Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT log, need help analyzing


  • This topic is locked This topic is locked
5 replies to this topic

#1 avionator

avionator

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 31 March 2009 - 01:48 PM

hey-o. i'm new to this, but i've tried to do a little research on my own. i learned enough to get hijackthis and run a scan. i've got the toseeka hijacker (can't remember the actual name, but it redirects to a site called toseeka).

here's some basic info on my equipment.... i'm using a HP 6535b with a downgrade to windows xp pro.

here is my HJT log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:57 PM, on 3/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\AccelerometerSt.Exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.acphs.edu/webapps/portal/frameset.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\msafdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msafdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msafdlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\msafdlsp.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1234892027500
O17 - HKLM\System\CCS\Services\Tcpip\..\{15BB8344-6B8F-4880-BC44-D8991B11F0FB}: NameServer = 85.255.112.111,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{B82EF720-751F-41EE-B8F6-012FDFE306E7}: NameServer = 85.255.112.111,85.255.112.200
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.111,85.255.112.200
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.111,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.111,85.255.112.200
O20 - Winlogon Notify: ackpbsc - C:\WINDOWS\system32\ackpbsc.dll
O20 - Winlogon Notify: acunlock - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll
O23 - Service: ActivClient Middleware Service (accoca) - ActivIdentity - C:\Program Files\ActivIdentity\ActivClient\accoca.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\Pharos\Bin\CTskMstr.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 9850 bytes


any help would be appreciated. this thing keeps turning my firewall off and i hear that it can be really bad.

thanks!

BC AdBot (Login to Remove)

 


#2 avionator

avionator
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 31 March 2009 - 01:54 PM

here is my OTListIt2 log as well

OTListIt logfile created on: 3/31/2009 2:52:35 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\nashettj\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 57.53% Memory free
3.60 Gb Paging File | 2.94 Gb Available in Paging File | 81.72% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101.80 Gb Total Space | 60.51 Gb Free Space | 59.44% Space Free | Partition Type: NTFS
Drive D: | 9.99 Gb Total Space | 3.54 Gb Free Space | 35.44% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACOB-NASHETT
Current User Name: nashettj
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/05/15 18:06:38 | 00,540,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008/05/12 15:55:08 | 00,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2006/07/19 20:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 20:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/05/15 17:08:38 | 00,095,024 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2008/05/15 18:06:38 | 00,540,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006/04/11 18:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2008/04/14 08:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/05/15 17:08:40 | 00,182,576 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2008/03/18 17:27:12 | 00,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/09/27 21:33:22 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2009/02/24 10:13:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/01/27 23:37:24 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2006/09/27 21:33:32 | 01,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/04/04 11:09:56 | 01,044,480 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2008/06/09 09:10:04 | 00,082,224 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\AccelerometerSt.Exe
PRC - [2008/06/20 17:19:50 | 01,310,720 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/05/15 17:08:08 | 00,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2008/05/14 12:26:06 | 00,177,456 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
PRC - [2006/07/19 20:26:04 | 00,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/09/27 21:33:44 | 00,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/05/15 17:08:38 | 00,095,024 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/02/24 10:13:18 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/03/30 15:01:05 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2008/04/16 09:18:34 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
PRC - [2008/05/26 23:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 08:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/04/03 12:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
PRC - [2007/07/17 12:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2007/07/17 12:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2009/03/18 22:52:24 | 00,766,960 | ---- | M] (Google Inc.) -- C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/03/18 22:52:24 | 00,766,960 | ---- | M] (Google Inc.) -- C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/02/24 10:13:18 | 00,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/03/31 14:37:48 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
PRC - [2009/03/18 22:52:24 | 00,766,960 | ---- | M] (Google Inc.) -- C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/03/18 22:52:24 | 00,766,960 | ---- | M] (Google Inc.) -- C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/03/18 22:52:24 | 00,766,960 | ---- | M] (Google Inc.) -- C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/03/18 22:52:24 | 00,766,960 | ---- | M] (Google Inc.) -- C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/03/31 14:52:29 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\nashettj\My Documents\Downloads\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/05/15 17:08:40 | 00,182,576 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca [Auto | Running])
SRV - [2008/03/18 17:27:12 | 00,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio [Auto | Running])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/05/15 18:06:38 | 00,540,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/05/12 15:55:08 | 00,264,800 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2006/07/19 20:26:06 | 00,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2006/07/19 20:26:12 | 00,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/04/03 12:33:26 | 00,193,840 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe -- (Com4QLBEx [On_Demand | Running])
SRV - [2006/09/27 21:33:22 | 00,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 08:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/04/16 09:18:34 | 00,165,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe -- (hpqwmiex [On_Demand | Running])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/02/24 10:13:18 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/01/27 23:37:24 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2006/09/02 17:36:33 | 02,528,960 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008/09/25 17:45:34 | 00,045,056 | ---- | M] (Dynamic Knowledge Transfer, LLC.) -- C:\Program Files\DyKnow\client\DyKnow.Host.dll -- (NetInfs [Auto | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/23 21:32:04 | 00,294,912 | ---- | M] (Pharos Systems International) -- C:\Program Files\Pharos\Bin\CTskMstr.exe -- (Pharos Systems ComTaskMaster [Auto | Stopped])
SRV - [2008/04/08 08:12:50 | 01,112,560 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10 [On_Demand | Stopped])
SRV - [2006/09/27 21:33:38 | 00,116,464 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
SRV - [2006/08/07 17:03:02 | 00,214,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - [2006/04/11 18:13:38 | 01,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])
SRV - [2008/03/24 08:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2006/09/27 21:33:32 | 01,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/05/23 14:50:16 | 00,028,592 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\DRIVERS\Accelerometer.sys -- (Accelerometer [On_Demand | Running])
DRV - [2008/04/11 12:19:42 | 00,338,944 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV - [2007/07/13 06:26:12 | 00,094,976 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\AEAudio.sys -- (AEAudio [On_Demand | Running])
DRV - [2008/03/21 17:13:00 | 01,203,776 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\DRIVERS\AGRSM.sys -- (AgereSoftModem [On_Demand | Running])
DRV - [2007/04/16 17:46:34 | 00,033,792 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdPPM.sys -- (AmdPPM [System | Running])
DRV - [2008/05/15 20:33:44 | 02,881,536 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007/11/29 18:35:44 | 00,163,328 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2008/10/23 02:58:36 | 01,391,104 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2008/05/14 04:08:14 | 00,879,624 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\DRIVERS\btkrnl.sys -- (BTKRNL [On_Demand | Running])
DRV - [2008/05/14 04:08:16 | 00,074,688 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Running])
DRV - [2005/12/05 19:16:14 | 00,005,273 | ---- | M] (Arrowkey) -- C:\Program Files\Quintessential Player\cdrpdacc.sys -- (CDRPDACC [Auto | Running])
DRV - [2009/02/26 05:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/02/26 05:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2008/04/28 16:22:10 | 00,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\DRIVERS\cpqbttn.sys -- (HBtnKey [On_Demand | Running])
DRV - [2008/04/14 08:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/05/23 14:51:02 | 00,024,624 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt [Boot | Running])
DRV - [2007/06/18 18:12:04 | 00,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr [On_Demand | Running])
DRV - [2009/03/16 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090330.002\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/03/16 04:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090330.002\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2008/04/14 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/04/07 23:00:00 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/09/06 15:41:20 | 00,337,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
DRV - [2006/09/06 15:41:20 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
DRV - [2007/06/21 05:40:02 | 00,056,448 | ---- | M] (SCM Microsystems Inc.) -- C:\WINDOWS\system32\DRIVERS\SCR3XX2K.sys -- (SCR3XX2K [On_Demand | Stopped])
DRV - [2008/04/14 08:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/03/28 06:14:02 | 00,024,064 | ---- | M] (Sonic Focus, Inc) -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO [Boot | Running])
DRV - [2006/04/11 18:13:34 | 00,389,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2006/09/18 18:55:28 | 00,109,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2006/08/07 17:02:22 | 00,024,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2006/08/07 17:02:26 | 00,195,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2008/06/20 17:04:34 | 00,225,696 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2007/06/08 14:15:20 | 00,194,362 | ---- | M] (Jungo) -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6 [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://community.acphs.edu/webapps/portal/frameset.jsp
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/17 14:03:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/24 10:13:18 | 00,000,000 | ---D | M]


O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.Exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" (ActivIdentity)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 8
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\MSAFDLsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\MSAFDLsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\MSAFDLsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\MSAFDLsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\MSAFDLsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\MSAFDLsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\MSAFDLsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\MSAFDLsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\MSAFDLsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\MSAFDLsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\MSAFDLsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\MSAFDLsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\MSAFDLsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\MSAFDLsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\MSAFDLsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\MSAFDLsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\MSAFDLsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\MSAFDLsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\MSAFDLsp.dll ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1234892027500 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.111,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{15BB8344-6B8F-4880-BC44-D8991B11F0FB}\\NameServer = 85.255.112.111,85.255.112.200
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{B82EF720-751F-41EE-B8F6-012FDFE306E7}\\NameServer = 85.255.112.111,85.255.112.200
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - C:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll - C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/17 14:58:16 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/03/31 14:00:56 | 00,000,436 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/31 14:00:56 | 00,000,251 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{03952de9-1d86-11de-836a-002100a28110}\Shell - "" = Autorun
O33 - MountPoints2\{03952de9-1d86-11de-836a-002100a28110}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{03952de9-1d86-11de-836a-002100a28110}\Shell\Open\command - "" = RECYCLER\S-3-3-39-100028743-100029338-100020944-4872.com f:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/03/31 14:37:48 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\nashettj\Desktop\HijackThis.lnk
[2009/03/31 14:37:48 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/31 14:35:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Application Data\Sun
[2009/03/31 14:32:12 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/31 14:32:12 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/31 14:32:10 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/31 14:32:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/31 14:32:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/31 14:31:20 | 00,007,680 | ---- | C] () -- C:\Documents and Settings\nashettj\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/31 14:13:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Application Data\Windows Search
[2009/03/31 13:59:34 | 04,825,616 | -H-- | C] () -- C:\Documents and Settings\nashettj\Local Settings\Application Data\IconCache.db
[2009/03/31 13:56:56 | 00,000,436 | RHS- | C] () -- C:\autorun.inf
[2009/03/31 13:56:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Desktop\stuff to be backed up
[2009/03/31 00:26:03 | 18,757,59104 | -HS- | C] () -- C:\hiberfil.sys
[2009/03/30 21:30:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Application Data\InterVideo
[2009/03/30 19:54:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Local Settings\Application Data\ATI
[2009/03/30 19:53:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Local Settings\Application Data\Identities
[2009/03/30 19:53:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Local Settings\Application Data\Symantec
[2009/03/30 19:53:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Local Settings\Application Data\Microsoft
[2009/03/30 19:53:39 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\nashettj\Application Data\desktop.ini
[2009/03/30 19:53:38 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\nashettj\My Documents\Setup ACPHS Wireless CLICK HERE!.doc
[2009/03/30 19:53:38 | 00,000,847 | ---- | C] () -- C:\Documents and Settings\nashettj\Desktop\Microsoft Office Powerpoint 2003.lnk
[2009/03/30 19:53:38 | 00,000,840 | ---- | C] () -- C:\Documents and Settings\nashettj\Desktop\Microsoft Office Word 2003.lnk
[2009/03/30 19:53:38 | 00,000,840 | ---- | C] () -- C:\Documents and Settings\nashettj\Desktop\Microsoft Office Onenote 2003.lnk
[2009/03/30 19:53:38 | 00,000,828 | ---- | C] () -- C:\Documents and Settings\nashettj\Desktop\Microsoft Office Excel 2003.lnk
[2009/03/30 19:53:38 | 00,000,658 | ---- | C] () -- C:\Documents and Settings\nashettj\Desktop\Click here to set up wireless access.lnk
[2009/03/30 19:53:38 | 00,000,642 | -H-- | C] () -- C:\Documents and Settings\nashettj\My Documents\SWWATER.INI
[2009/03/30 19:53:38 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\nashettj\Start Menu\Programs\Startup\desktop.ini
[2009/03/30 19:53:38 | 00,000,079 | -HS- | C] () -- C:\Documents and Settings\nashettj\My Documents\desktop.ini
[2009/03/30 19:53:37 | 00,000,000 | --SD | C] -- C:\Documents and Settings\nashettj\Application Data\Microsoft
[2009/03/30 19:53:37 | 00,000,000 | R--D | C] -- C:\Documents and Settings\nashettj\My Documents\My Pictures
[2009/03/30 19:53:37 | 00,000,000 | R--D | C] -- C:\Documents and Settings\nashettj\My Documents\My Music
[2009/03/30 19:53:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\My Documents\Bluetooth Exchange Folder
[2009/03/30 19:53:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Desktop\Extra Software
[2009/03/30 19:53:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Application Data\Windows Desktop Search
[2009/03/30 19:53:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Application Data\Macromedia
[2009/03/30 19:53:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Application Data\InstallShield
[2009/03/30 19:53:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Application Data\Identities
[2009/03/30 19:53:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Application Data\hpqLog
[2009/03/30 19:53:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Application Data\ATI
[2009/03/30 19:53:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Application Data\Adobe
[2009/03/30 19:49:33 | 00,873,374 | ---- | C] () -- C:\WINDOWS\System32\oem25.inf
[2009/03/30 19:38:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\My Documents\AIMLogger
[2009/03/30 19:36:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Application Data\acccore
[2009/03/30 19:35:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Local Settings\Application Data\AOL OCP
[2009/03/30 19:35:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Local Settings\Application Data\AOL
[2009/03/30 19:08:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/30 19:08:06 | 00,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2009/03/30 19:08:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/03/30 19:08:05 | 00,001,674 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[2009/03/30 19:07:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2009/03/30 19:07:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL
[2009/03/30 19:07:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2009/03/30 19:07:25 | 00,000,000 | ---D | C] -- C:\Program Files\AIM6
[2009/03/30 19:07:21 | 00,000,366 | -H-- | C] () -- C:\IPH.PH
[2009/03/30 18:27:29 | 00,000,794 | ---- | C] () -- C:\Documents and Settings\nashettj\Desktop\Quintessential Player.lnk
[2009/03/30 18:27:24 | 00,000,000 | ---D | C] -- C:\Program Files\Quintessential Player
[2009/03/30 15:02:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\My Documents\Downloads
[2009/03/30 15:02:15 | 00,002,269 | ---- | C] () -- C:\Documents and Settings\nashettj\Desktop\Google Chrome.lnk
[2009/03/30 15:01:15 | 00,000,938 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-241881091-1921384396-972685783-1018.job
[2009/03/30 15:01:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Local Settings\Application Data\Google
[2009/03/30 15:00:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Local Settings\Application Data\Deployment
[2009/03/30 15:00:06 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/03/30 15:00:06 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/03/30 14:58:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\nashettj\Desktop\ALL MUSIC
[2009/03/30 14:57:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/03/31 14:37:48 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\nashettj\Desktop\HijackThis.lnk
[2009/03/31 14:34:09 | 00,550,490 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/31 14:34:09 | 00,462,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/31 14:34:09 | 00,078,458 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/31 14:32:12 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/31 14:31:27 | 00,007,680 | ---- | M] () -- C:\Documents and Settings\nashettj\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/31 14:30:25 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/31 14:29:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/31 14:29:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/31 14:29:27 | 18,757,59104 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/31 14:28:18 | 04,825,616 | -H-- | M] () -- C:\Documents and Settings\nashettj\Local Settings\Application Data\IconCache.db
[2009/03/31 14:02:17 | 00,291,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/31 14:00:56 | 00,000,436 | RHS- | M] () -- C:\autorun.inf
[2009/03/31 14:00:24 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/31 12:55:14 | 00,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-241881091-1921384396-972685783-1018.job
[2009/03/30 19:50:29 | 00,000,735 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/03/30 19:50:15 | 00,000,223 | RHS- | M] () -- C:\boot.ini
[2009/03/30 19:49:28 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/03/30 19:35:47 | 00,000,366 | -H-- | M] () -- C:\IPH.PH
[2009/03/30 19:08:05 | 00,001,674 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM 6.lnk
[2009/03/30 18:27:29 | 00,000,794 | ---- | M] () -- C:\Documents and Settings\nashettj\Desktop\Quintessential Player.lnk
[2009/03/30 15:02:15 | 00,002,269 | ---- | M] () -- C:\Documents and Settings\nashettj\Desktop\Google Chrome.lnk
[2009/03/30 14:57:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
< End of report >

#3 avionator

avionator
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 31 March 2009 - 02:17 PM

running GMER right now...

note: i tried to run Malawarebytes' Anti-Malware but it would not launch.

#4 avionator

avionator
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:56 PM

Posted 31 March 2009 - 02:26 PM

GMER logs...



GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-03-31 15:25:23
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 8995B2C8 ZwAlertResumeThread
SSDT 8995F140 ZwAlertThread
SSDT 89943F18 ZwAllocateVirtualMemory
SSDT 898FA100 ZwConnectPort
SSDT 899FB7F0 ZwCreateMutant
SSDT 89927618 ZwCreateThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0x98A21350]
SSDT 89A53DB8 ZwFreeVirtualMemory
SSDT 89972E08 ZwImpersonateAnonymousToken
SSDT 8994C790 ZwImpersonateThread
SSDT 89AF5480 ZwMapViewOfSection
SSDT 899FA6B8 ZwOpenEvent
SSDT 89A424D0 ZwOpenProcessToken
SSDT 8941F220 ZwOpenThreadToken
SSDT 898C9008 ZwQueryValueKey
SSDT 89A3A300 ZwResumeThread
SSDT 8990E788 ZwSetContextThread
SSDT 898D4598 ZwSetInformationProcess
SSDT 89973438 ZwSetInformationThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0x98A21580]
SSDT 899E5450 ZwSuspendProcess
SSDT 8993D008 ZwSuspendThread
SSDT 898D80A8 ZwTerminateProcess
SSDT 89940838 ZwTerminateThread
SSDT 89BA80E8 ZwUnmapViewOfSection
SSDT 89AF5D28 ZwWriteVirtualMemory

Code 8990F5A8 ZwEnumerateKey
Code 8990DCB8 ZwFlushInstructionCache
Code 8990780E IofCallDriver
Code 898D6886 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EF1A6 5 Bytes JMP 89907813
.text ntkrnlpa.exe!IofCompleteRequest 804EF236 5 Bytes JMP 898D688B
.text ntkrnlpa.exe!ZwCallbackReturn + 2FF0 8050488C 4 Bytes CALL A4DA0311
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805B6812 5 Bytes JMP 8990DCBC
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FD2 5 Bytes JMP 8990F5AC

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[1160] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0087000A
.text C:\WINDOWS\system32\svchost.exe[1160] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 008A000A
.text C:\WINDOWS\system32\svchost.exe[1160] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0088000A
.text C:\WINDOWS\system32\svchost.exe[1160] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0089000A
.text C:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0087000A
.text C:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 008A000A
.text C:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0088000A
.text C:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0089000A
.text C:\WINDOWS\System32\svchost.exe[1316] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0087000A
.text C:\WINDOWS\System32\svchost.exe[1316] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 008A000A
.text C:\WINDOWS\System32\svchost.exe[1316] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0088000A
.text C:\WINDOWS\System32\svchost.exe[1316] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0089000A
.text C:\WINDOWS\system32\svchost.exe[1432] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0087000A
.text C:\WINDOWS\system32\svchost.exe[1432] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 008A000A
.text C:\WINDOWS\system32\svchost.exe[1432] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0088000A
.text C:\WINDOWS\system32\svchost.exe[1432] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0089000A
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0087000A
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 008A000A
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0088000A
.text C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0089000A
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [25, 00, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [65, 00, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A5, 01, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes [E5, 01, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A5, 02, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [65, 01, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [65, 02, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes [E5, 02, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A5, 00, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes [E5, 00, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [25, 01, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [25, 02, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1512] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\WINDOWS\system32\SearchIndexer.exe[2208] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [25, 00, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [65, 00, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A5, 01, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes [E5, 01, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A5, 02, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [65, 01, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [65, 02, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes [E5, 02, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A5, 00, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes [E5, 00, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [25, 01, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [25, 02, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2268] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [25, 00, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [65, 00, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A5, 01, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes [E5, 01, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A5, 02, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [65, 01, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [65, 02, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes [E5, 02, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A5, 00, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes [E5, 00, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [25, 01, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [25, 02, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [25, 00, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [65, 00, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A5, 01, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes [E5, 01, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A5, 02, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [65, 01, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [65, 02, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes [E5, 02, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A5, 00, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes [E5, 00, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [25, 01, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [25, 02, 15, 00]
.text C:\Documents and Settings\nashettj\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\gaopdxhrwslhnkruamdhopnwntqelmnulolkiy.sys (*** hidden *** ) BA1A8000-BA1B6000 (57344 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\system32\SearchFilterHost.exe (*** hidden *** ) 4016

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\gaopdxhrwslhnkruamdhopnwntqelmnulolkiy.sys (*** hidden *** ) [SYSTEM] gaopdxserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxhrwslhnkruamdhopnwntqelmnulolkiy.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxhrwslhnkruamdhopnwntqelmnulolkiy.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxonqhjtoxuamqsjrpqsgkpjinalenyqaa.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxhrwslhnkruamdhopnwntqelmnulolkiy.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules@gaopdxserv \\?\globalroot\systemroot\system32\drivers\gaopdxhrwslhnkruamdhopnwntqelmnulolkiy.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules@gaopdxl \\?\globalroot\systemroot\system32\gaopdxonqhjtoxuamqsjrpqsgkpjinalenyqaa.dll

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\gaopdxcounter 4 bytes
File C:\WINDOWS\system32\gaopdxonqhjtoxuamqsjrpqsgkpjinalenyqaa.dll 13312 bytes executable
File C:\WINDOWS\system32\drivers\gaopdxhrwslhnkruamdhopnwntqelmnulolkiy.sys 40960 bytes executable <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:56 PM

Posted 08 April 2009 - 04:06 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:03:56 PM

Posted 19 April 2009 - 06:26 PM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users