AB
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 890581B3
.text ntkrnlpa.exe!ZwSaveKey 80500D68 5 Bytes JMP 894B7A12
.text ntkrnlpa.exe!ZwSaveKeyEx 80500D7C 5 Bytes JMP 8990752A
.text ntkrnlpa.exe!ZwCallbackReturn + 2C80 8050451C 8 Bytes JMP EA5474B9
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 894B695C
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF0 5 Bytes JMP 894A088C
? system32\drivers\lraym.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[3560] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3560] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3560] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3560] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3560] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3560] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3560] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3560] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3560] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3884] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151D5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3884] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9261 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3884] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DC8A9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3884] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED2C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3884] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254254 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3884] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E40B6CB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3884] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E40B5FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3884] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E40B668 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3884] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E40B4CE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3884] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E40B530 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3884] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E40B72E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3884] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E40B592 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3884] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED320 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 013EC650
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 013EC600
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 013E8850
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 013E9AB0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 013EB3C0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 013E9D20
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 013E9B30
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 013EA9C0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 013EC300
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 013EC340
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 013EC6E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 013EC1C0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 013EB320
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 013EA2E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 013E9C90
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 013EA010
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 013ECC60
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 013EAD10
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 013EB180
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 013EB840
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 013EB5D0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 013EB7C0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 013EBCA0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 013EB9B0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 013E9C00
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 013EA190
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 013EC420
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 013EB710
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 013EB2C0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 013EB140
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 013EB4D0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 013EC700
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 013EB510
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 013EC9A0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 013EC940
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 013ECB90
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 013ECC30
IAT C:\Program Files\Registry Mechanic\RegMech.exe[2408] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 013ECA60
IAT C:\Program Files\Internet Explorer\iexplore.exe[3884] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1A7B] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.SYS (Bytemobile Kernel Network Provider/Bytemobile, Inc.)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----
Last edited by Shaba on July 26th, 2009, 11:48 am, edited 1 time in total.
Reason: created own thread. DON'T post to someone else's thread, please!
drtrue
Active Member
 
Posts: 1
Joined: July 26th, 2009, 10:54 am
Advertisement
Register to Remove

Re: drtrue's HJT log

Unread postby NonSuch » July 26th, 2009, 3:53 pm

In order for us to help you it is necessary that you provide us with a HijackThis log. Please follow the guideline at the link below to start a new topic and post your HijackThis log by pasting it into your post. Do not utilize attachments.

This topic is now closed. Please start a new topic by following the HijackThis Guideline posted here: >Guideline for posting your HijackThis log<
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27302
Joined: February 23rd, 2005, 7:08 am
Location: California


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware