Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Trojan or Virus of some sort HJT, DDS, and GMER Report


  • This topic is locked This topic is locked
7 replies to this topic

#1 thenewclimax

thenewclimax

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 10 December 2010 - 11:13 PM

Seem to have issues with my system. I have attempted to use Spybot, Malware removal programs and Symantic and the problem still exists.

The issue is that I continue to receive constant IE popup boxes upon start up. I do not use IE and only use Google Chrome but IE continues to create multiple pop up boxes without stop. Even if I close the boxes or End the Task they continue to pop up. The issue started last night, 12/09/10

Blacklight reported no hidden files.

DDS Report


FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Black Beauty\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\SearchProtocolHost.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\black beauty\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1276960894750
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\blackb~1\applic~1\mozilla\firefox\profiles\299qysep.default\
FF - component: c:\documents and settings\black beauty\application data\mozilla\firefox\profiles\299qysep.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\black beauty\application data\mozilla\firefox\profiles\299qysep.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\black beauty\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\blackb~1\applic~1\mozilla\firefox\profiles\299qysep.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Conduit Engine : engine@conduit.com - c:\docume~1\blackb~1\applic~1\mozilla\firefox\profiles\299qysep.default\extensions\engine@conduit.com
FF - Extension: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\docume~1\blackb~1\applic~1\mozilla\firefox\profiles\299qysep.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-1-25 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-1-25 108392]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-4-23 1831024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-10 102448]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-6-19 105984]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101210.002\NAVENG.SYS [2010-12-10 86136]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101210.002\NAVEX15.SYS [2010-12-10 1360248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2009-12-2 23888]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-11 03:53:28 24983 ----a-w- c:\windows\system32\3532817141.dll
2010-12-10 19:50:20 -------- d-----w- c:\docume~1\blackb~1\locals~1\applic~1\Symantec
2010-12-10 19:50:04 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-12-10 19:49:01 97096 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2010-12-10 19:48:46 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-12-10 19:48:46 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-10 19:48:23 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-12-10 19:48:01 -------- d-----w- c:\program files\Symantec
2010-12-10 19:48:01 -------- d-----w- c:\program files\common files\Symantec Shared
2010-12-10 19:48:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-12-10 19:46:43 -------- d-----w- C:\MR6_Unzip
2010-12-10 18:14:43 -------- d-----w- c:\docume~1\blackb~1\applic~1\Malwarebytes
2010-12-10 18:14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-10 18:14:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-10 18:14:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-10 18:14:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-10 17:15:37 388096 ----a-r- c:\docume~1\blackb~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-10 17:15:36 -------- d-----w- c:\program files\Trend Micro
2010-12-10 16:51:03 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{b8065381-c392-4406-941b-7c21b3277ab0}\mpengine.dll
2010-12-10 09:10:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-10 09:10:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-12-10 09:01:20 -------- d-sh--w- C:\found.000
2010-12-10 08:21:16 -------- d-----w- c:\program files\common files\Data
2010-12-10 08:19:11 197632 ----a-w- c:\program files\common files\OnlineFilesManager.dll
2010-12-08 04:58:21 -------- d-----w- c:\docume~1\blackb~1\applic~1\PriceGong
2010-12-02 02:13:03 -------- d-----w- c:\program files\Conduit
2010-12-02 02:13:03 -------- d-----w- c:\docume~1\blackb~1\locals~1\applic~1\Conduit
2010-12-02 02:13:02 -------- d-----w- c:\docume~1\blackb~1\locals~1\applic~1\BitTorrentBar
2010-12-02 02:12:58 -------- d-----w- c:\docume~1\blackb~1\locals~1\applic~1\ConduitEngine
2010-12-02 02:12:55 -------- d-----w- c:\program files\ConduitEngine
2010-12-02 02:12:53 -------- d-----w- c:\program files\BitTorrentBar
2010-12-01 06:30:26 -------- d-----w- c:\program files\SystemRequirementsLab
2010-12-01 06:04:57 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-12-01 06:04:38 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-11-30 15:21:10 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2010-11-30 06:30:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\Examsoft
2010-11-30 03:22:18 -------- d-----w- c:\program files\ExamSoft
2010-11-30 03:22:05 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2010-11-29 04:10:00 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-24 06:31:08 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-24 06:30:35 -------- d-----w- C:\68e300bc01d1681f9f
2010-11-17 05:23:14 -------- d-----w- c:\program files\iPod
2010-11-17 05:23:13 -------- d-----w- c:\program files\iTunes

==================== Find3M ====================

2010-09-28 21:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 09:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl

============= FINISH: 21:57:34.81 ===============

Edited by thenewclimax, 11 December 2010 - 01:45 AM.


BC AdBot (Login to Remove)

 


#2 thenewclimax

thenewclimax
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 10 December 2010 - 11:14 PM

Hijack This Report

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:12:34 PM, on 12/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\BLACKB~1\LOCALS~1\Temp\Rar$EX01.234\gmer.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1276960894750
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8880 bytes

#3 thenewclimax

thenewclimax
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 11 December 2010 - 01:06 AM

GMER Report


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-11 00:04:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.11.0
Running: gmer.exe; Driver: C:\DOCUME~1\BLACKB~1\LOCALS~1\Temp\uwxcqpob.sys


---- System - GMER 1.0.15 ----

SSDT 892E2318 ZwAlertResumeThread
SSDT 892AE0B0 ZwAlertThread
SSDT 8915A0B0 ZwAllocateVirtualMemory
SSDT 89296F88 ZwConnectPort
SSDT 88CEAE60 ZwCreateMutant
SSDT 891BA348 ZwCreateThread
SSDT 892DFA18 ZwFreeVirtualMemory
SSDT 89386600 ZwImpersonateAnonymousToken
SSDT 89DB4690 ZwImpersonateThread
SSDT 891B7280 ZwMapViewOfSection
SSDT 892E3888 ZwOpenEvent
SSDT 89D74888 ZwOpenProcessToken
SSDT 8927E990 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0x977898B0]
SSDT 893C1DF0 ZwResumeThread
SSDT 89D515E8 ZwSetContextThread
SSDT 891EB380 ZwSetInformationProcess
SSDT 893CA518 ZwSetInformationThread
SSDT 8927A770 ZwSuspendProcess
SSDT 8933DEA8 ZwSuspendThread
SSDT 89D71E50 ZwTerminateProcess
SSDT 89D6CE78 ZwTerminateThread
SSDT 893A9858 ZwUnmapViewOfSection
SSDT 892E02C8 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2DE8 80504684 4 Bytes JMP 552ACFB0
.text ntkrnlpa.exe!ZwCallbackReturn + 2F38 805047D4 4 Bytes CALL 16DA1CEE
? C:\DOCUME~1\BLACKB~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1272] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[1356] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1804] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1804] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1804] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1804] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1804] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1804] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1804] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1804] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1804] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1804] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1804] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1804] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1804] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1804] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\explorer.exe[2472] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 029FE5D7 C:\Program Files\Common Files\Data\hd55D_module.dat
.text C:\WINDOWS\explorer.exe[2472] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 029FE5A2 C:\Program Files\Common Files\Data\hd55D_module.dat
.text C:\WINDOWS\explorer.exe[2472] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 029FE56D C:\Program Files\Common Files\Data\hd55D_module.dat
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2896] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3096] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3420] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1044721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3620] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3620] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9ACD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3620] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3620] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3620] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254656 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3620] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3620] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3620] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3620] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3620] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3620] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3620] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3620] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3620] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3724] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 326054C1 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\WINWORD.EXE[3724] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 330BD62A C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3844] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\215EA1C373C3AF44AB24BA7B12CEB5D1\Usage@Core 1032454936

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Black Beauty\Local Settings\Temporary Internet Files\Content.IE5\IXI7SHKL\foot[1].jpg 1676 bytes
File C:\Documents and Settings\Black Beauty\Local Settings\Temporary Internet Files\Content.IE5\IXI7SHKL\dde[1].jpg 456 bytes
File C:\Documents and Settings\Black Beauty\Local Settings\Temporary Internet Files\Content.IE5\IXI7SHKL\dd[1].jpg 10807 bytes
File C:\Documents and Settings\Black Beauty\Local Settings\Temporary Internet Files\Content.IE5\IXI7SHKL\cc[1].jpg 1003 bytes
File C:\Documents and Settings\Black Beauty\Local Settings\Temporary Internet Files\Content.IE5\K0E6N0RI\48[1].jpg 33941 bytes
File C:\Documents and Settings\Black Beauty\Local Settings\Temporary Internet Files\Content.IE5\K0E6N0RI\20[1].jpg 37149 bytes
File C:\Documents and Settings\Black Beauty\Local Settings\Temporary Internet Files\Content.IE5\K0E6N0RI\logo[1].jpg 10231 bytes
File C:\Documents and Settings\Black Beauty\Local Settings\Temporary Internet Files\Content.IE5\K0E6N0RI\11[1].jpg 31119 bytes
File C:\Documents and Settings\Black Beauty\Local Settings\Temporary Internet Files\Content.IE5\K0E6N0RI\51[1].jpg 37107 bytes
File C:\Documents and Settings\Black Beauty\Local Settings\Temporary Internet Files\Content.IE5\K0E6N0RI\54[1].jpg 33327 bytes
File C:\Documents and Settings\Black Beauty\Local Settings\Temporary Internet Files\Content.IE5\LDJACPDJ\effects[1].js 38986 bytes
File C:\Documents and Settings\Black Beauty\Local Settings\Temporary Internet Files\Content.IE5\LDJACPDJ\72[1].jpg 38963 bytes
File C:\Documents and Settings\Black Beauty\Local Settings\Temporary Internet Files\Content.IE5\LDJACPDJ\76[1].jpg 35016 bytes
File C:\Documents and Settings\Black Beauty\Local Settings\Temporary Internet Files\Content.IE5\LDJACPDJ\23[1].jpg 29120 bytes
File C:\Documents and Settings\Black Beauty\Local Settings\Temporary Internet Files\Content.IE5\LDJACPDJ\25[1].jpg 33944 bytes
File C:\Documents and Settings\Black Beauty\Local Settings\Temporary Internet Files\Content.IE5\LDJACPDJ\unittest[1].js 20325 bytes
File C:\Documents and Settings\Black Beauty\Local Settings\Temporary Internet Files\Content.IE5\LDJACPDJ\60[1].jpg 32032 bytes
File C:\Documents and Settings\Black Beauty\Local Settings\Temporary Internet Files\Content.IE5\LDJACPDJ\63[1].jpg 35255 bytes
File C:\Documents and Settings\Black Beauty\Local Settings\Temporary Internet Files\Content.IE5\LDJACPDJ\star2[1].jpg 507 bytes

---- EOF - GMER 1.0.15 ----

#4 thenewclimax

thenewclimax
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 11 December 2010 - 01:09 AM

TDSSKiller Report, No Threats Found

Rootkit Unhooker Report Below

2010/12/11 00:07:01.0156 TDSS rootkit removing tool 2.4.11.0 Dec 8 2010 14:46:40
2010/12/11 00:07:01.0156 ================================================================================
2010/12/11 00:07:01.0156 SystemInfo:
2010/12/11 00:07:01.0156
2010/12/11 00:07:01.0156 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/11 00:07:01.0156 Product type: Workstation
2010/12/11 00:07:01.0156 ComputerName: BLACK-842BC4AFD
2010/12/11 00:07:01.0156 UserName: Black Beauty
2010/12/11 00:07:01.0156 Windows directory: C:\WINDOWS
2010/12/11 00:07:01.0156 System windows directory: C:\WINDOWS
2010/12/11 00:07:01.0156 Processor architecture: Intel x86
2010/12/11 00:07:01.0156 Number of processors: 2
2010/12/11 00:07:01.0156 Page size: 0x1000
2010/12/11 00:07:01.0156 Boot type: Normal boot
2010/12/11 00:07:01.0156 ================================================================================
2010/12/11 00:07:01.0484 Initialize success
2010/12/11 00:07:06.0656 ================================================================================
2010/12/11 00:07:06.0656 Scan started
2010/12/11 00:07:06.0656 Mode: Manual;
2010/12/11 00:07:06.0656 ================================================================================
2010/12/11 00:07:07.0046 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/11 00:07:07.0093 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/11 00:07:07.0156 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/11 00:07:07.0234 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/11 00:07:07.0359 ApfiltrService (448da519f3b6ffa158c513156053181e) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2010/12/11 00:07:07.0390 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2010/12/11 00:07:07.0468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/11 00:07:07.0500 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/11 00:07:07.0546 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/11 00:07:07.0609 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/11 00:07:07.0703 BCM43XX (e9ea635b8432d68f0005b3f6cebab837) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2010/12/11 00:07:07.0843 BCMWLNPF (8c31c9db77ed6143ad09dc5fd2c9d9cc) C:\WINDOWS\system32\drivers\bcmwlnpf.sys
2010/12/11 00:07:07.0906 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/11 00:07:07.0968 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/11 00:07:08.0046 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/11 00:07:08.0109 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/11 00:07:08.0156 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/11 00:07:08.0203 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2010/12/11 00:07:08.0281 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/12/11 00:07:08.0375 COH_Mon (de88a385898f6d13026f94f749fbaed2) C:\WINDOWS\system32\Drivers\COH_Mon.sys
2010/12/11 00:07:08.0390 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/12/11 00:07:08.0531 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
2010/12/11 00:07:08.0625 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/11 00:07:08.0703 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/11 00:07:08.0750 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/11 00:07:08.0781 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/11 00:07:08.0828 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/11 00:07:08.0890 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/11 00:07:09.0015 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2010/12/11 00:07:09.0078 EraserUtilRebootDrv (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2010/12/11 00:07:09.0125 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/11 00:07:09.0171 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/12/11 00:07:09.0203 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/11 00:07:09.0218 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/12/11 00:07:09.0265 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/11 00:07:09.0296 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/11 00:07:09.0312 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/11 00:07:09.0359 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/12/11 00:07:09.0375 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/11 00:07:09.0406 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/11 00:07:09.0468 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/11 00:07:09.0546 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/11 00:07:09.0656 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/11 00:07:09.0875 ialm (bffa387180121df1e4646c4ced3e16ca) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/12/11 00:07:10.0140 iastor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2010/12/11 00:07:10.0203 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/12/11 00:07:10.0265 IntcHdmiAddService (99d47d1cf700982b37cce16b068449f0) C:\WINDOWS\system32\drivers\IntcHdmi.sys
2010/12/11 00:07:10.0328 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/11 00:07:10.0359 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/11 00:07:10.0406 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/11 00:07:10.0437 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/11 00:07:10.0468 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/11 00:07:10.0515 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/11 00:07:10.0546 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/11 00:07:10.0578 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/11 00:07:10.0609 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/11 00:07:10.0640 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/11 00:07:10.0671 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/11 00:07:10.0750 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/11 00:07:10.0781 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/11 00:07:10.0828 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/11 00:07:10.0843 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/11 00:07:10.0890 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2010/12/11 00:07:10.0921 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/11 00:07:10.0984 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/11 00:07:11.0015 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/11 00:07:11.0062 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/11 00:07:11.0078 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/11 00:07:11.0109 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/11 00:07:11.0156 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/11 00:07:11.0171 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/11 00:07:11.0390 NAVENG (01543b4f5b6fdac6761910ce44aff3f8) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101210.002\NAVENG.SYS
2010/12/11 00:07:11.0453 NAVEX15 (38814ee261cfc76ded4b5647fc082826) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101210.002\NAVEX15.SYS
2010/12/11 00:07:11.0515 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/11 00:07:11.0546 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/11 00:07:11.0562 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/11 00:07:11.0593 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/11 00:07:11.0609 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/11 00:07:11.0625 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/11 00:07:11.0703 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/11 00:07:11.0734 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2010/12/11 00:07:11.0765 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/11 00:07:11.0781 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/11 00:07:11.0843 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/11 00:07:11.0890 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/11 00:07:11.0906 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/11 00:07:11.0937 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2010/12/11 00:07:11.0984 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/12/11 00:07:12.0000 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/11 00:07:12.0031 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/11 00:07:12.0062 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/11 00:07:12.0093 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/11 00:07:12.0125 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/11 00:07:12.0265 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/11 00:07:12.0296 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/11 00:07:12.0328 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/11 00:07:12.0406 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/11 00:07:12.0437 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/11 00:07:12.0468 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/11 00:07:12.0484 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/11 00:07:12.0500 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/11 00:07:12.0515 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/11 00:07:12.0562 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/11 00:07:12.0609 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/11 00:07:12.0656 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/11 00:07:12.0734 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2010/12/11 00:07:12.0765 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/11 00:07:12.0796 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/12/11 00:07:12.0843 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2010/12/11 00:07:12.0859 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2010/12/11 00:07:12.0890 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/12/11 00:07:13.0140 SPBBCDrv (e87cf104f12c92401c4d33c50a3d5dc8) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2010/12/11 00:07:13.0203 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/11 00:07:13.0218 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/11 00:07:13.0281 SRTSP (5a293729e1f9fce3a2106d1f5dc5e98a) C:\WINDOWS\system32\Drivers\SRTSP.SYS
2010/12/11 00:07:13.0328 SRTSPL (0ddb7fba32be09d8057063c0cee24137) C:\WINDOWS\system32\Drivers\SRTSPL.SYS
2010/12/11 00:07:13.0406 SRTSPX (a99719dfb61b61aa5026341bbb733c0a) C:\WINDOWS\system32\Drivers\SRTSPX.SYS
2010/12/11 00:07:13.0453 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/11 00:07:13.0531 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2010/12/11 00:07:13.0609 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/11 00:07:13.0625 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/11 00:07:13.0718 SymEvent (a54ff04bd6e75dc4d8cb6f3e352635e0) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2010/12/11 00:07:13.0781 SYMREDRV (394b2368212114d538316812af60fddd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2010/12/11 00:07:13.0859 SYMTDI (d46676bb414c7531bdffe637a33f5033) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2010/12/11 00:07:13.0921 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/11 00:07:13.0984 SysPlant (5dcc2c7acc29dfba5ba82ed47d99c7e5) C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys
2010/12/11 00:07:14.0062 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/11 00:07:14.0109 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/11 00:07:14.0140 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/11 00:07:14.0187 Teefer2 (1d3c046a9106de97ddc8276958700bf4) C:\WINDOWS\system32\DRIVERS\teefer2.sys
2010/12/11 00:07:14.0203 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/11 00:07:14.0265 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/11 00:07:14.0328 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/11 00:07:14.0375 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/12/11 00:07:14.0406 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/11 00:07:14.0437 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/11 00:07:14.0468 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/12/11 00:07:14.0515 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/11 00:07:14.0546 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/11 00:07:14.0578 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/11 00:07:14.0640 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/11 00:07:14.0687 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/11 00:07:14.0750 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/12/11 00:07:14.0828 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/11 00:07:14.0875 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/12/11 00:07:14.0937 WPS (e8e745b8eee63c7cf7d34833d3b8ca7f) C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2010/12/11 00:07:15.0015 WpsHelper (ff983a25ae6f7d3f87f26bf51f02a201) C:\WINDOWS\system32\drivers\WpsHelper.sys
2010/12/11 00:07:15.0093 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/11 00:07:15.0140 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/11 00:07:15.0171 yukonwxp (4322c32ced8c4772e039616dcbf01d3f) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2010/12/11 00:07:15.0359 ================================================================================
2010/12/11 00:07:15.0359 Scan finished
2010/12/11 00:07:15.0359 ================================================================================




RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB49EF000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 5779456 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xBF1D9000 C:\WINDOWS\System32\igxpdx32.DLL 2621440 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04E000 C:\WINDOWS\System32\igxpdv32.DLL 1617920 bytes (Intel Corporation, Component GHAL Driver)
0x963EB000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101210.002\NAVEX15.SYS 1355776 bytes (Symantec Corporation, AV Engine)
0x965A4000 C:\WINDOWS\system32\drivers\sthda.sys 1171456 bytes (SigmaTel, Inc., NDRC)
0xB4836000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 1126400 bytes (Broadcom Corp., Broadcom 802.11 Network Adapter wireless driver)
0x96042000 C:\WINDOWS\System32\Drivers\dump_iastor.sys 815104 bytes
0xB9E5C000 iaStor.sys 815104 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0xB9D56000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB15EF000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x96184000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x9621F000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 434176 bytes (Symantec Corporation, SPBBC Driver)
0x96126000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xAF0D3000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0x96326000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0x95B92000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0x96536000 C:\WINDOWS\System32\Drivers\SRTSP.SYS 307200 bytes (Symantec Corporation, Symantec AutoProtect)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB4949000 C:\WINDOWS\system32\DRIVERS\yk51x86.sys 286720 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)
0xB47E0000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 270336 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x95400000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xAF185000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0x95E85000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9D29000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0x962D3000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 184320 bytes (Symantec Corporation, Network Dispatch Driver)
0x961F4000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 172032 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xB498F000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0x962AB000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F23000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0x96300000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0x963C6000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x966C2000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB49B7000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xAF1DD000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0x96581000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 143360 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0x96289000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAF131000 C:\WINDOWS\system32\DRIVERS\teefer2.sys 139264 bytes (Symantec Corporation, Symantec CMC Firewall Teefer2)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9E0C000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F49000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0x966E6000 C:\WINDOWS\system32\drivers\IntcHdmi.sys 126976 bytes (Intel® Corporation, Intel® High Definition Audio HDMI)
0x96109000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xB9D0F000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9E44000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9E2C000 C:\WINDOWS\System32\Drivers\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0x92DEE000 C:\DOCUME~1\BLACKB~1\LOCALS~1\Temp\uwxcqpob.sys 98304 bytes
0xB9DE3000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xAF1C6000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x95E48000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0x963B2000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101210.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0xB4822000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB49DB000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0x9637F000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xB9DFA000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xAF1B5000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA188000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB22A8000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA128000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x9D538000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0x97774000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB2298000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB95B1000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0x98EDB000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA298000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x97784000 C:\WINDOWS\system32\drivers\wpsdrvnt.sys 57344 bytes (Symantec Corporation, Symantec CMC Firewall WPS)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA268000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB2288000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xB2268000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA218000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB22B8000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB2278000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xAFA1A000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0x9D598000 C:\WINDOWS\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0xBA288000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB4FE2000 C:\WINDOWS\system32\drivers\bcmwlnpf.sys 36864 bytes (CACE Technologies, npf)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA258000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xB2258000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0x9D518000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0x95310000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x9D558000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA338000 cercsr6.sys 32768 bytes (Adaptec, Inc., DELL CERC SATA1.5/6ch Miniport Driver)
0x967E0000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA460000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xB2E9F000 C:\DOCUME~1\BLACKB~1\LOCALS~1\Temp\mbr.sys 28672 bytes
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA348000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xB2E77000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xB2EB7000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA458000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x967F0000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x967E8000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA428000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA388000 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 20480 bytes (Symantec Corporation, Redirector Filter Driver)
0xBA3F0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0x9D101000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xB9C9A000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB5118000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0x99AD3000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xBA594000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB9C92000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xBA590000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB9C96000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x9D17C000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AC000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA638000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5DE000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5E0000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA668000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA63E000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA734000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0x9BEB5000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA765000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================


Nothing detected :(

Edited by thenewclimax, 11 December 2010 - 01:52 AM.


#5 thenewclimax

thenewclimax
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 11 December 2010 - 02:34 AM

I believe I may have fixed my problem. I was able to read other posts and followed the usual scans.

I just finished running Combofix and my log is below


ComboFix 10-12-09.07 - Black Beauty 12/11/2010 1:16.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1390 [GMT -6:00]
Running from: c:\documents and settings\Black Beauty\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\713164641.dll
.
---- Previous Run -------
.
c:\documents and settings\Black Beauty\Application Data\PriceGong
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Black Beauty\Application Data\PriceGong\Data\z.xml
c:\windows\system32\450317841.dll

.
((((((((((((((((((((((((( Files Created from 2010-11-11 to 2010-12-11 )))))))))))))))))))))))))))))))
.

2010-12-10 19:50 . 2010-12-10 19:50 -------- d-----w- c:\documents and settings\Black Beauty\Local Settings\Application Data\Symantec
2010-12-10 19:50 . 2010-09-11 04:32 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-12-10 19:49 . 2010-04-17 03:06 97096 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2010-12-10 19:48 . 2010-12-10 19:48 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-12-10 19:48 . 2010-12-10 19:48 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-12-10 19:48 . 2007-03-22 02:39 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-12-10 19:48 . 2010-12-10 19:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-12-10 19:48 . 2010-12-10 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-12-10 19:48 . 2010-12-10 19:48 -------- d-----w- c:\program files\Symantec
2010-12-10 19:46 . 2010-12-10 19:46 -------- d-----w- C:\MR6_Unzip
2010-12-10 18:14 . 2010-12-10 18:14 -------- d-----w- c:\documents and settings\Black Beauty\Application Data\Malwarebytes
2010-12-10 18:14 . 2010-11-29 23:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-10 18:14 . 2010-12-10 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-10 18:14 . 2010-11-29 23:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-10 18:14 . 2010-12-10 18:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-10 17:15 . 2010-12-10 17:15 388096 ----a-r- c:\documents and settings\Black Beauty\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-10 17:15 . 2010-12-10 17:15 -------- d-----w- c:\program files\Trend Micro
2010-12-10 16:51 . 2010-11-10 02:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8065381-C392-4406-941B-7C21B3277AB0}\mpengine.dll
2010-12-10 09:10 . 2010-12-10 16:48 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-10 09:10 . 2010-12-10 09:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-12-10 09:01 . 2010-12-10 09:01 -------- d-----w- C:\found.000
2010-12-10 08:21 . 2010-12-10 08:21 -------- d-----w- c:\program files\Common Files\Data
2010-12-10 08:19 . 2010-12-10 08:19 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll
2010-12-02 18:25 . 2010-12-10 08:46 -------- d-----w- c:\documents and settings\Black Beauty\Application Data\vlc
2010-12-02 02:13 . 2010-12-08 04:58 -------- d-----w- c:\documents and settings\Black Beauty\Local Settings\Application Data\Conduit
2010-12-02 02:13 . 2010-12-02 02:13 -------- d-----w- c:\program files\Conduit
2010-12-02 02:13 . 2010-12-08 04:58 -------- d-----w- c:\documents and settings\Black Beauty\Local Settings\Application Data\BitTorrentBar
2010-12-02 02:12 . 2010-12-02 02:13 -------- d-----w- c:\program files\BitTorrentBar
2010-12-01 06:30 . 2010-12-01 06:30 -------- d-----w- c:\program files\SystemRequirementsLab
2010-12-01 06:30 . 2010-12-01 06:30 -------- d-----w- c:\documents and settings\Black Beauty\Application Data\SystemRequirementsLab
2010-12-01 06:04 . 2008-11-08 00:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-12-01 06:04 . 2009-07-14 18:27 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2010-11-30 15:21 . 2010-11-10 02:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-11-30 06:30 . 2010-12-08 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Examsoft
2010-11-30 03:22 . 2010-11-30 03:22 -------- d-----w- c:\program files\ExamSoft
2010-11-30 03:22 . 2010-11-30 03:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-11-29 04:10 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-29 03:38 . 2010-11-29 03:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-11-24 17:05 . 2010-11-24 17:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2010-11-24 06:31 . 2010-11-24 06:31 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-11-24 06:30 . 2010-11-24 06:30 -------- d-----w- C:\68e300bc01d1681f9f
2010-11-23 07:01 . 2010-12-05 22:34 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-11-17 05:23 . 2010-11-17 05:23 -------- d-----w- c:\program files\iPod
2010-11-17 05:23 . 2010-11-17 05:23 -------- d-----w- c:\program files\iTunes
2010-11-17 05:21 . 2010-11-17 05:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 21:44 . 2010-06-20 04:16 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 21:44 . 2010-06-20 04:16 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-18 17:23 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 10:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 10:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 10:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 09:50 . 2010-07-28 04:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 07:29 . 2010-07-26 04:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Online Files]
@="{B82655E9-B81D-4A97-8154-0D84A4C048E4}"
[HKEY_CLASSES_ROOT\CLSID\{B82655E9-B81D-4A97-8154-0D84A4C048E4}]
2010-12-10 08:19 197632 ----a-w- c:\program files\Common Files\OnlineFilesManager.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Black Beauty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-07-12 136176]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-10 2183168]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 288040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-01 202256]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-01-25 115560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Black Beauty^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Black Beauty\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 09:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DACSMiniApp]
2008-03-13 17:05 128256 ----a-w- c:\program files\Fisher-Price\DACS\MiniApp\DACSMiniApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 06:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 03:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSSE]
2010-09-15 10:34 1094224 ----a-w- c:\program files\Microsoft Security Essentials\msseces.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-09-05 22:13 137752 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\ExamSoft\\SofTest\\SoftLnch.exe"= c:\\Program Files\\ExamSoft\\SoftLnch.exe
"c:\\Program Files\\ExamSoft\\SofTest\\softest.exe"= c:\\Program Files\\ExamSoft\\SofTest.exe
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/10/2010 1:54 PM 102448]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [6/19/2010 9:51 AM 105984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [12/2/2009 4:02 PM 23888]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 4:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1958367476-839522115-1003Core.job
- c:\documents and settings\Black Beauty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-12 03:53]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1958367476-839522115-1003UA.job
- c:\documents and settings\Black Beauty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-12 03:53]

2010-12-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-26 03:40]

2010-12-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-1958367476-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

2010-12-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-1958367476-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

2010-12-11 c:\windows\Tasks\User_Feed_Synchronization-{85F4F3E9-8D20-44CA-AFAD-39CD671203EA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Black Beauty\Application Data\Mozilla\Firefox\Profiles\299qysep.default\
FF - component: c:\documents and settings\Black Beauty\Application Data\Mozilla\Firefox\Profiles\299qysep.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\Black Beauty\Application Data\Mozilla\Firefox\Profiles\299qysep.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\Black Beauty\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Black Beauty\Application Data\Mozilla\Firefox\Profiles\299qysep.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Conduit Engine : engine@conduit.com - c:\documents and settings\Black Beauty\Application Data\Mozilla\Firefox\Profiles\299qysep.default\extensions\engine@conduit.com
FF - Extension: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\documents and settings\Black Beauty\Application Data\Mozilla\Firefox\Profiles\299qysep.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
SafeBoot-Symantec Antvirus
AddRemove-{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1 - c:\docume~1\BLACKB~1\LOCALS~1\Temp\Rar$EX00.203\MustBeRandomlyNamed\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 01:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1312)
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-12-11 01:23:39
ComboFix-quarantined-files.txt 2010-12-11 07:23

Pre-Run: 145,957,068,800 bytes free
Post-Run: 145,919,873,024 bytes free

- - End Of File - - 2F9CDBEEA9837C2D205D4AF5AD8BE766

#6 thenewclimax

thenewclimax
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:02 AM

Posted 11 December 2010 - 02:35 AM

This is my most recent hijack this log from a few minutes ago after all was done.
After playing on my system for a couple of minutes all seems well. Can you please look over things and see if you spot anything suspicious or out of the ordinary.

****EDIT****

This morning the issues started again. Once I opened Google Chrome within a few minutes IE opened up (http://www.theliturgyplanner.org/). I later opened Google Chrome and a new webpage came up. Within a few other minutes RealPlayer opened to some argentina-jamaica clip.

Now I cant access my lower bar not even the clock changes nor can I close any applications even when I attempt to end task they are still shown on the bottom bar.

I never really noticed but I am seeing my System Idle Process in the Task Manager constantly in the 80's or 90's for CPU but at 28K for Memory Usage.
Even though I don't have internet explorer open I see Explorer.exe Mem Usage at 84,604K. Each time I end this task it removed my lower task bar.
Please help.

Thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:31:27 AM, on 12/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Black Beauty\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1276960894750
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v133\WDM\STacSV.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8523 bytes

Edited by thenewclimax, 11 December 2010 - 08:16 PM.


#7 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:08:02 AM

Posted 19 December 2010 - 08:45 AM

Hello and welcome to Bleeping Computer

I'm judicandus and I'll be helping you out.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

Please post a DDS log and Gmer log. For instructions please read this post:
http://www.bleepingcomputer.com/forums/topic34773.html

#8 Judicandus

Judicandus

    Bleepin' Pasta


  • Malware Response Team
  • 730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Around the world
  • Local time:08:02 AM

Posted 12 January 2011 - 02:37 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users