The first time I ran it, it gave me both txt files, after I uninstalled nod32 and restarted it only gave me a log file.
Logfile of random's system information tool 1.06 (written by random/random)
Run by Stephen at 2010-02-09 17:49:22
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 16 GB (15%) free of 106 GB
Total RAM: 3069 MB (53% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:49:26 PM, on 2/9/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Stephen\Desktop\RSIT.exe
C:\Program Files\trend micro\Stephen.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptopR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -
http://upload.facebook.com/controls/200 ... oader5.cabO20 - AppInit_DLLs: APSHook.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 9113 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Weekly).job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-08-14 1562448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-16 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-16 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
VeriSoft Access Manager - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll [2006-11-21 71192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-10-09 729088]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-28 1045800]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-06-09 7539232]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-15 178712]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-02-13 159744]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-16 136600]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-02-29 76304]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-04 13556256]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-10-20 520024]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-09-19 66816]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2009-11-19 623960]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-08-18 1832272]
"Aim6"= []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe [2008-10-31 50480]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CognizanceTS]
c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll [2003-12-22 17920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-01-17 486856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EeeStorageBackup]
C:\Program Files\ASUS\Eee Storage\BackupService.exe [2009-04-26 935184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-09-19 66816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-03-01 472776]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2007-12-13 1688872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-12-03 2213160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2008-12-04 92704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-10 317128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk]
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe /Startup []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Stephen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~3\Office12\ONENOTEM.EXE [2007-12-07 101440]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="APSHook.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5af6c144-b9a9-11dc-bd5b-001b24e90790}]
shell\AutoRun\command - G:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9df5d9cf-584e-11de-8bbb-001b24e90790}]
shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dde7ef6d-7e15-11dd-8dae-001b24e90790}]
shell\AutoRun\command - J:\wd_windows_tools\WDSetup.exe
======List of files/folders created in the last 3 months======
2010-02-09 14:48:21 ----D---- C:\rsit
2010-02-09 14:48:21 ----D---- C:\Program Files\trend micro
2010-02-08 19:53:28 ----D---- C:\ProgramData\Research In Motion
2010-02-08 19:53:09 ----D---- C:\Program Files\Research In Motion
2010-02-08 19:10:51 ----D---- C:\Users\Stephen\AppData\Roaming\Research In Motion
2010-02-08 19:10:12 ----D---- C:\Program Files\Common Files\Research In Motion
2010-01-23 01:13:45 ----D---- C:\Downloads
2010-01-23 00:48:24 ----A---- C:\Windows\system32\t2embed.dll
2010-01-23 00:48:24 ----A---- C:\Windows\system32\fontsub.dll
2010-01-23 00:48:13 ----A---- C:\Windows\system32\mshtml.dll
2010-01-23 00:48:12 ----A---- C:\Windows\system32\occache.dll
2010-01-23 00:48:11 ----A---- C:\Windows\system32\wininet.dll
2010-01-23 00:48:11 ----A---- C:\Windows\system32\urlmon.dll
2010-01-23 00:48:10 ----A---- C:\Windows\system32\ieframe.dll
2010-01-23 00:48:09 ----A---- C:\Windows\system32\iertutil.dll
2010-01-23 00:48:09 ----A---- C:\Windows\system32\ieapfltr.dll
2010-01-23 00:48:08 ----A---- C:\Windows\system32\mstime.dll
2010-01-23 00:48:08 ----A---- C:\Windows\system32\msfeeds.dll
2010-01-23 00:48:08 ----A---- C:\Windows\system32\jsproxy.dll
2010-01-23 00:48:08 ----A---- C:\Windows\system32\ieUnatt.exe
2010-01-23 00:48:08 ----A---- C:\Windows\system32\iepeers.dll
2010-01-23 00:48:08 ----A---- C:\Windows\system32\ieencode.dll
2010-01-23 00:48:08 ----A---- C:\Windows\system32\iedkcs32.dll
2010-01-23 00:48:08 ----A---- C:\Windows\system32\ieaksie.dll
2010-01-02 02:07:51 ----D---- C:\Program Files\TrendMicro
2010-01-01 23:53:50 ----A---- C:\Windows\ntbtlog.txt
2009-12-29 02:44:08 ----A---- C:\Windows\system32\tzres.dll
2009-12-29 02:42:59 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-29 02:42:58 ----A---- C:\Windows\system32\httpapi.dll
2009-12-29 02:41:40 ----A---- C:\Windows\system32\D3DX9_42.dll
2009-12-29 02:41:40 ----A---- C:\Windows\system32\d3dx10_42.dll
2009-12-28 17:31:38 ----A---- C:\Windows\system32\krl32mainweq.dll
2009-12-28 17:29:56 ----A---- C:\ProgramData\sysReserve.ini
2009-12-27 21:00:09 ----D---- C:\Users\Stephen\AppData\Roaming\vlc
2009-12-09 18:20:29 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 18:18:17 ----A---- C:\Windows\system32\rastls.dll
2009-12-09 18:18:17 ----A---- C:\Windows\system32\raschap.dll
2009-11-30 18:02:40 ----A---- C:\Windows\system32\xliveinstall.dll
2009-11-30 18:02:38 ----A---- C:\Windows\system32\xliveinstallhost.exe
2009-11-25 03:40:12 ----A---- C:\Windows\system32\msxml6.dll
2009-11-25 03:40:10 ----A---- C:\Windows\system32\msxml3.dll
2009-11-11 16:59:55 ----A---- C:\Windows\system32\WSDApi.dll
======List of files/folders modified in the last 3 months======
2010-02-09 17:15:45 ----D---- C:\Windows\Prefetch
2010-02-09 17:12:51 ----D---- C:\Windows\System32
2010-02-09 17:12:51 ----D---- C:\Windows\inf
2010-02-09 17:12:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-09 17:10:20 ----D---- C:\Program Files\Mozilla Firefox
2010-02-09 17:08:11 ----D---- C:\Windows\Temp
2010-02-09 17:03:23 ----D---- C:\Windows
2010-02-09 17:03:10 ----SHD---- C:\Windows\Installer
2010-02-09 17:03:06 ----HD---- C:\Config.Msi
2010-02-09 14:48:21 ----RD---- C:\Program Files
2010-02-09 14:40:42 ----D---- C:\Windows\system32\catroot
2010-02-09 14:40:41 ----D---- C:\Windows\system32\catroot2
2010-02-09 14:40:40 ----D---- C:\Windows\winsxs
2010-02-08 19:55:06 ----D---- C:\Windows\system32\drivers
2010-02-08 19:54:53 ----RSD---- C:\Windows\Fonts
2010-02-08 19:53:28 ----HD---- C:\ProgramData
2010-02-08 19:10:12 ----D---- C:\Program Files\Common Files
2010-02-08 02:26:33 ----D---- C:\Users\Stephen\AppData\Roaming\Azureus
2010-01-29 16:15:05 ----D---- C:\Program Files\Windows Mail
2010-01-29 12:05:31 ----D---- C:\Program Files\Internet Explorer
2010-01-29 12:05:28 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-29 11:45:24 ----D---- C:\Windows\Tasks
2010-01-29 11:42:26 ----D---- C:\Windows\Minidump
2010-01-25 12:42:27 ----A---- C:\Windows\win.ini
2010-01-14 11:12:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-01-12 11:55:17 ----A---- C:\Windows\NeroDigital.ini
2010-01-06 00:20:18 ----D---- C:\Windows\LiveKernelReports
2010-01-04 16:17:46 ----A---- C:\Windows\system32\mrt.exe
2010-01-02 02:22:25 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-02 02:22:08 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-01-02 02:21:55 ----D---- C:\ProgramData\Symantec
2010-01-02 02:16:44 ----D---- C:\Program Files\Hewlett-Packard
2010-01-02 02:16:34 ----RSD---- C:\Windows\assembly
2010-01-02 02:15:36 ----D---- C:\Program Files\Bonjour
2010-01-02 00:05:29 ----D---- C:\Windows\pss
2009-12-29 03:52:31 ----SHD---- C:\System Volume Information
2009-12-29 03:52:15 ----D---- C:\Windows\Logs
2009-12-29 03:36:20 ----D---- C:\Program Files\Steam
2009-12-29 03:04:10 ----D---- C:\Windows\rescache
2009-12-29 03:02:04 ----D---- C:\Windows\system32\RTCOM
2009-12-29 03:02:04 ----D---- C:\Program Files\Realtek
2009-12-29 02:46:52 ----D---- C:\Windows\system32\en-US
2009-12-29 02:37:56 ----D---- C:\Users\Stephen\AppData\Roaming\Adobe
2009-12-27 20:59:21 ----D---- C:\Program Files\VideoLAN
2009-12-21 21:47:22 ----D---- C:\Program Files\Azureus
2009-12-07 02:41:16 ----D---- C:\Program Files\GBalpha
2009-11-12 15:27:36 ----D---- C:\Users\Stephen\AppData\Roaming\Apple Computer
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 eabfiltr;eabfiltr; C:\Windows\system32\DRIVERS\eabfiltr.sys [2006-11-30 8192]
R2 enodpl;enodpl; C:\Windows\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-01-23 37376]
R2 tandpl;tandpl; C:\Windows\System32\drivers\tandpl.sys [2003-04-18 4736]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\Windows\system32\DRIVERS\ATSwpDrv.sys [2007-03-28 140424]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HBtnKey;HBtnKey; C:\Windows\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-06-09 2366752]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-04 7606688]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\Windows\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2008-01-18 8192]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-09-02 176128]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-18 88576]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-10-09 981504]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-03-28 199472]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-18 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-18 11264]
S3 aujhhai4;aujhhai4; C:\Windows\system32\drivers\aujhhai4.sys []
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-01 464384]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-18 131584]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-18 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-18 36864]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 E100B;Intel(R) PRO Adapter Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-11-01 163328]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-01 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-01 987648]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-01 200704]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-10-18 1380864]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 NETw4v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
S3 RimUsb;BlackBerry Smartphone; C:\Windows\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-18 9216]
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2008-01-18 7680]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-18 35328]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-01 654336]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-18 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 ASBroker;Logon Session Broker; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 ASChannel;Local Communication Channel; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-09-19 65536]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-18 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-15 354840]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-10-20 1028432]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-12-14 61440]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-04 203296]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-18 21504]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-01-02 66872]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-18 21504]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2007-10-16 1094936]
S2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]
S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-01-09 110592]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-30 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-03-19 316664]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []
-----------------EOF-----------------
and the rootkit log
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-02-09 01:51:15
Windows 6.0.6001 Service Pack 1
Running: lnsf5pcb.exe; Driver: C:\Users\Stephen\AppData\Local\Temp\uxryipoc.sys
---- System - GMER 1.0.15 ----
INT 0x51 ? 86E8ABF8
INT 0x52 ? 86E8ABF8
INT 0x72 ? 86E8ABF8
INT 0x72 ? 86E8ABF8
INT 0x82 ? 8552ABF8
INT 0x92 ? 85526BF8
INT 0xA2 ? 85526BF8
INT 0xB3 ? 86E8ABF8
Code 86CBC640 ZwEnumerateKey
Code 86CBC608 ZwFlushInstructionCache
Code 8895F39D IofCallDriver
Code 88BA987E IofCompleteRequest
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8552C1F8
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
Device \FileSystem\fastfat \FatCdrom 84D5C500
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
Device \Driver\volmgr \Device\VolMgrControl 855281F8
Device \Driver\netbt \Device\NetBT_Tcpip_{7354AB7C-29E4-4345-82DE-C0CD55119099} 88915500
Device \Driver\usbuhci \Device\USBPDO-0 86CAD1F8
Device \Driver\usbuhci \Device\USBPDO-1 86CAD1F8
Device \Driver\usbehci \Device\USBPDO-2 86CA61F8
Device \Driver\usbuhci \Device\USBPDO-3 86CAD1F8
Device \Driver\usbuhci \Device\USBPDO-4 86CAD1F8
AttachedDevice \Driver\tdx \Device\Tcp epfwtdir.sys
Device \Driver\usbuhci \Device\USBPDO-5 86CAD1F8
Device \Driver\usbehci \Device\USBPDO-6 86CA61F8
Device \Driver\PCI_PNP0343 \Device\00000057 sppu.sys
Device \Driver\volmgr \Device\HarddiskVolume1 855281F8
Device \Driver\volmgr \Device\HarddiskVolume2 855281F8
Device \Driver\sptd \Device\1381976354 sppu.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 8552B1F8
Device \Driver\iaStor \Device\Ide\iaStor0 [8A4BDEB0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 8552B1F8
Device \Driver\atapi \Device\Ide\IdePort1 8552B1F8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8A4BDEB0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8A4BDEB0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\volmgr \Device\HarddiskVolume3 855281F8
Device \Driver\volmgr \Device\HarddiskVolume4 855281F8
Device \Driver\netbt \Device\NetBt_Wins_Export 88915500
Device \Driver\Smb \Device\NetbiosSmb 88C001F8
Device \Driver\iScsiPrt \Device\RaidPort0 86DA41F8
Device \Driver\usbuhci \Device\USBFDO-0 86CAD1F8
Device \Driver\usbuhci \Device\USBFDO-1 86CAD1F8
Device \Driver\usbehci \Device\USBFDO-2 86CA61F8
Device \Driver\usbuhci \Device\USBFDO-3 86CAD1F8
Device \Driver\usbuhci \Device\USBFDO-4 86CAD1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{6BCF6CD5-7CC8-4F2B-A350-D7392CE5F910} 88915500
Device \Driver\usbuhci \Device\USBFDO-5 86CAD1F8
Device \Driver\usbehci \Device\USBFDO-6 86CA61F8
Device \Driver\ak3r0d0x \Device\Scsi\ak3r0d0x1 86DA3500
Device \Driver\ak3r0d0x \Device\Scsi\ak3r0d0x1Port4Path0Target0Lun0 86DA3500
Device \FileSystem\fastfat \Fat 84D5C500
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat eamon.sys (Amon monitor/ESET)
Device \FileSystem\cdfs \Cdfs 84D671F8
---- Modules - GMER 1.0.15 ----
Module \systemroot\system32\drivers\H8SRTrtqbdteqxb.sys (*** hidden *** ) 8F578000-8F594000 (114688 bytes)
---- Processes - GMER 1.0.15 ----
Library \\?\globalroot\systemroot\system32\H8SRTqiqocihbbb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1020] 0x00D50000
Library \\?\globalroot\systemroot\system32\H8SRTqiqocihbbb.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1088] 0x009B0000
Library \\?\globalroot\systemroot\system32\H8SRTqiqocihbbb.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1104] 0x009B0000
Library \\?\globalroot\systemroot\system32\H8SRTqiqocihbbb.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1176] 0x009C0000
Library \\?\globalroot\systemroot\system32\H8SRTqiqocihbbb.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1216] 0x009B0000
Library \\?\globalroot\systemroot\system32\H8SRTqiqocihbbb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1248] 0x009B0000
Library \\?\globalroot\systemroot\system32\H8SRTqiqocihbbb.dll (*** hidden *** ) @ C:\Windows\system32\winlogon.exe [1328] 0x00810000
Library \\?\globalroot\systemroot\system32\H8SRTqiqocihbbb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1472] 0x00D90000
Library \\?\globalroot\systemroot\system32\H8SRTqiqocihbbb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1528] 0x00D50000
Library \\?\globalroot\systemroot\system32\H8SRTqiqocihbbb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1600] 0x00D40000
Library \\?\globalroot\systemroot\system32\H8SRTqiqocihbbb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1840] 0x00D40000
Library \\?\globalroot\systemroot\system32\H8SRTqiqocihbbb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [2044] 0x00D30000
Library \\?\globalroot\systemroot\system32\H8SRTqiqocihbbb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [2364] 0x00D50000
Library \\?\globalroot\systemroot\system32\H8SRTqiqocihbbb.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [2384] 0x009B0000
Library \\?\globalroot\systemroot\system32\H8SRTqiqocihbbb.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [2532] 0x009B0000
Library \\?\globalroot\systemroot\system32\H8SRTqiqocihbbb.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [4668] 0x02090000
---- Services - GMER 1.0.15 ----
Service C:\Windows\system32\drivers\H8SRTrtqbdteqxb.sys (*** hidden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTrtqbdteqxb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTrtqbdteqxb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTeisxxykdxi.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmwbpittnpx.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTfoptwervvp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiehynkmnxx.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTqiqocihbbb.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCF 0xFD 0x98 0x37 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x2C 0x9C 0x0B 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1D 0xA7 0x03 0xCC ...
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTrtqbdteqxb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTrtqbdteqxb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTeisxxykdxi.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmwbpittnpx.dat
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTfoptwervvp.dll
Reg HKLM\SYSTEM\ControlSet002\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiehynkmnxx.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTrtqbdteqxb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTrtqbdteqxb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTeisxxykdxi.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmwbpittnpx.dat
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTfoptwervvp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiehynkmnxx.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTrtqbdteqxb.sys
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTrtqbdteqxb.sys
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTeisxxykdxi.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmwbpittnpx.dat
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTfoptwervvp.dll
Reg HKLM\SYSTEM\ControlSet004\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiehynkmnxx.dll
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTrtqbdteqxb.sys
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTrtqbdteqxb.sys
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTeisxxykdxi.dll
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmwbpittnpx.dat
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTfoptwervvp.dll
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiehynkmnxx.dll
Reg HKLM\SYSTEM\ControlSet005\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTqiqocihbbb.dll
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTrtqbdteqxb.sys
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTrtqbdteqxb.sys
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTeisxxykdxi.dll
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmwbpittnpx.dat
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTfoptwervvp.dll
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiehynkmnxx.dll
Reg HKLM\SYSTEM\ControlSet006\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTqiqocihbbb.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@start 1
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@type 1
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@imagepath \systemroot\system32\drivers\H8SRTrtqbdteqxb.sys
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys@group file system
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTd \\?\globalroot\systemroot\system32\drivers\H8SRTrtqbdteqxb.sys
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTc \\?\globalroot\systemroot\system32\H8SRTeisxxykdxi.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@H8SRTsrcr \\?\globalroot\systemroot\system32\H8SRTmwbpittnpx.dat
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@h8srtserf \\?\globalroot\systemroot\system32\H8SRTfoptwervvp.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@h8srtbbr \\?\globalroot\systemroot\system32\H8SRTiehynkmnxx.dll
Reg HKLM\SYSTEM\ControlSet007\Services\H8SRTd.sys\modules@h8srtmsg \\?\globalroot\systemroot\system32\H8SRTqiqocihbbb.dll
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCF 0xFD 0x98 0x37 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x2C 0x9C 0x0B 0x02 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x1D 0xA7 0x03 0xCC ...
---- Files - GMER 1.0.15 ----
File C:\ProgramData\h8srtkrl32mainweq.dll 769 bytes
File C:\ProgramData\h8srtmainqt.dll 10686 bytes
File C:\Users\Stephen\AppData\Local\Temp\H8SRTb48a.tmp 680448 bytes executable
File C:\Users\Stephen\AppData\Local\Temp\h8srtmainqt.dll 16474 bytes
File C:\Windows\System32\drivers\H8SRTrtqbdteqxb.sys 40448 bytes executable <-- ROOTKIT !!!
File C:\Windows\System32\H8SRTeisxxykdxi.dll 23040 bytes executable
File C:\Windows\System32\H8SRTfoptwervvp.dll 40960 bytes executable
File C:\Windows\System32\H8SRTiehynkmnxx.dll 40960 bytes executable
File C:\Windows\System32\H8SRTmwbpittnpx.dat 166 bytes
File C:\Windows\System32\H8SRTqiqocihbbb.dll 16896 bytes executable
File C:\Windows\System32\h8srtshsyst.dll 2096 bytes
File C:\Windows\Temp\H8SRTec0.tmp 243 bytes
File C:\Windows\Temp\H8SRT1a3c.tmp 241 bytes
File C:\Windows\Temp\H8SRT3f7a.tmp 241 bytes
File C:\Windows\Temp\H8SRT4c9b.tmp 239 bytes
File C:\Windows\Temp\H8SRT7673.tmp 168 bytes
File C:\Windows\Temp\H8SRT8049.tmp 240 bytes
File C:\Windows\Temp\H8SRT951.tmp 166 bytes
File C:\Windows\Temp\H8SRTa46f.tmp 243 bytes
File C:\Windows\Temp\H8SRTb576.tmp 241 bytes
File C:\Windows\Temp\H8SRTda37.tmp 168 bytes
File C:\Windows\Temp\H8SRTdb09.tmp 164 bytes
File C:\Windows\Temp\H8SRTe1cd.tmp 40960 bytes executable
File C:\Windows\Temp\H8SRTe804.tmp 40960 bytes executable
---- EOF - GMER 1.0.15 ----