Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log


  • This topic is locked This topic is locked
3 replies to this topic

#1 ezekial52787

ezekial52787

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 05 August 2010 - 09:36 PM

hey everyone, i'm just posting my hijackthis log for anyone to look at so i can know for sure nothing is wrong with my pc, if anyone see's anything wrong with it, or anything fishy, let me know please so i can see about fixing it.






Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:34:12 PM, on 8/5/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Windowssystem32taskhost.exe
C:WindowsRtHDVCpl.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesDell AIO Printer 948dldfmon.exe
C:Program FilesAVGAVG9avgtray.exe
C:Program FilesWebrootWebrootSecuritySpySweeperUI.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticMOM.exe
C:Program FilesPeerBlockpeerblock.exe
C:Program FilesTrilliantrillian.exe
C:UsersMarkAppDataLocalGoogleUpdate1.2.183.29GoogleCrashHandler.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe
C:Program FilesAVGAVG9Identity Protectionagentbinavgidsmonitor.exe
C:Windowssystem32conhost.exe
C:Program FilesMozilla Firefox 4.0 Beta 2firefox.exe
C:Program FilesCCleanerccleaner.exe
C:Program FilesTrend MicroHiJackThisHiJackThis.exe
C:Program FilesMozilla Thunderbirdthunderbird.exe
C:Windowssystem32SearchFilterHost.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.fndkp.net
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = www.fndkp.net
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:Program FilesAVGAVG9ToolbarIEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG9avgssie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:Program FilesAVGAVG9ToolbarIEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:Program FilesAVGAVG9ToolbarIEToolbar.dll
O4 - HKLM..Run: [RtHDVCpl] "RtHDVCpl.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [Adobe ARM] "C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesCommon FilesJavaJava Updatejusched.exe"
O4 - HKLM..Run: [dldfmon.exe] "C:Program FilesDell AIO Printer 948dldfmon.exe"
O4 - HKLM..Run: [AVG9_TRAY] "C:PROGRA~1AVGAVG9avgtray.exe"
O4 - HKLM..Run: [StartCCC] "C:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe" MSRun
O4 - HKLM..Run: [SpySweeper] "C:Program FilesWebrootWebrootSecuritySpySweeperUI.exe" /startintray
O4 - HKCU..Run: [PeerBlock] "C:Program FilesPeerBlockpeerblock.exe"
O4 - HKCU..Run: [Google Update] "C:UsersMarkAppDataLocalGoogleUpdateGoogleUpdate.exe" /c
O4 - Startup: Trillian.lnk = C:Program FilesTrilliantrillian.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:UsersMarkAppDataRoamingMicrosoftWindowsStart MenuProgramsIMVURun IMVU.lnk
O10 - Unknown file in Winsock LSP: c:program filescommon filesmicrosoft sharedwindows livewlidnsp.dll
O10 - Unknown file in Winsock LSP: c:program filescommon filesmicrosoft sharedwindows livewlidnsp.dll
O10 - Unknown file in Winsock LSP: c:program filesvmwarevmware workstationvsocklib.dll
O10 - Unknown file in Winsock LSP: c:program filesvmwarevmware workstationvsocklib.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:Program FilesAVGAVG9ToolbarIEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG9avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O20 - AppInit_DLLs: c:WindowsSystem32avgrsstx.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:Windowssystem32AERTSrv.exe
O23 - Service: AMD External Events Utility - AMD - C:Windowssystem32atiesrxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:Program FilesAVGAVG9ToolbarToolbarBroker.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG9avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG9avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG9avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG9Identity ProtectionAgentBinAVGIDSAgent.exe
O23 - Service: dldfCATSCustConnectService - Unknown owner - C:Windowssystem32spoolDRIVERSW32X863dldfserv.exe
O23 - Service: dldf_device - - C:Windowssystem32dldfcoms.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:Program FilesCommon FilesLogiShrdLVMVFMLVPrcSrv.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:Program FilesVMwareVMware Workstationvmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:Program FilesVMwareVMware Workstationvmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:Windowssystem32vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:Program FilesCommon FilesVMwareUSBvmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:Windowssystem32vmnat.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:Program FilesWebrootWebrootSecuritySpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:Program FilesWebrootWebrootSecurityWRConsumerService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:Program FilesYahoo!SoftwareUpdateYahooAUService.exe

--
End of file - 6949 bytes

thanks in advance for looking it over!

also, question, would it speed my pc up much if i uninstalled webroot spysweeper? and just left avg 9.0 internet security on there, i have the free version of malwarebytes anti-malware as a stand alone back up scanner, but i notice webroot blocks quite a bit of things from getting through, but if uninstalling it and justh aving avg running will improve system performance alot, i'll get rid of it pronto.

oh, and 1 more thing, if there's anything you think i could remove that would improve system performance that isn't really necessary that it shows there, let me know, and i'll get rid of it, besides trillian auto starting, about to get rid of that right now.

Merged 3 posts and move to log forum. ~ OB

EDIT: Please be patient. There are over 500 unanswered topics in this forum at present and the current average wait time to receive help is well over a week. ~BP

EDIT: You are not going to receive help quicker by constantly bumping your topic. ~BP

also, here's my GMER log, let me know if you see anything wrong with it please.



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-09 05:15:12
Windows 6.1.7600
Running: G-MER.exe; Driver: C:\Users\Mark\AppData\Local\Temp\kxldypoc.sys


---- System - GMER 1.0.15 ----

SSDT 8684C020 ZwAllocateVirtualMemory
SSDT 8684B6A8 ZwCreateProcess
SSDT 8684B4A0 ZwCreateProcessEx
SSDT 8684B2C0 ZwCreateThread
SSDT 8684CE40 ZwCreateThreadEx
SSDT 8684CEB8 ZwCreateUserProcess
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwOpenProcess [0x92D49730]
SSDT 8684B068 ZwQueueApcThread
SSDT 8684CF30 ZwReadVirtualMemory
SSDT 8684B158 ZwSetContextThread
SSDT 8852F320 ZwSetDefaultHardErrorPort
SSDT 8684B3B0 ZwSetInformationProcess
SSDT 8684B1D0 ZwSetInformationThread
SSDT 8684B338 ZwSuspendProcess
SSDT 8684B0E0 ZwSuspendThread
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateProcess [0x92D497E0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwTerminateThread [0x92D49880]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys ZwWriteVirtualMemory [0x92D49920]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C39AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C39104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C393F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C21634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C21898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C391DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C39958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C396F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C39F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C3A1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C99599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBDF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 82CC574C 4 Bytes [20, C0, 84, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 32C 82CC583C 8 Bytes [A8, B6, 84, 86, A0, B4, 84, ...] {TEST AL, 0xb6; TEST [ESI-0x797b4b60], AL}
.text ntkrnlpa.exe!RtlSidHashLookup + 34C 82CC585C 8 Bytes [C0, B2, 84, 86, 40, CE, 84, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 364 82CC5874 4 Bytes [B8, CE, 84, 86]
.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82CC59F8 4 Bytes [30, 97, D4, 92]
.text ...
? System32\Drivers\spwl.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9220D000, 0x2FBAB4, 0xE8000020]
.text USBPORT.SYS!DllUnload 91F87CA0 5 Bytes JMP 870E91D8
.text a1xyvb8e.SYS 927B0000 12 Bytes [44, 48, C2, 82, EE, 46, C2, ...]
.text a1xyvb8e.SYS 927B000D 9 Bytes [27, C2, 82, 48, 4B, C2, 82, ...]
.text a1xyvb8e.SYS 927B0017 170 Bytes [00, DE, 77, 99, 83, E6, 75, ...]
.text a1xyvb8e.SYS 927B00C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text a1xyvb8e.SYS 927B00CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text peauth.sys A2424C9D 28 Bytes [D5, BC, B5, 63, CD, 8F, BB, ...]
.text peauth.sys A2424CC1 28 Bytes [D5, BC, B5, 63, CD, 8F, BB, ...]
PAGE peauth.sys A242AB9B 72 Bytes [C9, 9F, 69, 88, E5, 09, 4A, ...]
PAGE peauth.sys A242ABEC 97 Bytes [19, CB, 25, 13, 27, C0, 72, ...]
PAGE peauth.sys A242AC4E 13 Bytes [C6, DB, 86, A9, 90, F8, FD, ...]
PAGE ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\PeerBlock\peerblock.exe[4312] kernel32.dll!SetUnhandledExceptionFilter 768E3162 5 Bytes JMP 0043F0C0 C:\Program Files\PeerBlock\peerblock.exe (PeerBlock/PeerBlock, LLC)
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[4964] ntdll.dll!KiUserExceptionDispatcher + A 77A06452 5 Bytes JMP 00017DB0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[4964] kernel32.dll!VirtualProtect 768D50AB 5 Bytes JMP 000169B0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[4964] kernel32.dll!LoadLibraryExW 768DB6BF 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[4964] kernel32.dll!VirtualAlloc 768E0614 5 Bytes JMP 00016960 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[4964] kernel32.dll!VirtualFree 768E0D55 5 Bytes JMP 00016990 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[4964] kernel32.dll!CreateFileA 768E291C 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8389B042] \SystemRoot\System32\Drivers\spwl.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8389B6D6] \SystemRoot\System32\Drivers\spwl.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8389B800] \SystemRoot\System32\Drivers\spwl.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8389B13E] \SystemRoot\System32\Drivers\spwl.sys
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortNotification] 00147880
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortInitialize] 157B805E
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
IAT \SystemRoot\System32\Drivers\a1xyvb8e.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2460] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2460] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2460] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2460] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2460] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2460] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[3560] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] [004506C4] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[3560] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [004506C4] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[3560] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [004508C8] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[3560] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] [004506C4] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
IAT C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[3560] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [004508C8] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
IAT C:\Users\Mark\AppData\Local\temp\G-MER.exe[4864] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Mark\AppData\Local\temp\G-MER.exe[4864] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Mark\AppData\Local\temp\G-MER.exe[4864] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Users\Mark\AppData\Local\temp\G-MER.exe[4864] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT D:\HBCD\WinTools\Autorun.exe[5844] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT D:\HBCD\WinTools\Autorun.exe[5844] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT D:\HBCD\WinTools\Autorun.exe[5844] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT D:\HBCD\WinTools\Autorun.exe[5844] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75A65E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85B431F8

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys

Device \Driver\USBSTOR \Device\0000008e 87B791F8
Device \Driver\USBSTOR \Device\0000008f 87B791F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{69C374B7-2098-4CBC-81EB-8931486805AD} 86E55500
Device \Driver\usbuhci \Device\USBPDO-0 870F61F8
Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-1 870F61F8
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-2 870F61F8
Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys
Device \Driver\usbehci \Device\USBPDO-3 87101500
Device \Driver\usbehci \Device\USBPDO-3 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-4 870F61F8
Device \Driver\usbuhci \Device\USBPDO-4 hcmon.sys

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 870F61F8
Device \Driver\usbuhci \Device\USBPDO-5 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-6 870F61F8
Device \Driver\usbuhci \Device\USBPDO-6 hcmon.sys
Device \Driver\volmgr \Device\HarddiskVolume1 85B3F1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{7CE9A0FE-27CC-475B-8AC1-2A4E273657EF} 86E55500
Device \Driver\NetBT \Device\NetBT_Tcpip_{C3A81114-22F5-4F9B-97AD-2A4D4574FC8C} 86E55500
Device \Driver\usbehci \Device\USBPDO-7 87101500
Device \Driver\usbehci \Device\USBPDO-7 hcmon.sys
Device \Driver\volmgr \Device\HarddiskVolume2 85B3F1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 86E4C1F8
Device \Driver\usbhub \Device\USBPDO-8 hcmon.sys
Device \Driver\volmgr \Device\HarddiskVolume3 85B3F1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 86E4C1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85B411F8
Device \Driver\atapi \Device\Ide\IdePort0 85B411F8
Device \Driver\atapi \Device\Ide\IdePort1 85B411F8
Device \Driver\atapi \Device\Ide\IdePort2 85B411F8
Device \Driver\atapi \Device\Ide\IdePort3 85B411F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 85B411F8
Device \Driver\usbhub \Device\USBPDO-9 hcmon.sys
Device \Driver\usbhub \Device\00000073 hcmon.sys
Device \Driver\PCI_PNP7381 \Device\00000066 spwl.sys
Device \Driver\volmgr \Device\HarddiskVolume4 85B3F1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbhub \Device\00000074 hcmon.sys
Device \Driver\volmgr \Device\HarddiskVolume5 85B3F1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbhub \Device\USBPDO-10 hcmon.sys
Device \Driver\usbhub \Device\00000075 hcmon.sys
Device \Driver\volmgr \Device\HarddiskVolume6 85B3F1F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbhub \Device\USBPDO-11 hcmon.sys
Device \Driver\usbhub \Device\00000076 hcmon.sys
Device \Driver\NetBT \Device\NetBt_Wins_Export 86E55500
Device \Driver\usbhub \Device\00000083 hcmon.sys
Device \Driver\usbhub \Device\00000077 hcmon.sys
Device \Driver\USBSTOR \Device\00000091 87B791F8
Device \Driver\usbhub \Device\USBPDO-13 hcmon.sys
Device \Driver\usbhub \Device\00000078 hcmon.sys
Device \Driver\USBSTOR \Device\00000085 87B791F8
Device \Driver\usbhub \Device\00000079 hcmon.sys
Device \Driver\ACPI_HAL \Device\0000005c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 870F61F8
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 870F61F8
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys
Device \Driver\usbhub \Device\0000007a hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-2 870F61F8
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-3 87101500
Device \Driver\usbehci \Device\USBFDO-3 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-4 870F61F8
Device \Driver\usbuhci \Device\USBFDO-4 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-5 870F61F8
Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-6 870F61F8
Device \Driver\usbuhci \Device\USBFDO-6 hcmon.sys
Device \Driver\USBSTOR \Device\0000008b 87B791F8
Device \Driver\sptd \Device\842605382 spwl.sys
Device \Driver\USBSTOR \Device\0000008c 87B791F8
Device \Driver\usbehci \Device\USBFDO-7 87101500
Device \Driver\usbehci \Device\USBFDO-7 hcmon.sys
Device \Driver\a1xyvb8e \Device\Scsi\a1xyvb8e1 870EB500
Device \Driver\a1xyvb8e \Device\Scsi\a1xyvb8e1Port4Path0Target0Lun0 870EB500
Device \Driver\USBSTOR \Device\0000008d 87B791F8
Device \FileSystem\cdfs \Cdfs 87D371F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2B 0x86 0xFC 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0x2A 0x82 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0xC5 0x13 0xB4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xCF 0x31 0x24 0x4D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2B 0x86 0xFC 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF3 0x2A 0x82 0x9A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0xC5 0x13 0xB4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xCF 0x31 0x24 0x4D ...

---- EOF - GMER 1.0.15 ----

Another post merged ~BP

Edited by Budapest, 09 August 2010 - 04:28 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 AM

Posted 14 August 2010 - 01:45 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3. report from MBRchecker
      4.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 AM

Posted 17 August 2010 - 01:40 AM

Hello

three day bump

It has been Three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:57 AM

Posted 20 August 2010 - 07:34 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

The fixes and advice in this thread are for this machine only.
Do not apply the instructions from this thread to your own machine.
Please start a new thread describing your issue and someone will be along to assist you.


With Regards,
Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users