GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-01 05:52:36 Windows 6.1.7601 Service Pack 1 Running: lz6qhtie.exe ---- Services - GMER 1.0.15 ---- Service C:\SystemRoot\System32\Drivers\d42928de2e89ffa1.sys (*** hidden *** ) [BOOT] d42928de2e89ffa1 <-- ROOTKIT !!! ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\d42928de2e89ffa1@ImagePath \SystemRoot\System32\Drivers\d42928de2e89ffa1.sys Reg HKLM\SYSTEM\CurrentControlSet\services\d42928de2e89ffa1@Group Boot Bus Extender Reg HKLM\SYSTEM\CurrentControlSet\services\d42928de2e89ffa1@ErrorControl 0 Reg HKLM\SYSTEM\CurrentControlSet\services\d42928de2e89ffa1@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\d42928de2e89ffa1@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\services\d42928de2e89ffa1@Tag 1 Reg HKLM\SYSTEM\CurrentControlSet\services\d42928de2e89ffa1@DisplayName syshost.exe Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x11 0x1A 0xF9 0x15 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDE 0x20 0xF4 0x37 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x28 0x85 0x53 0xEF ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x15 0x92 0xF7 0x37 ... Reg HKLM\SYSTEM\ControlSet004\services\d42928de2e89ffa1@ImagePath \SystemRoot\System32\Drivers\d42928de2e89ffa1.sys Reg HKLM\SYSTEM\ControlSet004\services\d42928de2e89ffa1@Group Boot Bus Extender Reg HKLM\SYSTEM\ControlSet004\services\d42928de2e89ffa1@ErrorControl 0 Reg HKLM\SYSTEM\ControlSet004\services\d42928de2e89ffa1@Type 1 Reg HKLM\SYSTEM\ControlSet004\services\d42928de2e89ffa1@Start 0 Reg HKLM\SYSTEM\ControlSet004\services\d42928de2e89ffa1@Tag 1 Reg HKLM\SYSTEM\ControlSet004\services\d42928de2e89ffa1@DisplayName syshost.exe Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x11 0x1A 0xF9 0x15 ... Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDE 0x20 0xF4 0x37 ... Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x28 0x85 0x53 0xEF ... Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x15 0x92 0xF7 0x37 ... Reg HKLM\SYSTEM\Software\Comodo\CCE\PendingOperations@EnumedServices ????Sv??????? ???????&?????&?&????????????????????????????????@??u?u?u?u?u?u?u?u?u?u?u?u?u?ute???????x???????????y?y?y?y?y?yle8??y?y?y?y?y?y?y?y?y?y?y?y?y(??y?y?y?y?y?y?y?yTe??v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Windows\SysWOW64\PnkBstrA.exe|Name=PnkBstrA|?9???&???????????????????????????????&???????????????????????????f???&???????????????????????????????????????d???????t???????}??? ???????????????????L????????????????????0?N???hid_device_system_mouse?????v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Windows\SysWOW64\PnkBstrB.exe|Name=PnkBstrB|???8?xe|Name=Left 4 Dead 2|? 2|??? ???????????????????y????????????????????????sCC0??\??\C:\Windows\system32\drivers\iswtwq.sys??????? ??????????????????????????????????????????\???0?@??????????????????????? ?????????????????????????? ???????L???????? ??d???? ??? ?,???????????SysClass.Dll,MouseClassInstaller????v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\NVIDIA ---- Files - GMER 1.0.15 ---- File C:\ProgramData\MFAData\logs\mfa-20120831-143029.log 575608 bytes File C:\ProgramData\MFAData\logs\msi-20120831-143029.log 6998452 bytes ---- EOF - GMER 1.0.15 ----