Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

NTOSKRNL-HOOK Trojan

Started by ealtmann , Jul 16 2009 12:36 PM

  • Please log in to reply

#1
ealtmann
Posted 16 July 2009 - 12:36 PM

ealtmann

    New Member

  • Member
  • Pip
  • 2 posts
Mcafee Viruscan finds and claims to remove ntoskrnl-hook but still find it when I run the scan again.

I tried to run combofix a few times, but vista keeps crashing.. I am Administrator, still i see "Access Denied Administrator permissions are needed" in combofix a few times.

see below fro hijackthis report:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:50:07 PM, on 7/16/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VAIO Help and Support Demo] "C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe"
O4 - HKLM\..\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [VAIOSurvey] "C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AOL DDI.lnk = C:\DDI\AOLICON.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: stunnel - Unknown owner - C:\Program Files\stunnel\stunnel.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14217 bytes














GMER report:
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-16 22:12:22
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

Code 87F76BD8 ZwEnumerateKey
Code 87F76BA0 ZwFlushInstructionCache
Code 87F80976 ZwSaveKey
Code 87F76D7E ZwSaveKeyEx
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xAAFD32C7]
Code 87D5FA4D IofCallDriver
Code 87F76CB6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCompleteRequest 82077FE2 5 Bytes JMP 87F76CBB
.text ntkrnlpa.exe!IofCallDriver 820F9F6F 5 Bytes JMP 87D5FA52
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 821F030B 2 Bytes JMP 87F76BA4
PAGE ntkrnlpa.exe!ZwFlushInstructionCache + 3 821F030E 2 Bytes [D8, 05]
PAGE ntkrnlpa.exe!ZwTerminateProcess 82220F80 5 Bytes JMP AAFD32CB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 82245BA2 5 Bytes JMP 87F76BDC
PAGE ntkrnlpa.exe!ZwSaveKey 82293523 5 Bytes JMP 87F8097A
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8229362A 5 Bytes JMP 87F76D82

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[208] ntdll.dll!LdrLoadDll 77507933 5 Bytes JMP 0019000A
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[400] ntdll.dll!LdrLoadDll 77507933 5 Bytes JMP 00AF000A
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[468] ntdll.dll!LdrLoadDll 77507933 5 Bytes JMP 0094000A
.text C:\Windows\system32\winlogon.exe[628] ntdll.dll!LdrLoadDll 77507933 5 Bytes JMP 0007000A
.text C:\Windows\system32\lsm.exe[652] ntdll.dll!LdrLoadDll 77507933 5 Bytes JMP 0034000A
.text ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74507BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [745498C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7450D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744FF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74507599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744FE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7453B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7450D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7450012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74500095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744F71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7458D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [745275E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744FDAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744F668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744F66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3676] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74501E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4272] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [74507BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4272] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [745498C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4272] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7450D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4272] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [744FF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4272] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [74507599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4272] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [744FE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4272] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7453B33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4272] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7450D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4272] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [7450012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4272] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [74500095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4272] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [744F71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4272] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [7458D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4272] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [745275E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4272] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [744FDAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4272] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [744F668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4272] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [744F66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[4272] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74501E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [208] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\McAfee\Common Framework\FrameworkService.exe [400] 0x00AC0000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [468] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\wininit.exe [552] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\services.exe [596] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\winlogon.exe [628] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\lsass.exe [636] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\lsm.exe [652] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [760] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [812] 0x00A90000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [836] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe [852] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [888] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [936] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Java\jre6\bin\jusched.exe [980] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1028] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\ehome\ehmsas.exe [1064] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [1108] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1152] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [1236] 0x00D40000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [1256] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\SLsvc.exe [1268] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1308] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\McAfee\Common Framework\naPrdMgr.exe [1344] 0x00AC0000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1436] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\System32\spoolsv.exe [1608] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1632] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [1832] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [1868] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [1904] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\ehome\ehtray.exe [1912] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\McAfee\Common Framework\UdaterUI.exe [1952] 0x00A50000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\FileZilla Server\FileZilla Server.exe [1980] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [2068] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\WindowsMobile\wmdc.exe [2092] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\PSIService.exe [2120] 0x002A0000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [2136] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\svchost.exe [2208] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\stunnel\stunnel.exe [2224] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [2304] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [2320] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [2340] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [2356] 0x00930000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\System32\svchost.exe [2384] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\SearchIndexer.exe [2420] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\DRIVERS\xaudio.exe [2436] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2448] 0x03590000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [2460] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\WUDFHost.exe [2592] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [2640] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe [2704] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\igfxext.exe [2900] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\igfxsrvc.exe [2936] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [3056] 0x00520000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\taskeng.exe [3224] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\iPod\bin\iPodService.exe [3264] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [3460] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Users\Administrator\Downloads\gmer.exe [3472] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\taskeng.exe [3500] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\Dwm.exe [3532] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\Explorer.EXE [3676] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Windows Defender\MSASCui.exe [3876] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\System32\hkcmd.exe [3932] 0x00380000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\SearchFilterHost.exe [3944] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\System32\igfxpers.exe [3956] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3992] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Sony\ISB Utility\ISBMgr.exe [4004] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\igfxsrvc.exe [4040] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe [4048] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [4064] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [4072] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe [4080] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\explorer.exe [4272] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\wbem\unsecapp.exe [4404] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\McAfee\Common Framework\McTray.exe [4488] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\wbem\wmiprvse.exe [4520] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\SearchProtocolHost.exe [4656] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Windows\system32\taskeng.exe [4960] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Windows Media Player\wmpnscfg.exe [5204] 0x10000000
Library \\?\globalroot\systemroot\system32\geyekrxrirqtuw.dll (*** hidden *** ) @ C:\Program Files\Windows Media Player\wmpnetwk.exe [5284] 0x10000000

---- EOF - GMER 1.0.15 ----

Edited by ealtmann, 16 July 2009 - 02:14 PM.

  • 0

Advertisements

#2
ealtmann
Posted 16 July 2009 - 02:34 PM

ealtmann

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I ran SUPERAntiSpyware a few times (first time it found 94 infections) and everytime now i get the following 2 trojans...


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/16/2009 at 09:46 PM

Application Version : 4.26.1006

Core Rules Database Version : 3999
Trace Rules Database Version: 1939

Scan type : Quick Scan
Total Scan Time : 00:37:03

Memory items scanned : 702
Memory threats detected : 0
Registry items scanned : 505
Registry threats detected : 2
File items scanned : 35332
File threats detected : 0

Trojan.Agent/Gen-AlerterALG
HKU\.DEFAULT\Software\S45
HKU\S-1-5-18\Software\S45
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP