Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have a rootkit/trojan (GMER log)


  • This topic is locked This topic is locked
7 replies to this topic

#1 DamonToo

DamonToo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 28 September 2012 - 09:54 PM

These definitely doesn't seem like normal output to me. Been having some connection problems recently as well.

HJT log follows the GMER log -

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-27 11:15:29
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250320AS rev.DE06
Running: oyo9f5n9.exe; Driver: C:\Users\Damon\AppData\Local\Temp\pxldapog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                  82A473C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                    82A80D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Mozilla Firefox\firefox.exe[2660] ntdll.dll!LdrGetProcedureAddress + 26                                                  77422239 7 Bytes  JMP 69B10C00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2660] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D                                          768F93D6 7 Bytes  JMP 69D47B29 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2660] kernel32.dll!QueryPerformanceCounter + 13                                              768FC435 7 Bytes  JMP 69D47B4C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2660] kernel32.dll!LoadAppInitDlls + 355                                                     768FF4F6 7 Bytes  JMP 69B13FAC C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2660] GDI32.dll!GetViewportOrgEx + 26C                                                       7755884B 7 Bytes  JMP 69D47AAA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtCreateFile + 6                                    774055CE 4 Bytes  [28, 00, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtCreateFile + B                                    774055D3 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtCreateKey + 6                                     7740560E 4 Bytes  [68, 01, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtCreateKey + B                                     77405613 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtCreateMutant + 6                                  7740564E 4 Bytes  [68, 02, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtCreateMutant + B                                  77405653 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtCreateSection + 6                                 774056EE 4 Bytes  [A8, 02, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtCreateSection + B                                 774056F3 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtMapViewOfSection + 6                              77405C2E 4 Bytes  CALL 76406337 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtMapViewOfSection + B                              77405C33 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenFile + 6                                      77405CDE 4 Bytes  [68, 00, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenFile + B                                      77405CE3 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenKey + 6                                       77405D0E 4 Bytes  [A8, 01, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenKey + B                                       77405D13 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenKeyEx + 6                                     77405D1E 4 Bytes  CALL 76406424 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenKeyEx + B                                     77405D23 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenMutant + 6                                    77405D5E 4 Bytes  [28, 02, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenMutant + B                                    77405D63 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenProcess + 6                                   77405D8E 1 Byte  [68]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenProcess + 6                                   77405D8E 4 Bytes  [68, 03, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenProcess + B                                   77405D93 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenProcessToken + 6                              77405D9E 1 Byte  [A8]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenProcessToken + 6                              77405D9E 4 Bytes  [A8, 03, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenProcessToken + B                              77405DA3 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenProcessTokenEx + 6                            77405DAE 4 Bytes  [68, 04, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenProcessTokenEx + B                            77405DB3 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenSection + 6                                   77405DCE 4 Bytes  CALL 764064D5 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenSection + B                                   77405DD3 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenThread + 6                                    77405E0E 1 Byte  [28]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenThread + 6                                    77405E0E 4 Bytes  [28, 03, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenThread + B                                    77405E13 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenThreadToken + 6                               77405E1E 4 Bytes  [28, 04, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenThreadToken + B                               77405E23 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenThreadTokenEx + 6                             77405E2E 4 Bytes  [A8, 04, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtOpenThreadTokenEx + B                             77405E33 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtQueryAttributesFile + 6                           77405F3E 4 Bytes  [A8, 00, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtQueryAttributesFile + B                           77405F43 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtQueryFullAttributesFile + 6                       77405FEE 4 Bytes  CALL 764066F3 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtQueryFullAttributesFile + B                       77405FF3 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtSetInformationFile + 6                            7740663E 4 Bytes  [28, 01, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtSetInformationFile + B                            77406643 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtSetInformationThread + 6                          7740669E 1 Byte  [E8]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtSetInformationThread + 6                          7740669E 4 Bytes  CALL 76406DA6 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtSetInformationThread + B                          774066A3 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtUnmapViewOfSection + 6                            774069BE 4 Bytes  [28, 05, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ntdll.dll!NtUnmapViewOfSection + B                            774069C3 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] kernel32.dll!CreateProcessW                                   768B204D 5 Bytes  JMP 00010030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] kernel32.dll!CreateProcessA                                   768B2082 5 Bytes  JMP 00010070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!DeleteObject                                        77555F14 5 Bytes  JMP 001101B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!SelectObject                                        77556640 5 Bytes  JMP 001105F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!SetTextColor                                        77556906 5 Bytes  JMP 00110A30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!SetBkMode                                           775569B1 5 Bytes  JMP 001108F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!DeleteDC                                            77556EAA 5 Bytes  JMP 00110170 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!GetDeviceCaps                                       77556F7F 5 Bytes  JMP 001103B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!ExtSelectClipRgn                                    77557114 5 Bytes  JMP 001102F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!SelectClipRgn                                       77557242 5 Bytes  JMP 001105B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!SetStretchBltMode                                   77557705 5 Bytes  JMP 001106B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!GetCurrentObject                                    77557917 5 Bytes  JMP 00110370 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!GetTextMetricsW                                     77557B8F 5 Bytes  JMP 00110E30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!GetTextAlign                                        77557DAF 5 Bytes  JMP 00110D70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!IntersectClipRect                                   77557DFE 5 Bytes  JMP 001103F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!ExtTextOutW                                         77558192 5 Bytes  JMP 00110970 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!SetTextAlign                                        7755828E 5 Bytes  JMP 001109F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!GetClipBox                                          77558525 5 Bytes  JMP 00110330 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!MoveToEx                                            77558C21 5 Bytes  JMP 00110470 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!StretchDIBits                                       7755A53E 5 Bytes  JMP 00110770 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!RestoreDC                                           7755A67B 5 Bytes  JMP 00110530 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!SaveDC                                              7755A74B 5 Bytes  JMP 00110570 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!GetTextExtentPoint32W                               7755B4B5 5 Bytes  JMP 00110670 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!GetTextFaceW                                        7755B73A 2 Bytes  JMP 00110D30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!GetTextFaceW + 3                                    7755B73D 2 Bytes  [BB, 88]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!GetFontData                                         7755BCC4 5 Bytes  JMP 00110C70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!SetWorldTransform                                   7755C90A 5 Bytes  JMP 001106F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!CreateDCA                                           7755CCA9 5 Bytes  JMP 001100B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!CreateDCW                                           7755CF79 5 Bytes  JMP 001100F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!CreateICW                                           7755CFD0 5 Bytes  JMP 00110130 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!GetTextMetricsA                                     7755D0F2 5 Bytes  JMP 00110DF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!Rectangle                                           7755F1FF 5 Bytes  JMP 001109B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!LineTo                                              7755F59B 5 Bytes  JMP 00110430 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!SetICMMode                                          7755FAA4 5 Bytes  JMP 00110DB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!ExtTextOutA                                         775603F9 5 Bytes  JMP 00110930 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!GetTextExtentPoint32A                               775607B0 5 Bytes  JMP 00110630 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!ExtEscape                                           77562949 5 Bytes  JMP 001102B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!Escape                                              77563939 5 Bytes  JMP 00110270 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!GetTextFaceA                                        77563E6A 5 Bytes  JMP 00110CF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!SetPolyFillMode                                     7756D851 5 Bytes  JMP 00110B30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!SetMiterLimit                                       7756DA0D 5 Bytes  JMP 00110B70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!EndPage                                             775700D7 5 Bytes  JMP 00110230 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!ResetDCW                                            7757050D 5 Bytes  JMP 00110AB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!GetGlyphOutlineW                                    7757C1BA 5 Bytes  JMP 00110CB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!CreateScalableFontResourceW                         7757E817 5 Bytes  JMP 00110BB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!AddFontResourceW                                    7757EC13 5 Bytes  JMP 00110BF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!RemoveFontResourceW                                 7757F109 5 Bytes  JMP 00110C30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!AbortDoc                                            77584C63 5 Bytes  JMP 00110030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!EndDoc                                              775850AA 5 Bytes  JMP 001101F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!StartPage                                           77585195 5 Bytes  JMP 00110730 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!StartDocW                                           77585BB0 5 Bytes  JMP 001107F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!BeginPath                                           7758635D 5 Bytes  JMP 00110830 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!SelectClipPath                                      775863B4 5 Bytes  JMP 00110AF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!CloseFigure                                         7758640F 5 Bytes  JMP 00110070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!EndPath                                             77586466 5 Bytes  JMP 00110A70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!StrokePath                                          77586699 5 Bytes  JMP 001107B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!FillPath                                            77586726 5 Bytes  JMP 00110870 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!PolylineTo                                          77586B94 5 Bytes  JMP 001104F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!PolyBezierTo                                        77586C25 5 Bytes  JMP 001104B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] GDI32.dll!PolyDraw                                            77586CD7 5 Bytes  JMP 001108B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!ActivateKeyboardLayout                             75848203 5 Bytes  JMP 001204F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!ScreenToClient                                     7584A506 7 Bytes  JMP 00120670 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!RegisterClipboardFormatA                           7584C091 5 Bytes  JMP 001202F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!RegisterClipboardFormatW                           7584DF8D 5 Bytes  JMP 001202B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!SetCursor                                          75853075 5 Bytes  JMP 00120530 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!MonitorFromWindow                                  75853622 7 Bytes  JMP 00120630 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!PostMessageW                                       7585447B 5 Bytes  JMP 001205F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!IsWindowVisible                                    75854D69 7 Bytes  JMP 001206B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!GetClientRect                                      758554DD 7 Bytes  JMP 001205B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!MapWindowPoints                                    75855CAA 5 Bytes  JMP 00120570 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!GetParent                                          75856029 7 Bytes  JMP 001206F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!EmptyClipboard                                     7586290C 5 Bytes  JMP 00120130 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!SetClipboardData                                   75862962 3 Bytes  JMP 00120170 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!SetClipboardData + 4                               75862966 1 Byte  [8A]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!GetClipboardData                                   75862BA7 3 Bytes  JMP 00120030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!GetClipboardData + 4                               75862BAB 1 Byte  [8A]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!GetClipboardFormatNameW                            75865FD2 3 Bytes  JMP 00120230 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!GetClipboardFormatNameW + 4                        75865FD6 1 Byte  [8A]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!SetClipboardViewer                                 75866FF6 5 Bytes  JMP 001204B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!GetClipboardFormatNameA                            7586700A 3 Bytes  JMP 00120270 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!GetClipboardFormatNameA + 4                        7586700E 1 Byte  [8A]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!ChangeClipboardChain                               7587147C 5 Bytes  JMP 00120430 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!GetTopWindow                                       758724D9 7 Bytes  JMP 00120730 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!CloseClipboard                                     7587446C 5 Bytes  JMP 001200B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!OpenClipboard                                      7587447E 5 Bytes  JMP 00120070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!IsClipboardFormatAvailable                         758744FF 5 Bytes  JMP 001200F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!GetClipboardSequenceNumber                         75874513 5 Bytes  JMP 00120330 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!GetClipboardOwner                                  75874525 5 Bytes  JMP 00120370 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!CountClipboardFormats                              7587470A 5 Bytes  JMP 001201F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!EnumClipboardFormats                               758747EC 5 Bytes  JMP 001201B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!GetOpenClipboardWindow                             7587480B 5 Bytes  JMP 001203F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!SetCursorPos                                       7588C1B0 5 Bytes  JMP 00120770 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!GetClipboardViewer                                 758A4AF7 5 Bytes  JMP 00120470 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] USER32.dll!GetPriorityClipboardFormat                         758A4BF9 5 Bytes  JMP 001203B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ole32.dll!OleSetClipboard                                     76D00045 5 Bytes  JMP 00130030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ole32.dll!OleIsCurrentClipboard                               76D036B2 5 Bytes  JMP 00130070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] ole32.dll!OleGetClipboard                                     76D2FDCD 5 Bytes  JMP 001300B0 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5704] USER32.dll!RegisterMessagePumpHook + 2F1                                      75848B9E 7 Bytes  JMP 69E1DF63 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5704] USER32.dll!IsDialogMessageW + 340                                             75854444 7 Bytes  JMP 69E1DEF2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5704] USER32.dll!GetWindowInfo                                                      75854B5E 5 Bytes  JMP 69C64536 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5704] USER32.dll!ToUnicodeEx + 71                                                   75862223 7 Bytes  JMP 69C64B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW]  00010090
IAT             C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus]       00120790
IAT             C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState]    001207D0
IAT             C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW]  00010090
IAT             C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe[4616] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW]  00010090

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000045                                                                                                         halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                    fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

HijackThis Log -

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:36:42 AM, on 9/27/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\NOTEPAD.EXE
C:\tools\SciTE.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Damon\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\system32\taskeng.exe
C:\tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Google Update] "C:\Users\Damon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE84448E-A8CD-4C94-ACFB-4840692F191A}: NameServer = 68.94.156.1,68.94.157.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_028821c569ae5894\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_028821c569ae5894\STacSV.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 6012 bytes

Edited by DamonToo, 28 September 2012 - 10:07 PM.


BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:49 PM

Posted 30 September 2012 - 02:16 PM

Hi DamonToo,

:welcome: to Bleeping Computer.

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code or quote boxes (unless explicitly asked to)
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

Please take note:

  • If you have since resolved the original problem you were having, I would appreciate you letting me know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and I will guide you.
  • Please tell me if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps I have recommended please try one more time and if unsuccessful alert us of such and I will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below, I will review your topic and do my best to resolve your issues.
  • Use the 'Add Reply' and add the new log to this thread.

I need to see some information about what is happening in your machine. Please perform the following scan:

  • Download DDS by sUBs from one of the following links.. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.


In your next reply, please include:
  • DDS log
  • Detailed description of how your computer is running now

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 DamonToo

DamonToo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 30 September 2012 - 07:00 PM

Hi Jason,

Thanks for your help. I've been having network issues for a while that I don't experience on other computers/devices on the same network. When browsing sites like Imgur, about a third of the image will load and then I'll temporarily lose connection for about 10-20 seconds before it finishes loading. If I'm on a skype call, it disconnects/reconnects me from that as well so the issue isn't just with the site. I also had my twitter account compromised recently and it was sending out malware. It was a twitter account I don't use frequently and had a unique password.

I do have the original windows disk.

As per your request, here's the DDT log. Java is outdated but disabled in all browsers. -

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_29
Run by Damon at 16:56:00 on 2012-09-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3546.2537 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_028821c569ae5894\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_028821c569ae5894\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\damon\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{B995087B-990E-4430-BF66-F34F3BEE2A49} : DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{BE84448E-A8CD-4C94-ACFB-4840692F191A} : NameServer = 68.94.156.1,68.94.157.1
TCP: Interfaces\{BE84448E-A8CD-4C94-ACFB-4840692F191A} : DhcpNameServer = 68.94.156.1 68.94.157.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\damon\appdata\roaming\mozilla\firefox\profiles\tr3tny0p.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\onlive\plugin\npolgdet.dll
FF - plugin: c:\users\damon\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\damon\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\damon\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_265.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-4-3 63928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_x86_neutral_028821c569ae5894\AEstSrv.exe [2012-2-13 81920]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
RUnknown SASKUTIL;SASKUTIL; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-30 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-12 250288]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-30 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 114144]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-11-27 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-11-27 1343400]
.
=============== Created Last 30 ================
.
2012-09-30 23:41:36 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{30f0eabb-8e43-4bdb-9f0d-81ac142bc53f}\mpengine.dll
2012-09-29 16:04:30 6980552 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-26 15:10:56 -------- d-----w- C:\Fraps
2012-09-22 12:43:01 981504 ----a-w- c:\windows\system32\wininet.dll
2012-09-22 12:43:01 860672 ----a-w- c:\program files\internet explorer\iedvtool.dll
2012-09-22 12:42:59 759296 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2012-09-22 12:42:58 525312 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2012-09-22 12:42:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-22 12:42:56 163328 ----a-w- c:\program files\internet explorer\ieproxy.dll
2012-09-12 21:48:38 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 21:48:38 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 21:48:37 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
==================== Find3M ====================
.
2012-09-21 10:10:49 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-21 10:10:49 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-08 00:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 13:46:44 65536 ----a-w- c:\windows\system32\frapsvid.dll
2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 21:14:34 41984 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 21:14:34 102912 ----a-w- c:\windows\system32\browser.dll
.
============= FINISH: 16:56:17.38 ===============

Attached Files


Edited by DamonToo, 30 September 2012 - 07:01 PM.


#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:49 PM

Posted 01 October 2012 - 08:16 AM

DamonTop,

I'm not seeing any malware in the logs. Have you tried updating the drivers for your wireless and/or wired connection?

:step1: Farbar Service Scanner
Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

:step2: Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.


In your next reply, please include:
  • FSS log
  • MiniToolBox log

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 DamonToo

DamonToo
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 01 October 2012 - 02:02 PM

Hey,

FSS -

Farbar Service Scanner Version: 19-09-2012
Ran by Damon (administrator) on 01-10-2012 at 11:53:06
Running from "C:\Users\Damon\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-09-12 14:48] - [2012-08-22 10:16] - 1292144 ____A (Microsoft Corporation) A5EBB8F648000E88B7D9390B514976BF

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

MiniToolBox by Farbar  Version: 25-06-2012
Ran by Damon (administrator) on 01-10-2012 at 11:57:56
Microsoft Windows 7 Home Premium  Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ============================== 

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ============================== 

"network.proxy.type", 0
========================= Hosts content: =================================



========================= IP Configuration: ================================

Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Connected)
Intel(R) WiFi Link 5100 AGN = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : dbox
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
   Physical Address. . . . . . . . . : 00-23-AE-1C-B8-41
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::916a:18e6:dfaa:23f7%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, September 30, 2012 5:23:59 PM
   Lease Expires . . . . . . . . . . : Tuesday, October 02, 2012 11:37:35 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 268444590
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-63-BF-C9-00-23-AE-1C-B8-41
   DNS Servers . . . . . . . . . . . : 68.94.156.1
                                       68.94.157.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN
   Physical Address. . . . . . . . . : 00-22-FB-10-1F-50
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B995087B-990E-4430-BF66-F34F3BEE2A49}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{BE84448E-A8CD-4C94-ACFB-4840692F191A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1c42:37a5:3f57:fe98(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::1c42:37a5:3f57:fe98%12(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  dnsr1.sbcglobal.net
Address:  68.94.156.1

Name:    google.com
Addresses:  2001:4860:4001:801::1002
	  74.125.224.135
	  74.125.224.136
	  74.125.224.137
	  74.125.224.142
	  74.125.224.128
	  74.125.224.129
	  74.125.224.130
	  74.125.224.131
	  74.125.224.132
	  74.125.224.133
	  74.125.224.134


Pinging google.com [74.125.224.136] with 32 bytes of data:
Reply from 74.125.224.136: bytes=32 time=16ms TTL=54
Reply from 74.125.224.136: bytes=32 time=16ms TTL=54

Ping statistics for 74.125.224.136:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 16ms, Maximum = 16ms, Average = 16ms
Server:  dnsr1.sbcglobal.net
Address:  68.94.156.1

Name:    yahoo.com
Addresses:  98.138.253.109
	  98.139.183.24
	  72.30.38.140


Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=146ms TTL=47
Reply from 98.138.253.109: bytes=32 time=132ms TTL=48

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 132ms, Maximum = 146ms, Average = 139ms
Server:  dnsr1.sbcglobal.net
Address:  68.94.156.1

Name:    bleepingcomputer.com
Address:  208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 23 ae 1c b8 41 ......Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
 10...00 22 fb 10 1f 50 ......Intel(R) WiFi Link 5100 AGN
  1...........................Software Loopback Interface 1
 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.103     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.103    276
    192.168.1.103  255.255.255.255         On-link     192.168.1.103    276
    192.168.1.255  255.255.255.255         On-link     192.168.1.103    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.103    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.103    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 12     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 12     58 2001::/32                On-link
 12    306 2001:0:4137:9e76:1c42:37a5:3f57:fe98/128
                                    On-link
 11    276 fe80::/64                On-link
 12    306 fe80::/64                On-link
 12    306 fe80::1c42:37a5:3f57:fe98/128
                                    On-link
 11    276 fe80::916a:18e6:dfaa:23f7/128
                                    On-link
  1    306 ff00::/8                 On-link
 12    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/30/2012 05:21:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 5.10.0.116, time stamp: 0x50001496
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000204
Faulting process id: 0x1fc0
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (09/30/2012 05:16:35 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 5.10.0.116, time stamp: 0x50001496
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000204
Faulting process id: 0x19dc
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (09/30/2012 05:13:33 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.
.

Error: (09/30/2012 05:12:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 5.10.0.116, time stamp: 0x50001496
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000204
Faulting process id: 0xfe4
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (09/30/2012 05:07:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 5.10.0.116, time stamp: 0x50001496
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000204
Faulting process id: 0x1730
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (09/30/2012 05:07:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 5.10.0.116, time stamp: 0x50001496
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000204
Faulting process id: 0x29ac
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (09/30/2012 05:04:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 5.10.0.116, time stamp: 0x50001496
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000204
Faulting process id: 0x2a08
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (09/30/2012 05:04:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 5.10.0.116, time stamp: 0x50001496
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000204
Faulting process id: 0x2648
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (09/30/2012 05:04:24 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 5.10.0.116, time stamp: 0x50001496
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000204
Faulting process id: 0x22d4
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (09/30/2012 05:04:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 5.10.0.116, time stamp: 0x50001496
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000204
Faulting process id: 0x2620
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3


System errors:
=============
Error: (09/17/2012 06:17:11 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.135.1404.0

	Update Source: %NT AUTHORITY59

	Update Stage: 4.0.1526.00

	Source Path: 4.0.1526.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (09/16/2012 02:26:30 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (08/13/2012 08:00:53 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
%%109

Error: (08/13/2012 08:00:53 PM) (Source: DCOM) (User: )
Description: 109gupdate/comsvc{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (08/05/2012 10:40:45 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.131.1411.0

	Update Source: %NT AUTHORITY59

	Update Stage: 4.0.1526.00

	Source Path: 4.0.1526.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (08/05/2012 10:40:45 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.131.1411.0

	Update Source: %NT AUTHORITY59

	Update Stage: 4.0.1526.00

	Source Path: 4.0.1526.01

	Signature Type: %NT AUTHORITY602

	Update Type: %NT AUTHORITY604

	User: NT AUTHORITY\SYSTEM

	Current Engine Version: %NT AUTHORITY605

	Previous Engine Version: %NT AUTHORITY606

	Error code: %NT AUTHORITY607

	Error description: %NT AUTHORITY608

Error: (07/29/2012 00:38:48 PM) (Source: DCOM) (User: )
Description: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/29/2012 00:38:18 PM) (Source: Service Control Manager) (User: )
Description: The Google Update Service (gupdate) service terminated unexpectedly.  It has done this 2 time(s).

Error: (07/25/2012 02:35:24 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.

Error: (07/25/2012 02:35:23 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR3.


Microsoft Office Sessions:
=========================
Error: (09/30/2012 05:21:46 PM) (Source: Application Error)(User: )
Description: Skype.exe5.10.0.11650001496unknown0.0.0.000000000c0000005000002041fc001cd9f6aad5543c9C:\Program Files\Skype\Phone\Skype.exeunknownfb487817-0b5d-11e2-ae13-0023ae1cb841

Error: (09/30/2012 05:16:35 PM) (Source: Application Error)(User: )
Description: Skype.exe5.10.0.11650001496unknown0.0.0.000000000c00000050000020419dc01cd9f69fdd893fcC:\Program Files\Skype\Phone\Skype.exeunknown4274b2ba-0b5d-11e2-ae13-0023ae1cb841

Error: (09/30/2012 05:13:33 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary SASKUTIL.

System Error:
The system cannot find the file specified.

Error: (09/30/2012 05:12:11 PM) (Source: Application Error)(User: )
Description: Skype.exe5.10.0.11650001496unknown0.0.0.000000000c000000500000204fe401cd9f695d3aee75C:\Program Files\Skype\Phone\Skype.exeunknowna51ddae3-0b5c-11e2-ae13-0023ae1cb841

Error: (09/30/2012 05:07:57 PM) (Source: Application Error)(User: )
Description: Skype.exe5.10.0.11650001496unknown0.0.0.000000000c000000500000204173001cd9f68ccd8dbe2C:\Program Files\Skype\Phone\Skype.exeunknown0d274cc4-0b5c-11e2-ae13-0023ae1cb841

Error: (09/30/2012 05:07:36 PM) (Source: Application Error)(User: )
Description: Skype.exe5.10.0.11650001496unknown0.0.0.000000000c00000050000020429ac01cd9f68ba6c9140C:\Program Files\Skype\Phone\Skype.exeunknown00aaca55-0b5c-11e2-ae13-0023ae1cb841

Error: (09/30/2012 05:04:51 PM) (Source: Application Error)(User: )
Description: Skype.exe5.10.0.11650001496unknown0.0.0.000000000c0000005000002042a0801cd9f685e481a1fC:\Program Files\Skype\Phone\Skype.exeunknown9e7f5962-0b5b-11e2-ae13-0023ae1cb841

Error: (09/30/2012 05:04:40 PM) (Source: Application Error)(User: )
Description: Skype.exe5.10.0.11650001496unknown0.0.0.000000000c000000500000204264801cd9f68565e228bC:\Program Files\Skype\Phone\Skype.exeunknown98229751-0b5b-11e2-ae13-0023ae1cb841

Error: (09/30/2012 05:04:24 PM) (Source: Application Error)(User: )
Description: Skype.exe5.10.0.11650001496unknown0.0.0.000000000c00000050000020422d401cd9f684e1064aaC:\Program Files\Skype\Phone\Skype.exeunknown8ec4ec15-0b5b-11e2-ae13-0023ae1cb841

Error: (09/30/2012 05:04:10 PM) (Source: Application Error)(User: )
Description: Skype.exe5.10.0.11650001496unknown0.0.0.000000000c000000500000204262001cd9f684490f9abC:\Program Files\Skype\Phone\Skype.exeunknown862d4bbe-0b5b-11e2-ae13-0023ae1cb841


=========================== Installed Programs ============================

7-Zip 9.20
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.278)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Audacity 1.3.14 (Unicode)
Audiosurf Demo
Bonjour (Version: 3.0.0.10)
CamStudio OSS Desktop Recorder (Version: 2.6 Beta r294)
CCleaner (Version: 3.15)
FileZilla Client 3.5.3 (Version: 3.5.3)
Fraps
GIMP 2.6.11 (Version: 2.6.11)
GNU Privacy Guard (Version: 1.4.9)
Google App Engine (Version: 1.6.6.0)
Google Chrome (Version: 22.0.1229.79)
Google Drive (Version: 1.4.3365.1552)
Google Earth (Version: 6.1.0.5001)
Google Talk Plugin (Version: 3.6.1.9117)
Google Update Helper (Version: 1.3.21.123)
IDT Audio (Version: 1.0.6272.0)
Inkscape 0.48.2 (Version: 0.48.2)
inSSIDer (Version: 2.1.4)
iTunes (Version: 10.5.1.42)
Java Auto Updater (Version: 2.0.6.1)
Java(TM) 6 Update 29 (Version: 6.0.290)
Magicka - Demo
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Mozilla Firefox 15.0 (x86 en-US) (Version: 15.0)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
Mozilla Thunderbird 13.0.1 (x86 en-US) (Version: 13.0.1)
Mumble 1.2.3 (Version: 1.2.3)
OnLive
Opera 11.64 (Version: 11.64.1403)
PhoenixRC (Version: 3.00.12)
Picasa 3 (Version: 3.8)
Python 2.7 comtypes-0.6.2
Python 2.7 PIL-1.1.7
Python 2.7 pyHook-1.5.1
Python 2.7 pywin32-216
Python 2.7 setuptools-0.6c11
Python 2.7.2 (Version: 2.7.2150)
Skypeô 5.10 (Version: 5.10.116)
Snagit 11 (Version: 11.0.0)
Sothink SWF Decompiler (Version: 7.0)
Spybot - Search & Destroy (Version: 1.6.2)
Steam (Version: 1.0.0.0)
Sublime Text 2.0.1
synedra View Personal 3.2.0.0 (Version: 3.2.0.0)
Terraria
VLC media player 1.1.11 (Version: 1.1.11)
wxPython 2.8.12.1 (unicode) for Python 2.7 (Version: 2.8.12.1-unicode)
wxPython Docs and Demos 2.8.12.1 (Version: 2.8.12.1)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 33%
Total physical RAM: 3546.36 MB
Available physical RAM: 2362.97 MB
Total Pagefile: 7091.01 MB
Available Pagefile: 5817.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1932.59 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:195.21 GB) (Free:131.27 GB) NTFS

========================= Users: ========================================

User accounts for \\DBOX

Administrator            Damon                    Guest                    

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
And MTB log is attached. - Attached File  Result.zip   4.99KB   1 downloads

Edited by jntkwx, 01 October 2012 - 02:25 PM.
Including MTB log in post (easier to read)


#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:49 PM

Posted 01 October 2012 - 02:39 PM

Both of those logs look normal.

Combofix
Please download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you do not know how to do this you can find out >here< or >here<
3. Double click on Combofix.exe & follow the prompts.

Important:
  • Do not mouseclick combofix's window while it's running. That may cause it to stall.
  • If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

In your next reply, please include:
  • Combofix log
  • How is your computer running now? Please be as descriptive as possible. Include any word-for-word error messages that you may have, and/or screenshots of strange behavior.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:49 PM

Posted 07 October 2012 - 11:16 AM

DamonToo,

It has been 6 days since my last post. Do you still need help?

If you do, please follow my previous instructions.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:09:49 PM

Posted 13 October 2012 - 09:12 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users