Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Chrome/IE would not work


  • This topic is locked This topic is locked
2 replies to this topic

#1 ericire

ericire

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:59 AM

Posted 08 June 2010 - 07:04 PM

hello bleepingcomputer. something very unusual happened to my computer.
i tried using chrome and it wouldnt connect so i tried IE and it also didnt work
but firefox seems to work fine any thoughts? Thanks in advance!




---DDS Log---


DDS (Ver_10-03-17.01) - NTFSx86
Run by Eric Chang at 16:59:46.84 on 2010-06-08
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.2047.1175 [GMT -7:00]


============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\The KMPlayer\KMPlayer.exe
C:\Documents and Settings\Eric Chang\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
uRun: [Google Update] "c:\documents and settings\eric chang\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Creative Software Update] "c:\program files\creative\shared files\software update\AutoUpdate.exe" /Silent
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [D-Link AirPlus Xtreme G] c:\program files\d-link\airplus xtreme g\AirPlusCFG.exe
mRun: [ANIWZCSService] c:\program files\alpha networks\aniwzcs service\WZCSLDR.exe
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe"
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [VX1000] c:\windows\vVX1000.exe
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [CTAutoUpdate] "c:\program files\creative\shared files\software update\AutoUpdate.exe" /RunFromInstaller
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: seenjoy.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {56DCC28F-A5B1-4D19-87BB-AEF094C10F37} - hxxp://mmchat.seenjoy.com/zeroworld/ZInstallX/download/seenjoy/ZInsX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {9B19D8F3-064E-4D71-B9EF-C39DDD2A1584} - hxxp://www.missybox.com/mmsv/MissyWebControl.CAB
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 221.140.111.137 hdcorea.goanygate.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ericch~1\applic~1\mozilla\firefox\profiles\c3s8vijw.default\
FF - plugin: c:\documents and settings\eric chang\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\documents and settings\eric chang\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-4-15 30208]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-4-26 610304]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2003-10-22 344800]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-4-15 224256]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100528.002\NAVENG.sys [2010-5-28 85552]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100528.002\NAVEX15.sys [2010-5-28 1347504]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-3-7 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]

=============== Created Last 30 ================

2010-06-07 20:12:26 0 d-----w- c:\program files\Trend Micro
2010-06-07 19:49:45 0 d-----w- c:\docume~1\ericch~1\applic~1\Malwarebytes
2010-06-07 19:49:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-07 19:49:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-07 19:49:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-07 19:49:38 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-07 07:49:30 0 d-----w- c:\windows\pss
2010-05-26 18:46:23 0 d-----w- c:\documents and settings\eric chang\yf
2010-05-26 18:43:08 41500 ----a-w- c:\documents and settings\eric chang\.ems.cfg
2010-05-26 18:41:14 0 d-----w- c:\program files\Your Freedom
2010-05-24 09:28:59 588 ----a-w- c:\windows\system32\settingsbkup.sfm
2010-05-24 09:28:59 588 ----a-w- c:\windows\system32\settings.sfm
2010-05-18 16:42:36 0 d-----w- c:\program files\Desktop Screen Record 5
2010-05-17 08:36:28 230424 ----a-w- C:\img2-003.raw
2010-05-15 00:47:42 230424 ----a-w- C:\img2-002.raw

==================== Find3M ====================

2010-04-13 02:05:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-10 01:54:50 361640 ----a-w- c:\windows\system32\YoAutoInstall.exe
2010-04-10 01:54:24 38056 ----a-w- c:\windows\CDUnInstall.exe
2010-04-03 22:53:45 364544 ----a-w- c:\windows\system32\WDBtnMgr.exe
2010-03-31 20:17:29 31768 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-07 11:16:30 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010030720100308\index.dat

============= FINISH: 17:01:03.33 ===============










---GMER Log---


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-08 14:33:13
Windows 5.1.2600 Service Pack 3
Running: 51eku6id.exe; Driver: C:\DOCUME~1\ERICCH~1\LOCALS~1\Temp\kwlyrkog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB68C4380, 0x550AF5, 0xE8000020]
.rsrc C:\WINDOWS\system32\DRIVERS\fsvga.sys entry point in ".rsrc" section [0xB8586694]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[924] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A2000A
.text C:\WINDOWS\System32\svchost.exe[924] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A3000A
.text C:\WINDOWS\System32\svchost.exe[924] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0074000C
.text C:\WINDOWS\System32\svchost.exe[924] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 01B7000A
.text C:\WINDOWS\System32\svchost.exe[924] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00FA000A
.text C:\WINDOWS\Explorer.EXE[1716] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BF000A
.text C:\WINDOWS\Explorer.EXE[1716] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C9000A
.text C:\WINDOWS\Explorer.EXE[1716] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BE000C
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] kernel32.dll!DeviceIoControl 7C801629 7 Bytes JMP 00607340 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] kernel32.dll!IsDebuggerPresent 7C813133 6 Bytes JMP 00606C80 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00606FFC C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegCloseKey 77DD6C27 5 Bytes JMP 00606C84 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 5 Bytes JMP 00607170 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00606D68 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00606FC4 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00606F98 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 5 Bytes JMP 00607134 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegEnumKeyExW 77DD7BD9 5 Bytes JMP 00606EA0 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegEnumValueW 77DD7EED 5 Bytes JMP 00606F28 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegSetValueExW 77DDD767 7 Bytes JMP 00607258 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegQueryValueW 77DDD87A 5 Bytes JMP 00607100 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00606D24 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegSetValueExA 77DDEAE7 7 Bytes JMP 0060721C C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegDeleteValueA 77DDECE5 5 Bytes JMP 00606E04 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegDeleteValueW 77DDEDF1 5 Bytes JMP 00606E30 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00606F6C C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 5 Bytes JMP 00606DAC C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegQueryInfoKeyA 77DE4332 5 Bytes JMP 00607034 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegQueryInfoKeyW 77DE49CE 5 Bytes JMP 00607080 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegEnumKeyExA 77DE51B6 5 Bytes JMP 00606E5C C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegDeleteKeyW 77DE559B 5 Bytes JMP 00606DD8 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegFlushKey 77DF4CE0 5 Bytes JMP 00606CA8 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegEnumValueA 77DF9BBF 5 Bytes JMP 00606EE4 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00606CF8 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegQueryValueA 77DFBB8D 5 Bytes JMP 006070CC C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00606CCC C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegSetValueA 77DFC79E 5 Bytes JMP 006071AC C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ADVAPI32.dll!RegSetValueW 77E36116 5 Bytes JMP 006071E4 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 006072E8 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00607314 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)
.text C:\Program Files\The KMPlayer\KMPlayer.exe[3364] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00606228 C:\Program Files\The KMPlayer\KMPlayer.exe (The KMPlayer/Pandora.TV)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device -> \Driver\atapi \Device\Harddisk0\DR0 8A2E5EC5

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0xF2 0x17 0xD7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC7 0x4C 0xD6 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0x74 0x32 0xC1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0xF2 0x17 0xD7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC7 0x4C 0xD6 0x74 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0x74 0x32 0xC1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0xF2 0x17 0xD7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC7 0x4C 0xD6 0x74 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0x74 0x32 0xC1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBC 0xF2 0x17 0xD7 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC7 0x4C 0xD6 0x74 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0x74 0x32 0xC1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@EncoderType 1

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\DRIVERS\fsvga.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----



BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:59 PM

Posted 12 June 2010 - 10:03 AM

Hi,


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.


Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds logs (both dds.txt & attach.txt).


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:59 PM

Posted 19 June 2010 - 04:28 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users