Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer froze on starting up

Started by Streetwise , Sep 06 2009 01:05 PM

  • Please log in to reply

#1
Streetwise
Posted 06 September 2009 - 01:05 PM

Streetwise

    Member

  • Member
  • PipPip
  • 61 posts
I've got Windows Vista Home edition. If I started the computer it froze after loadind Windows. The antivirus was inactive and nothing reacted if I clicked it. After booting in safe mode and following your self-help instructions the system is back to normal. I ran a Gmer scan just to be on the safe side. I got the warning "Gmer has found system modification caused by rootkit activity". Here is the log file:

GMER 1.0.15.15077 [8l9pxr70.exe] - http://www.gmer.net
Rootkit scan 2009-09-06 20:50:00
Windows 6.0.6000 


---- System - GMER 1.0.15 ----

INT 0x72		?																																					 84D5EBF8
INT 0x82		?																																					 84D5EBF8
INT 0x92		?																																					 84D5EBF8
INT 0x92		?																																					 84D5EBF8
INT 0x92		?																																					 85085F00
INT 0x92		?																																					 85085F00
INT 0x92		?																																					 84D5EBF8
INT 0x93		?																																					 85085F00
INT 0xA3		?																																					 85085F00
INT 0xB3		?																																					 85085F00

Code			85643850																																			  ZwEnumerateKey
Code			856449C0																																			  ZwFlushInstructionCache
Code			856438BE																																			  ZwSaveKey
Code			85643886																																			  ZwSaveKeyEx
Code			8562E90D																																			  IofCallDriver
Code			8562E946																																			  IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text		   ntkrnlpa.exe!IofCallDriver																															82027F37 5 Bytes  JMP 8562E912 
.text		   ntkrnlpa.exe!IofCompleteRequest																													   82027FA4 5 Bytes  JMP 8562E94B 
PAGE			ntkrnlpa.exe!ZwEnumerateKey																														   82137F06 5 Bytes  JMP 85643854 
PAGE			ntkrnlpa.exe!ZwSaveKey																																82139CC3 5 Bytes  JMP 856438C2 
PAGE			ntkrnlpa.exe!ZwSaveKeyEx																															  82139DCA 5 Bytes  JMP 8564388A 
PAGE			ntkrnlpa.exe!ZwFlushInstructionCache																												  821E849F 5 Bytes  JMP 856449C4 
?			   System32\Drivers\spyx.sys																															 Het systeem kan het opgegeven pad niet vinden. !
.text		   USBPORT.SYS!DllUnload																																 8C6B0FEB 5 Bytes  JMP 850854E0 

---- User code sections - GMER 1.0.15 ----

.text		   C:\Windows\Explorer.EXE[116] ntdll.dll!LdrLoadDll																									 770FEB00 5 Bytes  JMP 0023000A 

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT			 \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]																			 [807026D2] \SystemRoot\System32\Drivers\spyx.sys
IAT			 \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]																			  [80702040] \SystemRoot\System32\Drivers\spyx.sys
IAT			 \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]																	  [807027FC] \SystemRoot\System32\Drivers\spyx.sys
IAT			 \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort]																			 [807020BE] \SystemRoot\System32\Drivers\spyx.sys
IAT			 \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]																	   [8070213C] \SystemRoot\System32\Drivers\spyx.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT			 C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]																   [740BFD78] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]															   [7408BBF1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]														 [7407A31F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]														   [7407CBFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]																[74078AB2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]													   [7408D168] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]															   [74077D98] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]																[74077CFF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]																 [74076A54] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]														 [7410C1BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]															[740980FE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]															   [740790CD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]																		 [7408223C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]																		[74082267] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]																  [7408771C] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]																   [7408753E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT			 C:\Windows\Explorer.EXE[116] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]													[740B8585] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16683_none_9ea0f08ac96e2537\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device		  \FileSystem\Ntfs \Ntfs																																84D641F8
Device		  \Driver\volmgr \Device\VolMgrControl																												  84D601F8
Device		  \Driver\netbt \Device\NetBT_Tcpip_{AAB6A34A-F0E7-46CF-9E96-447ECA7B7D23}																			  85DCE1F8
Device		  \Driver\usbuhci \Device\USBPDO-0																													  8507C1F8
Device		  \Driver\usbuhci \Device\USBPDO-1																													  8507C1F8
Device		  \Driver\usbuhci \Device\USBPDO-2																													  8507C1F8
Device		  \Driver\usbuhci \Device\USBPDO-3																													  8507C1F8
Device		  \Driver\usbehci \Device\USBPDO-4																													  850861F8
Device		  \Driver\volmgr \Device\HarddiskVolume1																												84D601F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1																												hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

Device		  \Driver\volmgr \Device\HarddiskVolume2																												84D601F8

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2																												hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

Device		  \Driver\cdrom \Device\CdRom0																														  850281F8
Device		  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0																										   84D621F8
Device		  \Driver\atapi \Device\Ide\IdePort0																													84D621F8
Device		  \Driver\atapi \Device\Ide\IdePort1																													84D621F8
Device		  \Driver\atapi \Device\Ide\IdePort2																													84D621F8
Device		  \Driver\atapi \Device\Ide\IdePort3																													84D621F8
Device		  \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-4																										   84D621F8
Device		  \Driver\netbt \Device\NetBT_Tcpip_{FC197BA7-1886-4606-9ADB-B878560D2241}																			  85DCE1F8
Device		  \Driver\netbt \Device\NetBt_Wins_Export																											   85DCE1F8
Device		  \Driver\Smb \Device\NetbiosSmb																														857111F8
Device		  \Driver\iScsiPrt \Device\RaidPort0																													85081500
Device		  \Driver\usbuhci \Device\USBFDO-0																													  8507C1F8
Device		  \Driver\usbuhci \Device\USBFDO-1																													  8507C1F8
Device		  \Driver\usbuhci \Device\USBFDO-2																													  8507C1F8
Device		  \Driver\usbuhci \Device\USBFDO-3																													  8507C1F8
Device		  \Driver\usbehci \Device\USBFDO-4																													  850861F8
Device		  \FileSystem\cdfs \Cdfs																																85FDE500

---- Services - GMER 1.0.15 ----

Service		 C:\Windows\system32\drivers\kbiwkmrrgqdboj.sys (*** hidden *** )																					  [SYSTEM] kbiwkmwmcwovnl																																			   <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg			 HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmwmcwovnl																								 
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\[email protected]																						   1
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\[email protected]																							1
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\[email protected]																						   file system
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\[email protected]																					   \systemroot\system32\drivers\kbiwkmrrgqdboj.sys
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmwmcwovnl\main																							
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmwmcwovnl\[email protected]																						10005
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmwmcwovnl\[email protected]																						1
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmwmcwovnl\[email protected]																				   14400
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmwmcwovnl\main\delete																					 
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmwmcwovnl\main\injector																				   
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmwmcwovnl\main\[email protected]*																				 kbiwkmwsp.dll
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmwmcwovnl\main\tasks																					  
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmwmcwovnl\modules																						 
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmwmcwovnl\[email protected]																			\systemroot\system32\drivers\kbiwkmrrgqdboj.sys
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmwmcwovnl\[email protected]																		   \systemroot\system32\kbiwkmpljfcueg.dll
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmwmcwovnl\[email protected]																		   \systemroot\system32\kbiwkmwhemuamo.dat
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmwmcwovnl\[email protected]																		   \systemroot\system32\kbiwkmqajydywa.dll
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmwmcwovnl\[email protected]																			  \systemroot\system32\kbiwkmvexrbjdi.dat
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]																									771343423
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]																									285507792
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected]																									1
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04																	  
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0[email protected]																   0
Reg			 HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0[email protected]																0x47 0xC1 0x3D 0xEE ...
Reg			 HKLM\SYSTEM\ControlSet002\Services\kbiwkmwmcwovnl (not active ControlSet)																			 
Reg			 HKLM\SYSTEM\ControlSet002\Services\[email protected]																							   1
Reg			 HKLM\SYSTEM\ControlSet002\Services\[email protected]																								1
Reg			 HKLM\SYSTEM\ControlSet002\Services\[email protected]																							   file system
Reg			 HKLM\SYSTEM\ControlSet002\Services\[email protected]																						   \systemroot\system32\drivers\kbiwkmrrgqdboj.sys
Reg			 HKLM\SYSTEM\ControlSet002\Services\kbiwkmwmcwovnl\main (not active ControlSet)																		
Reg			 HKLM\SYSTEM\ControlSet002\Services\kbiwkmwmcwovnl\[email protected]																							10005
Reg			 HKLM\SYSTEM\ControlSet002\Services\kbiwkmwmcwovnl\[email protected]																							1
Reg			 HKLM\SYSTEM\ControlSet002\Services\kbiwkmwmcwovnl\[email protected]																					   14400
Reg			 HKLM\SYSTEM\ControlSet002\Services\kbiwkmwmcwovnl\main\delete (not active ControlSet)																 
Reg			 HKLM\SYSTEM\ControlSet002\Services\kbiwkmwmcwovnl\main\injector (not active ControlSet)															   
Reg			 HKLM\SYSTEM\ControlSet002\Services\kbiwkmwmcwovnl\main\[email protected]*																					 kbiwkmwsp.dll
Reg			 HKLM\SYSTEM\ControlSet002\Services\kbiwkmwmcwovnl\main\tasks (not active ControlSet)																  
Reg			 HKLM\SYSTEM\ControlSet002\Services\kbiwkmwmcwovnl\modules (not active ControlSet)																	 
Reg			 HKLM\SYSTEM\ControlSet002\Services\kbiwkmwmcwovnl\[email protected]																				\systemroot\system32\drivers\kbiwkmrrgqdboj.sys
Reg			 HKLM\SYSTEM\ControlSet002\Services\kbiwkmwmcwovnl\[email protected]																			   \systemroot\system32\kbiwkmpljfcueg.dll
Reg			 HKLM\SYSTEM\ControlSet002\Services\kbiwkmwmcwovnl\[email protected]																			   \systemroot\system32\kbiwkmwhemuamo.dat
Reg			 HKLM\SYSTEM\ControlSet002\Services\kbiwkmwmcwovnl\[email protected]																			   \systemroot\system32\kbiwkmqajydywa.dll
Reg			 HKLM\SYSTEM\ControlSet002\Services\kbiwkmwmcwovnl\[email protected]																				  \systemroot\system32\kbiwkmvexrbjdi.dat
Reg			 HKLM\SYSTEM\ControlSet003\Services\kbiwkmwmcwovnl (not active ControlSet)																			 
Reg			 HKLM\SYSTEM\ControlSet003\Services\[email protected]																							   1
Reg			 HKLM\SYSTEM\ControlSet003\Services\[email protected]																								1
Reg			 HKLM\SYSTEM\ControlSet003\Services\[email protected]																							   file system
Reg			 HKLM\SYSTEM\ControlSet003\Services\[email protected]																						   \systemroot\system32\drivers\kbiwkmrrgqdboj.sys
Reg			 HKLM\SYSTEM\ControlSet003\Services\kbiwkmwmcwovnl\main (not active ControlSet)																		
Reg			 HKLM\SYSTEM\ControlSet003\Services\kbiwkmwmcwovnl\[email protected]																							10005
Reg			 HKLM\SYSTEM\ControlSet003\Services\kbiwkmwmcwovnl\[email protected]																							1
Reg			 HKLM\SYSTEM\ControlSet003\Services\kbiwkmwmcwovnl\[email protected]																					   14400
Reg			 HKLM\SYSTEM\ControlSet003\Services\kbiwkmwmcwovnl\main\delete (not active ControlSet)																 
Reg			 HKLM\SYSTEM\ControlSet003\Services\kbiwkmwmcwovnl\main\injector (not active ControlSet)															   
Reg			 HKLM\SYSTEM\ControlSet003\Services\kbiwkmwmcwovnl\main\[email protected]*																					 kbiwkmwsp.dll
Reg			 HKLM\SYSTEM\ControlSet003\Services\kbiwkmwmcwovnl\main\tasks (not active ControlSet)																  
Reg			 HKLM\SYSTEM\ControlSet003\Services\kbiwkmwmcwovnl\modules (not active ControlSet)																	 
Reg			 HKLM\SYSTEM\ControlSet003\Services\kbiwkmwmcwovnl\[email protected]																				\systemroot\system32\drivers\kbiwkmrrgqdboj.sys
Reg			 HKLM\SYSTEM\ControlSet003\Services\kbiwkmwmcwovnl\[email protected]																			   \systemroot\system32\kbiwkmpljfcueg.dll
Reg			 HKLM\SYSTEM\ControlSet003\Services\kbiwkmwmcwovnl\[email protected]																			   \systemroot\system32\kbiwkmwhemuamo.dat
Reg			 HKLM\SYSTEM\ControlSet003\Services\kbiwkmwmcwovnl\[email protected]																			   \systemroot\system32\kbiwkmqajydywa.dll
Reg			 HKLM\SYSTEM\ControlSet003\Services\kbiwkmwmcwovnl\[email protected]																				  \systemroot\system32\kbiwkmvexrbjdi.dat
Reg			 HKLM\SYSTEM\ControlSet004\Services\kbiwkmwmcwovnl (not active ControlSet)																			 
Reg			 HKLM\SYSTEM\ControlSet004\Services\[email protected]																							   1
Reg			 HKLM\SYSTEM\ControlSet004\Services\[email protected]																								1
Reg			 HKLM\SYSTEM\ControlSet004\Services\[email protected]																							   file system
Reg			 HKLM\SYSTEM\ControlSet004\Services\[email protected]																						   \systemroot\system32\drivers\kbiwkmrrgqdboj.sys
Reg			 HKLM\SYSTEM\ControlSet004\Services\kbiwkmwmcwovnl\main (not active ControlSet)																		
Reg			 HKLM\SYSTEM\ControlSet004\Services\kbiwkmwmcwovnl\[email protected]																							10005
Reg			 HKLM\SYSTEM\ControlSet004\Services\kbiwkmwmcwovnl\[email protected]																							1
Reg			 HKLM\SYSTEM\ControlSet004\Services\kbiwkmwmcwovnl\[email protected]																					   14400
Reg			 HKLM\SYSTEM\ControlSet004\Services\kbiwkmwmcwovnl\main\delete (not active ControlSet)																 
Reg			 HKLM\SYSTEM\ControlSet004\Services\kbiwkmwmcwovnl\main\injector (not active ControlSet)															   
Reg			 HKLM\SYSTEM\ControlSet004\Services\kbiwkmwmcwovnl\main\[email protected]*																					 kbiwkmwsp.dll
Reg			 HKLM\SYSTEM\ControlSet004\Services\kbiwkmwmcwovnl\main\tasks (not active ControlSet)																  
Reg			 HKLM\SYSTEM\ControlSet004\Services\kbiwkmwmcwovnl\modules (not active ControlSet)																	 
Reg			 HKLM\SYSTEM\ControlSet004\Services\kbiwkmwmcwovnl\[email protected]																				\systemroot\system32\drivers\kbiwkmrrgqdboj.sys
Reg			 HKLM\SYSTEM\ControlSet004\Services\kbiwkmwmcwovnl\[email protected]																			   \systemroot\system32\kbiwkmpljfcueg.dll
Reg			 HKLM\SYSTEM\ControlSet004\Services\kbiwkmwmcwovnl\[email protected]																			   \systemroot\system32\kbiwkmwhemuamo.dat
Reg			 HKLM\SYSTEM\ControlSet004\Services\kbiwkmwmcwovnl\[email protected]																			   \systemroot\system32\kbiwkmqajydywa.dll
Reg			 HKLM\SYSTEM\ControlSet004\Services\kbiwkmwmcwovnl\[email protected]																				  \systemroot\system32\kbiwkmvexrbjdi.dat
Reg			 HKLM\SYSTEM\ControlSet005\Services\kbiwkmwmcwovnl (not active ControlSet)																			 
Reg			 HKLM\SYSTEM\ControlSet005\Services\[email protected]																							   1
Reg			 HKLM\SYSTEM\ControlSet005\Services\[email protected]																								1
Reg			 HKLM\SYSTEM\ControlSet005\Services\[email protected]																							   file system
Reg			 HKLM\SYSTEM\ControlSet005\Services\[email protected]																						   \systemroot\system32\drivers\kbiwkmrrgqdboj.sys
Reg			 HKLM\SYSTEM\ControlSet005\Services\kbiwkmwmcwovnl\main (not active ControlSet)																		
Reg			 HKLM\SYSTEM\ControlSet005\Services\kbiwkmwmcwovnl\[email protected]																							10005
Reg			 HKLM\SYSTEM\ControlSet005\Services\kbiwkmwmcwovnl\[email protected]																							1
Reg			 HKLM\SYSTEM\ControlSet005\Services\kbiwkmwmcwovnl\[email protected]																					   14400
Reg			 HKLM\SYSTEM\ControlSet005\Services\kbiwkmwmcwovnl\main\delete (not active ControlSet)																 
Reg			 HKLM\SYSTEM\ControlSet005\Services\kbiwkmwmcwovnl\main\injector (not active ControlSet)															   
Reg			 HKLM\SYSTEM\ControlSet005\Services\kbiwkmwmcwovnl\main\[email protected]*																					 kbiwkmwsp.dll
Reg			 HKLM\SYSTEM\ControlSet005\Services\kbiwkmwmcwovnl\main\tasks (not active ControlSet)																  
Reg			 HKLM\SYSTEM\ControlSet005\Services\kbiwkmwmcwovnl\modules (not active ControlSet)																	 
Reg			 HKLM\SYSTEM\ControlSet005\Services\kbiwkmwmcwovnl\[email protected]																				\systemroot\system32\drivers\kbiwkmrrgqdboj.sys
Reg			 HKLM\SYSTEM\ControlSet005\Services\kbiwkmwmcwovnl\[email protected]																			   \systemroot\system32\kbiwkmpljfcueg.dll
Reg			 HKLM\SYSTEM\ControlSet005\Services\kbiwkmwmcwovnl\[email protected]																			   \systemroot\system32\kbiwkmwhemuamo.dat
Reg			 HKLM\SYSTEM\ControlSet005\Services\kbiwkmwmcwovnl\[email protected]																			   \systemroot\system32\kbiwkmqajydywa.dll
Reg			 HKLM\SYSTEM\ControlSet005\Services\kbiwkmwmcwovnl\[email protected]																				  \systemroot\system32\kbiwkmvexrbjdi.dat
Reg			 HKLM\SYSTEM\ControlSet006\Services\kbiwkmwmcwovnl (not active ControlSet)																			 
Reg			 HKLM\SYSTEM\ControlSet006\Services\[email protected]																							   1
Reg			 HKLM\SYSTEM\ControlSet006\Services\[email protected]																								1
Reg			 HKLM\SYSTEM\ControlSet006\Services\[email protected]																							   file system
Reg			 HKLM\SYSTEM\ControlSet006\Services\[email protected]																						   \systemroot\system32\drivers\kbiwkmrrgqdboj.sys
Reg			 HKLM\SYSTEM\ControlSet006\Services\kbiwkmwmcwovnl\main (not active ControlSet)																		
Reg			 HKLM\SYSTEM\ControlSet006\Services\kbiwkmwmcwovnl\[email protected]																							10005
Reg			 HKLM\SYSTEM\ControlSet006\Services\kbiwkmwmcwovnl\[email protected]																							1
Reg			 HKLM\SYSTEM\ControlSet006\Services\kbiwkmwmcwovnl\[email protected]																					   14400
Reg			 HKLM\SYSTEM\ControlSet006\Services\kbiwkmwmcwovnl\main\delete (not active ControlSet)																 
Reg			 HKLM\SYSTEM\ControlSet006\Services\kbiwkmwmcwovnl\main\injector (not active ControlSet)															   
Reg			 HKLM\SYSTEM\ControlSet006\Services\kbiwkmwmcwovnl\main\[email protected]*																					 kbiwkmwsp.dll
Reg			 HKLM\SYSTEM\ControlSet006\Services\kbiwkmwmcwovnl\main\tasks (not active ControlSet)																  
Reg			 HKLM\SYSTEM\ControlSet006\Services\kbiwkmwmcwovnl\modules (not active ControlSet)																	 
Reg			 HKLM\SYSTEM\ControlSet006\Services\kbiwkmwmcwovnl\[email protected]																				\systemroot\system32\drivers\kbiwkmrrgqdboj.sys
Reg			 HKLM\SYSTEM\ControlSet006\Services\kbiwkmwmcwovnl\[email protected]																			   \systemroot\system32\kbiwkmpljfcueg.dll
Reg			 HKLM\SYSTEM\ControlSet006\Services\kbiwkmwmcwovnl\[email protected]																			   \systemroot\system32\kbiwkmwhemuamo.dat
Reg			 HKLM\SYSTEM\ControlSet006\Services\kbiwkmwmcwovnl\[email protected]																			   \systemroot\system32\kbiwkmqajydywa.dll
Reg			 HKLM\SYSTEM\ControlSet006\Services\kbiwkmwmcwovnl\[email protected]																				  \systemroot\system32\kbiwkmvexrbjdi.dat
Reg			 HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)												  
Reg			 HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0[email protected]																	   0
Reg			 HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0[email protected]																	0x47 0xC1 0x3D 0xEE ...
Reg			 HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6A013403-9A3B-8C35-1630-90179915F72E}									   
Reg			 HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6A013403-9A3B-8C35-1630-90179915F72E}@bblbcfpmokmngbinkpikeeffdiokhiidbknn  0x61 0x62 0x65 0x63 ...
Reg			 HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6A013403-9A3B-8C35-1630-90179915F72E}@ablbcfpmokmngbinkpnklbdllelmgkanlm	0x65 0x62 0x6C 0x62 ...

---- EOF - GMER 1.0.15 ----

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP