Jump to content

Im having some trouble


Recommended Posts

ok i noticed i was having problems with google. when i do a search and i click on the results i get this "The page - www.google.com/click.php?c=fb9c1bbe032388b0322f6a267300 - does not exist". so i started looking for a fix and i came across spyhunter 3 and after i installed it and ran it, it closes suddenly and i am unable to restart it. i installed malwarebytes and the same thing happens. i also installed trend micro's hijackthis and the same thing happened to it. please help me. i thank you.

Link to post
Share on other sites

Welcome to Malwarebytes!!!! :(

Please download Sysprot Antirootkit

Unzip it into a folder on your desktop.

  • Double-Click Sysprot.exe to start the program.
  • Click on the log tab.
  • In the Write to log box select all items.
  • Click on the Create Log button on the Bottom Right.
  • After a few seconds a new windows should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted too.
  • Open the text file and copy/paste the log here
Link to post
Share on other sites

thank you so much for the help. here is the contents of the log file:

SysProt AntiRootkit v1.0.1.0

by swatkat

********************************************************************************

**********

********************************************************************************

**********

Process:

Name: [system Idle Process]

PID: 0

Hidden: No

Window Visible: No

Name: System

PID: 4

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\smss.exe

PID: 956

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\csrss.exe

PID: 1028

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\winlogon.exe

PID: 1072

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\services.exe

PID: 1120

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\lsass.exe

PID: 1132

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\ati2evxx.exe

PID: 1284

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe

PID: 1308

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe

PID: 1432

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe

PID: 1548

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe

PID: 1612

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe

PID: 1796

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\spoolsv.exe

PID: 704

Hidden: No

Window Visible: No

Name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PID: 1904

Hidden: No

Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

PID: 1932

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe

PID: 1980

Hidden: No

Window Visible: No

Name: C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe

PID: 2024

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\tcpsvcs.exe

PID: 516

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\svchost.exe

PID: 1804

Hidden: No

Window Visible: No

Name: C:\Program Files\AVG\AVG8\avgrsx.exe

PID: 772

Hidden: No

Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

PID: 632

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\ati2evxx.exe

PID: 1488

Hidden: No

Window Visible: No

Name: C:\WINDOWS\explorer.exe

PID: 1856

Hidden: No

Window Visible: No

Name: C:\WINDOWS\StartupMonitor.exe

PID: 2764

Hidden: No

Window Visible: No

Name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

PID: 2812

Hidden: No

Window Visible: Yes

Name: C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

PID: 2860

Hidden: No

Window Visible: No

Name: C:\WINDOWS\system32\ctfmon.exe

PID: 3020

Hidden: No

Window Visible: No

Name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PID: 3028

Hidden: No

Window Visible: No

Name: C:\Program Files\DAEMON Tools\daemon.exe

PID: 3036

Hidden: No

Window Visible: No

Name: C:\Program Files\Upromise\dca-ua.exe

PID: 3044

Hidden: No

Window Visible: No

Name: C:\Program Files\Upromise\UpromiseTray.exe

PID: 3056

Hidden: No

Window Visible: No

Name: C:\Program Files\PeerGuardian2\pg2.exe

PID: 3112

Hidden: No

Window Visible: No

Name: C:\Program Files\FinePixViewer\QuickDCF2.exe

PID: 3332

Hidden: No

Window Visible: No

Name: C:\PROGRA~1\AVG\AVG8\avgtray.exe

PID: 2460

Hidden: No

Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe

PID: 3300

Hidden: No

Window Visible: No

Name: C:\Program Files\Internet Explorer\iexplore.exe

PID: 2480

Hidden: No

Window Visible: No

Name: C:\Documents and Settings\Shane Twogood\Desktop\SysProt\SysProt.exe

PID: 2792

Hidden: No

Window Visible: Yes

********************************************************************************

**********

********************************************************************************

**********

Kernel Modules:

Module Name: \??\C:\Documents and Settings\Shane Twogood\Desktop\SysProt\SysProtDrv.sys

Service Name: SysProtDrv.sys

Module Base: F7637000

Module End: F7642000

Hidden: No

Module Name: \WINDOWS\system32\ntkrnlpa.exe

Service Name: ---

Module Base: 804D7000

Module End: 806CF680

Hidden: No

Module Name: \WINDOWS\system32\hal.dll

Service Name: ---

Module Base: 806D0000

Module End: 806F0300

Hidden: No

Module Name: \WINDOWS\system32\KDCOM.DLL

Service Name: ---

Module Base: F7987000

Module End: F7989000

Hidden: No

Module Name: \WINDOWS\system32\BOOTVID.dll

Service Name: ---

Module Base: F7897000

Module End: F789A000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sptd.sys

Service Name: sptd

Module Base: F72AC000

Module End: F7386000

Hidden: No

Module Name: \WINDOWS\System32\Drivers\WMILIB.SYS

Service Name: ---

Module Base: F7989000

Module End: F798B000

Hidden: No

Module Name: \WINDOWS\System32\Drivers\SCSIPORT.SYS

Service Name: ScsiPort

Module Base: F7294000

Module End: F72AC000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPI.sys

Service Name: ACPI

Module Base: F7266000

Module End: F7294000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pci.sys

Service Name: PCI

Module Base: F7255000

Module End: F7266000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\isapnp.sys

Service Name: isapnp

Module Base: F7487000

Module End: F7491000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ohci1394.sys

Service Name: ohci1394

Module Base: F7497000

Module End: F74A7000

Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\1394BUS.SYS

Service Name: ---

Module Base: F74A7000

Module End: F74B5000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\compbatt.sys

Service Name: Compbatt

Module Base: F789B000

Module End: F789E000

Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\BATTC.SYS

Service Name: BattC

Module Base: F789F000

Module End: F78A3000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pciide.sys

Service Name: PCIIde

Module Base: F7A4F000

Module End: F7A50000

Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Service Name: ---

Module Base: F7707000

Module End: F770E000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\intelide.sys

Service Name: IntelIde

Module Base: F798B000

Module End: F798D000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\viaide.sys

Service Name: ViaIde

Module Base: F798D000

Module End: F798F000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\aliide.sys

Service Name: AliIde

Module Base: F798F000

Module End: F7991000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\pcmcia.sys

Service Name: Pcmcia

Module Base: F7237000

Module End: F7255000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\MountMgr.sys

Service Name: MountMgr

Module Base: F74B7000

Module End: F74C2000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ftdisk.sys

Service Name: Disk

Module Base: F7218000

Module End: F7237000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\ACPIEC.sys

Service Name: ACPIEC

Module Base: F78A3000

Module End: F78A6000

Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS

Service Name: ---

Module Base: F7A50000

Module End: F7A51000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\PartMgr.sys

Service Name: PartMgr

Module Base: F770F000

Module End: F7714000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\VolSnap.sys

Service Name: VolSnap

Module Base: F74C7000

Module End: F74D4000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\atapi.sys

Service Name: atapi

Module Base: F7200000

Module End: F7218000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\disk.sys

Service Name: ---

Module Base: F74D7000

Module End: F74E0000

Hidden: No

Module Name: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

Service Name: ---

Module Base: F74E7000

Module End: F74F4000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\fltmgr.sys

Service Name: FltMgr

Module Base: F71E0000

Module End: F7200000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\sr.sys

Service Name: sr

Module Base: F71CE000

Module End: F71E0000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\KSecDD.sys

Service Name: KSecDD

Module Base: F71B7000

Module End: F71CE000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Ntfs.sys

Service Name: Ntfs

Module Base: F712A000

Module End: F71B7000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\NDIS.sys

Service Name: NDIS

Module Base: F70FD000

Module End: F712A000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\serial.sys

Service Name: Serial

Module Base: F74F7000

Module End: F7507000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\Mup.sys

Service Name: Mup

Module Base: F70E3000

Module End: F70FD000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\BTHidMgr.sys

Service Name: BTHidMgr

Module Base: F7717000

Module End: F771E000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\nic1394.sys

Service Name: NIC1394

Module Base: F7517000

Module End: F7527000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\CmBatt.sys

Service Name: CmBatt

Module Base: F7043000

Module End: F7047000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tunmp.sys

Service Name: tunmp

Module Base: F6FFE000

Module End: F7001000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\AmdPPM.sys

Service Name: AmdPPM

Module Base: F76A7000

Module End: F76B4000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

Service Name: ati2mtag

Module Base: F6C06000

Module End: F6D0C000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS

Service Name: ---

Module Base: F6BF2000

Module End: F6C06000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbohci.sys

Service Name: usbohci

Module Base: F77E7000

Module End: F77EC000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS

Service Name: ---

Module Base: F6BCE000

Module End: F6BF2000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Service Name: usbehci

Module Base: F77EF000

Module End: F77F7000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\imapi.sys

Service Name: Imapi

Module Base: F76B7000

Module End: F76C2000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\cdrbsdrv.SYS

Service Name: cdrbsdrv

Module Base: F6FFA000

Module End: F6FFE000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Service Name: Cdrom

Module Base: F76C7000

Module End: F76D7000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\redbook.sys

Service Name: redbook

Module Base: F76D7000

Module End: F76E6000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ks.sys

Service Name: ---

Module Base: F6BAB000

Module End: F6BCE000

Hidden: No

Module Name: C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys

Service Name: GEARAspiWDM

Module Base: F77F7000

Module End: F77FC000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\i8042prt.sys

Service Name: i8042prt

Module Base: F76E7000

Module End: F76F4000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\kbdclass.sys

Service Name: Kbdclass

Module Base: F77FF000

Module End: F7805000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\SynTP.sys

Service Name: SynTP

Module Base: F6B76000

Module End: F6BAB000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\USBD.SYS

Service Name: ---

Module Base: F79BB000

Module End: F79BD000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mouclass.sys

Service Name: Mouclass

Module Base: F7807000

Module End: F780D000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

Service Name: RTL8023xp

Module Base: F6B5C000

Module End: F6B76000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\tifm21.sys

Service Name: tifm21

Module Base: F6B34000

Module End: F6B5C000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\sdbus.sys

Service Name: sdbus

Module Base: F6B20000

Module End: F6B34000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\camc6hal.sys

Service Name: CAMCHALA

Module Base: F6ACA000

Module End: F6B20000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\camc6aud.sys

Service Name: CAMCAUD

Module Base: F76F7000

Module End: F7701000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\portcls.sys

Service Name: ---

Module Base: F6AA6000

Module End: F6ACA000

Hidden: No

Module Name: C:\WINDOWS\system32\drivers\drmk.sys

Service Name: ---

Module Base: F7527000

Module End: F7536000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys

Service Name: HSFHWATI

Module Base: F6A6D000

Module End: F6AA6000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys

Service Name: HSF_DPV

Module Base: F6970000

Module End: F6A6D000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

Service Name: winachsf

Module Base: F68C0000

Module End: F6970000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Modem.SYS

Service Name: Modem

Module Base: F780F000

Module End: F7817000

Hidden: No

Module Name: \SystemRoot\System32\Drivers\a6dbt60x.SYS

Service Name: ---

Module Base: F6876000

Module End: F68C0000

Hidden: Yes

Module Name: C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

Service Name: WmiAcpi

Module Base: F6D20000

Module End: F6D23000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\audstub.sys

Service Name: audstub

Module Base: F7B9D000

Module End: F7B9E000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

Service Name: Rasl2tp

Module Base: F7537000

Module End: F7544000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndistapi.sys

Service Name: NdisTapi

Module Base: F6D1C000

Module End: F6D1F000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ndiswan.sys

Service Name: NdisWan

Module Base: F685F000

Module End: F6876000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspppoe.sys

Service Name: RasPppoe

Module Base: F7547000

Module End: F7552000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspptp.sys

Service Name: PptpMiniport

Module Base: F7557000

Module End: F7563000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\TDI.SYS

Service Name: ---

Module Base: F785F000

Module End: F7864000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\psched.sys

Service Name: PSched

Module Base: F684E000

Module End: F685F000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\msgpc.sys

Service Name: Gpc

Module Base: F7567000

Module End: F7570000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ptilink.sys

Service Name: Ptilink

Module Base: F7867000

Module End: F786C000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\raspti.sys

Service Name: Raspti

Module Base: F786F000

Module End: F7874000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\termdd.sys

Service Name: TermDD

Module Base: F7577000

Module End: F7581000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\swenum.sys

Service Name: swenum

Module Base: F79C1000

Module End: F79C3000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\update.sys

Service Name: Update

Module Base: F6750000

Module End: F67AE000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mssmbios.sys

Service Name: mssmbios

Module Base: F6D0C000

Module End: F6D10000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\NDProxy.SYS

Service Name: NDProxy

Module Base: F7587000

Module End: F7591000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\usbhub.sys

Service Name: usbhub

Module Base: F75B7000

Module End: F75C6000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS

Service Name: Fs_Rec

Module Base: F79C7000

Module End: F79C9000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Null.SYS

Service Name: Null

Module Base: F7AB9000

Module End: F7ABA000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Beep.SYS

Service Name: Beep

Module Base: F79C9000

Module End: F79CB000

Hidden: No

Module Name: C:\WINDOWS\System32\drivers\vga.sys

Service Name: VgaSave

Module Base: F788F000

Module End: F7895000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\mnmdd.SYS

Service Name: mnmdd

Module Base: F79CB000

Module End: F79CD000

Hidden: No

Module Name: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

Service Name: RDPCDD

Module Base: F79CD000

Module End: F79CF000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Msfs.SYS

Service Name: Msfs

Module Base: F7737000

Module End: F773C000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Npfs.SYS

Service Name: Npfs

Module Base: F773F000

Module End: F7747000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rasacd.sys

Service Name: RasAcd

Module Base: F703F000

Module End: F7042000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipsec.sys

Service Name: IPSec

Module Base: EE65A000

Module End: EE66D000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip.sys

Service Name: Tcpip

Module Base: EE601000

Module End: EE65A000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\SYMTDI.SYS

Service Name: SYMTDI

Module Base: EE5C1000

Module End: EE601000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\tcpip6.sys

Service Name: Tcpip6

Module Base: EE589000

Module End: EE5C1000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgtdix.sys

Service Name: AvgTdiX

Module Base: EE570000

Module End: EE589000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbt.sys

Service Name: NetBT

Module Base: EE548000

Module End: EE570000

Hidden: No

Module Name: C:\WINDOWS\System32\drivers\ws2ifsl.sys

Service Name: WS2IFSL

Module Base: F703B000

Module End: F703E000

Hidden: No

Module Name: C:\WINDOWS\System32\drivers\afd.sys

Service Name: AFD

Module Base: EE4FE000

Module End: EE520000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\netbios.sys

Service Name: NetBIOS

Module Base: F75D7000

Module End: F75E0000

Hidden: No

Module Name: \??\C:\WINDOWS\system32\Drivers\TSKNF800.SYS

Service Name: TSKNF800.SYS

Module Base: F7037000

Module End: F703A000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\rdbss.sys

Service Name: Rdbss

Module Base: EE4D3000

Module End: EE4FE000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

Service Name: MRxSmb

Module Base: EE463000

Module End: EE4D3000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Fips.SYS

Service Name: Fips

Module Base: F75F7000

Module End: F7602000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\wanarp.sys

Service Name: Wanarp

Module Base: F7607000

Module End: F7610000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\arp1394.sys

Service Name: Arp1394

Module Base: F7617000

Module End: F7626000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\FileDisk.SYS

Service Name: FileDisk

Module Base: F7002000

Module End: F7006000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgmfx86.sys

Service Name: AvgMfx86

Module Base: F7747000

Module End: F774D000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\avgldx86.sys

Service Name: AvgLdx86

Module Base: EE2A0000

Module End: EE2F1000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\Cdfs.SYS

Service Name: Cdfs

Module Base: F7667000

Module End: F7677000

Hidden: No

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys

Service Name: ---

Module Base: EE288000

Module End: EE2A0000

Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS

Service Name: ---

Module Base: F79F1000

Module End: F79F3000

Hidden: Yes

Module Name: C:\WINDOWS\System32\drivers\Dxapi.sys

Service Name: ---

Module Base: EE321000

Module End: EE324000

Hidden: No

Module Name: C:\WINDOWS\System32\watchdog.sys

Service Name: ---

Module Base: F776F000

Module End: F7774000

Hidden: No

Module Name: C:\WINDOWS\System32\drivers\dxgthk.sys

Service Name: ---

Module Base: F7A64000

Module End: F7A65000

Hidden: No

Module Name: \systemroot\win32k.sys:1

Service Name: ---

Module Base: F774F000

Module End: F7754000

Hidden: Yes

Module Name: \systemroot\win32k.sys:2

Service Name: ---

Module Base: EE3D3000

Module End: EE3E2000

Hidden: Yes

Module Name: C:\WINDOWS\system32\DRIVERS\ndisuio.sys

Service Name: Ndisuio

Module Base: F7067000

Module End: F706B000

Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\Haspnt.sys

Service Name: Haspnt

Module Base: B8D90000

Module End: B8D9C000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\ASPI32.SYS

Service Name: ASPI32

Module Base: B8C58000

Module End: B8C5C000

Hidden: No

Module Name: C:\WINDOWS\System32\Drivers\HTTP.sys

Service Name: HTTP

Module Base: B8A87000

Module End: B8AC8000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

Service Name: mdmxsdk

Module Base: B8B98000

Module End: B8B9C000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\srv.sys

Service Name: Srv

Module Base: B89BD000

Module End: B8A0F000

Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\tmcomm.sys

Service Name: tmcomm

Module Base: B895B000

Module End: B896D000

Hidden: No

Module Name: C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

Service Name: IpFilterDriver

Module Base: F7627000

Module End: F7630000

Hidden: No

Module Name: \??\C:\Program Files\PeerGuardian2\pgfilter.sys

Service Name: pgfilter

Module Base: F77D7000

Module End: F77DD000

Hidden: No

Module Name: \??\C:\WINDOWS\system32\drivers\rootrepeal.sys

Service Name: rootrepeal

Module Base: B82FB000

Module End: B8307000

Hidden: Yes

********************************************************************************

**********

********************************************************************************

**********

SSDT:

Function Name: ZwCreateKey

Address: F72AD0B0

Driver Base: F72AC000

Driver End: F7386000

Driver Name: sptd.sys

Function Name: ZwEnumerateKey

Address: F72B2A92

Driver Base: F72AC000

Driver End: F7386000

Driver Name: sptd.sys

Function Name: ZwEnumerateValueKey

Address: F72B2E20

Driver Base: F72AC000

Driver End: F7386000

Driver Name: sptd.sys

Function Name: ZwOpenKey

Address: F72AD090

Driver Base: F72AC000

Driver End: F7386000

Driver Name: sptd.sys

Function Name: ZwQueryKey

Address: F72B2EF8

Driver Base: F72AC000

Driver End: F7386000

Driver Name: sptd.sys

Function Name: ZwQueryValueKey

Address: F72B2D78

Driver Base: F72AC000

Driver End: F7386000

Driver Name: sptd.sys

Function Name: ZwSetValueKey

Address: F72B2F8A

Driver Base: F72AC000

Driver End: F7386000

Driver Name: sptd.sys

********************************************************************************

**********

********************************************************************************

**********

No Kernel Hooks found

********************************************************************************

**********

********************************************************************************

**********

IRP Hooks:

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_CREATE

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_CREATE_NAMED_PIPE

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_CLOSE

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_READ

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_WRITE

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_QUERY_INFORMATION

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_SET_INFORMATION

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_QUERY_EA

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_SET_EA

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_QUERY_VOLUME_INFORMATION

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_SET_VOLUME_INFORMATION

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_DIRECTORY_CONTROL

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_FILE_SYSTEM_CONTROL

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_LOCK_CONTROL

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_CLEANUP

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_CREATE_MAILSLOT

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_QUERY_SECURITY

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_SET_SECURITY

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_POWER

Jump To: F72BBDB8

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: F72D6344

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_DEVICE_CHANGE

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_QUERY_QUOTA

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: \Driver\PCI_NTPNP3104

Hooked IRP: IRP_MJ_SET_QUOTA

Jump To: F72D9F18

Hooking Module: C:\WINDOWS\system32\drivers\sptd.sys

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 8A57F550

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 8A57F550

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 8A57F550

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 8A57F550

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys

Hooked IRP: IRP_MJ_POWER

Jump To: 8A57F550

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbohci.sys

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 8A57F550

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 8A71D1E8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_READ

Jump To: 8A71D1E8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_WRITE

Jump To: 8A71D1E8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: 8A71D1E8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 8A71D1E8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 8A71D1E8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: 8A71D1E8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_CLEANUP

Jump To: 8A71D1E8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_POWER

Jump To: 8A71D1E8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\drivers\ftdisk.sys

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 8A71D1E8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 8A2BA980

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 8A2BA980

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 8A2BA980

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 8A2BA980

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\netbt.sys

Hooked IRP: IRP_MJ_CLEANUP

Jump To: 8A2BA980

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 8A5AC8F0

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 8A5AC8F0

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_READ

Jump To: 8A5AC8F0

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_WRITE

Jump To: 8A5AC8F0

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_FLUSH_BUFFERS

Jump To: 8A5AC8F0

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 8A5AC8F0

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 8A5AC8F0

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_SHUTDOWN

Jump To: 8A5AC8F0

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_POWER

Jump To: 8A5AC8F0

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\cdrom.sys

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 8A5AC8F0

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_CREATE

Jump To: 8A5905F8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_CLOSE

Jump To: 8A5905F8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 8A5905F8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 8A5905F8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_POWER

Jump To: 8A5905F8

Hooking Module: _unknown_

Hooked Module: C:\WINDOWS\system32\DRIVERS\usbehci.sys

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 8A5905F8

Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a6dbt60x.SYS

Hooked IRP: IRP_MJ_CREATE

Jump To: 8A4F51E8

Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a6dbt60x.SYS

Hooked IRP: IRP_MJ_CLOSE

Jump To: 8A4F51E8

Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a6dbt60x.SYS

Hooked IRP: IRP_MJ_DEVICE_CONTROL

Jump To: 8A4F51E8

Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a6dbt60x.SYS

Hooked IRP: IRP_MJ_INTERNAL_DEVICE_CONTROL

Jump To: 8A4F51E8

Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a6dbt60x.SYS

Hooked IRP: IRP_MJ_POWER

Jump To: 8A4F51E8

Hooking Module: _unknown_

Hooked Module: \SystemRoot\System32\Drivers\a6dbt60x.SYS

Hooked IRP: IRP_MJ_SYSTEM_CONTROL

Jump To: 8A4F51E8

Hooking Module: _unknown_

********************************************************************************

**********

********************************************************************************

**********

Ports:

Local Address: ARF24.WORKGROUP:1938

Remote Address: RV-IN-F27.GOOGLE.COM:SMTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: ARF24.WORKGROUP:1910

Remote Address: IW-IN-F102.GOOGLE.COM:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: ARF24.WORKGROUP:1908

Remote Address: IW-IN-F99.GOOGLE.COM:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: ARF24.WORKGROUP:1906

Remote Address: IW-IN-F99.GOOGLE.COM:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: ARF24.WORKGROUP:1904

Remote Address: 74.125.95.138:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: ARF24.WORKGROUP:1897

Remote Address: A96-6-45-9.DEPLOY.AKAMAITECHNOLOGIES.COM:HTTP

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: ARF24.WORKGROUP:NETBIOS-SSN

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

Local Address: ARF24:27015

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

State: LISTENING

Local Address: ARF24:18080

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: LISTENING

Local Address: ARF24:13128

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: LISTENING

Local Address: ARF24:10080

Remote Address: LOCALHOST:1933

Type: TCP

Process: [system Idle Process]

State: TIME_WAIT

Local Address: ARF24:10080

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\PROGRA~1\AVG\AVG8\avgnsx.exe

State: LISTENING

Local Address: ARF24:1424

Remote Address: LOCALHOST:10080

Type: TCP

Process: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

State: CLOSE_WAIT

Local Address: ARF24:1032

Remote Address: LOCALHOST:10080

Type: TCP

Process: C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe

State: CLOSE_WAIT

Local Address: ARF24:MICROSOFT-DS

Remote Address: 0.0.0.0:0

Type: TCP

Process: System

State: LISTENING

Local Address: ARF24:EPMAP

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\system32\svchost.exe

State: LISTENING

Local Address: ARF24:CHARGEN

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\system32\tcpsvcs.exe

State: LISTENING

Local Address: ARF24:QOTD

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\system32\tcpsvcs.exe

State: LISTENING

Local Address: ARF24:DAYTIME

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\system32\tcpsvcs.exe

State: LISTENING

Local Address: ARF24:DISCARD

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\system32\tcpsvcs.exe

State: LISTENING

Local Address: ARF24:ECHO

Remote Address: 0.0.0.0:0

Type: TCP

Process: C:\WINDOWS\system32\tcpsvcs.exe

State: LISTENING

Local Address: ARF24.WORKGROUP:EFS

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\svchost.exe

State: NA

Local Address: ARF24.WORKGROUP:138

Remote Address: NA

Type: UDP

Process: System

State: NA

Local Address: ARF24.WORKGROUP:NETBIOS-NS

Remote Address: NA

Type: UDP

Process: System

State: NA

Local Address: ARF24:1703

Remote Address: NA

Type: UDP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: NA

Local Address: ARF24:1427

Remote Address: NA

Type: UDP

Process: C:\Program Files\Internet Explorer\iexplore.exe

State: NA

Local Address: ARF24:4500

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\lsass.exe

State: NA

Local Address: ARF24:500

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\lsass.exe

State: NA

Local Address: ARF24:MICROSOFT-DS

Remote Address: NA

Type: UDP

Process: System

State: NA

Local Address: ARF24:CHARGEN

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\tcpsvcs.exe

State: NA

Local Address: ARF24:QOTD

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\tcpsvcs.exe

State: NA

Local Address: ARF24:DAYTIME

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\tcpsvcs.exe

State: NA

Local Address: ARF24:DISCARD

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\tcpsvcs.exe

State: NA

Local Address: ARF24:ECHO

Remote Address: NA

Type: UDP

Process: C:\WINDOWS\system32\tcpsvcs.exe

State: NA

********************************************************************************

**********

********************************************************************************

**********

Hidden files/folders:

Object: C:\Documents and Settings\Shane Twogood\Favorites\Warez Links\WelCome To ShangHai A.L.A&Booksea Studio--http--www.aladown.com.url

Status: Hidden

Object: C:\System Volume Information\MountPointManagerRemoteDatabase

Status: Access denied

Object: C:\System Volume Information\tracking.log

Status: Access denied

Object: C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}

Status: Access denied

Link to post
Share on other sites

okay that didn't detect anything, but lets try something else.

Download RootRepeal:

http://rootrepeal.googlepages.com/RootRepeal.zip

  • Extract the archive to a folder you create such as C:\RootRepeal
  • Double-click RootRepeal.exe to launch the program (Vista users should right-click and select "Run as Administrator).
  • Click the "File" tab (located at the bottom of the RootRepeal screen)
  • Click the "Scan" button
  • In the popup dialog, check the drives to be scanned - making sure to check your primary operating system drive - normally C:
  • Click OK and the file scan will begin
  • When the scan is done, there will be files listed, but most if not all of them will be legitimate
  • Click the "Save Report" Button
  • Save the log file to your Documents folder
  • Post the content of the RootRepeal file scan log in your next reply.
Link to post
Share on other sites

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1

Link 2

Link 3

CF_download_FF.gif

CF_download_rename.gif

--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
Link to post
Share on other sites

i have a log from combo fix. i read one of the other posts being helped and he had all the same problems and the combo fix that lonny posted for him is what i tried and it worked. here is the log file.

ComboFix Beta_09-08-12.01 - Shane Twogood 08/12/2009 12:50.1.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1918.1360 [GMT -5:00]

Running from: c:\documents and settings\Shane Twogood\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\SHANET~1\LOCALS~1\Temp\server.exe

c:\documents and settings\Shane Twogood\Application Data\addon.dat

c:\documents and settings\Shane Twogood\Application Data\inst.exe

c:\documents and settings\Shane Twogood\Start Menu\Programs\AVI Codec Pack +

c:\documents and settings\Shane Twogood\Start Menu\Programs\AVI Codec Pack +\Check For Updates.lnk

c:\documents and settings\Shane Twogood\Start Menu\Programs\AVI Codec Pack +\Uninstall.lnk

C:\explorer.exe

c:\program files\AVI Codec Pack

c:\program files\AVI Codec Pack\AC3\ac3filter.ax

c:\program files\AVI Codec Pack\AC3\dialog_patch.exe

c:\program files\AVI Codec Pack\DivX 3.11\DivX.inf

c:\program files\AVI Codec Pack\DivX 3.11\DIVX_c32.ax

c:\program files\AVI Codec Pack\DivX 3.11\DivXa32.acm

c:\program files\AVI Codec Pack\DivX 3.11\DivXc32.dll

c:\program files\AVI Codec Pack\DivX 3.11\DivXc32f.dll

c:\program files\AVI Codec Pack\DivX 3.11\L3codeca.acm

c:\program files\AVI Codec Pack\divx.chm

c:\program files\AVI Codec Pack\ffdhow\ffdshow.ax

c:\program files\AVI Codec Pack\ffdhow\ffdshow.ax.manifest

c:\program files\AVI Codec Pack\ffdhow\libavcodec.dll

c:\program files\AVI Codec Pack\ffdhow\libmpeg2_ff.dll

c:\program files\AVI Codec Pack\ffdhow\libmplayer.dll

c:\program files\AVI Codec Pack\ffdhow\TomsMoComp_ff.dll

c:\program files\AVI Codec Pack\LAYER-3\L3CODECP.ACM

c:\program files\AVI Codec Pack\LAYER-3\RaMp3Cfg.exe

c:\program files\AVI Codec Pack\log.ini

c:\program files\AVI Codec Pack\uninstall.exe

c:\program files\bifrost

c:\program files\Bifrost\klog.dat

c:\recycler\S-1-5-21-1089551744-1120685985-1162132538-1003

c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003

c:\windows\Installer\b17c95.msp

c:\windows\system32\drivers\vsfocexromdunw.sys

c:\windows\system32\hs7f3uhduhfukde.dll

c:\windows\system32\vsfoceeejyoucp.dll

c:\windows\system32\vsfoceoiabakdu.dat

C:\xcrashdump.dat

Infected copy of c:\windows\system32\scecli.dll was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\scecli.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_EXPLORER

-------\Legacy_IPRIP

-------\Legacy_NPF

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

-------\Service_explorer

-------\Service_Iprip

((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 )))))))))))))))))))))))))))))))

.

2009-08-12 00:24 . 2009-08-12 01:39 34816 ----a-w- c:\windows\system32\drivers\rootrepeal.sys

2009-08-11 02:53 . 2009-08-11 02:53 0 ----a-w- C:\settings.dat

2009-08-11 02:10 . 2009-08-11 02:10 -------- d-----w- C:\RootRepeal

2009-08-10 01:14 . 2009-08-10 01:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2009-08-10 01:08 . 2009-08-10 01:13 -------- d-----w- c:\program files\Malwares

2009-08-10 01:06 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-10 01:06 . 2009-08-10 01:07 -------- d-----w- c:\program files\Malware

2009-08-10 01:06 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-09 16:24 . 2009-08-09 16:24 -------- d-----w- c:\program files\Trend Micro

2009-08-09 16:17 . 2009-08-10 01:05 -------- d-----w- c:\program files\Malwarebyt Anti-Malware

2009-08-09 15:57 . 2009-08-09 15:57 -------- d-----w- c:\documents and settings\Shane Twogood\Application Data\Malwarebytes

2009-08-09 15:57 . 2009-08-09 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-09 15:37 . 2009-08-09 15:37 97056 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-09 14:56 . 2009-08-09 14:56 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2009-08-09 14:53 . 2009-08-09 14:53 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-08-09 11:27 . 2009-08-09 11:43 -------- d--h--w- C:\$AVG8.VAULT$

2009-08-09 11:01 . 2009-07-24 14:55 1090816 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll

2009-08-09 10:58 . 2009-08-09 10:58 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-08-09 10:58 . 2009-08-09 10:58 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2009-08-09 10:58 . 2009-08-09 10:58 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-08-09 10:58 . 2009-08-09 10:58 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-08-09 10:57 . 2009-08-12 14:02 -------- d-----w- c:\windows\system32\drivers\Avg

2009-08-09 10:57 . 2009-08-09 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2009-08-09 10:57 . 2009-08-09 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2009-08-09 10:51 . 2009-08-09 10:51 -------- d-----w- c:\documents and settings\Shane Twogood\Application Data\AVG8

2009-08-09 08:09 . 2009-08-09 08:10 -------- d-----w- C:\e1d506dc8bc92afb9f5b

2009-08-09 08:08 . 2009-08-09 08:29 -------- d-----w- c:\windows\SxsCaPendDel

2009-08-08 14:52 . 2009-08-10 03:00 -------- d-----w- c:\documents and settings\Shane Twogood\Downloads

2009-08-08 14:52 . 2009-08-09 11:17 -------- d-----w- c:\documents and settings\Shane Twogood\Application Data\NewsLeecher

2009-08-08 14:38 . 2009-08-08 14:38 53760 ----a-w- c:\windows\system32\drivers\WZSZXserv.sys

2009-08-08 14:37 . 2009-08-08 14:37 154632 ----a-w- c:\windows\system32\minix32.exe

2009-08-08 14:37 . 2009-08-08 14:37 -------- d-----w- c:\program files\Windows Antivirus Pro

2009-08-08 14:36 . 2009-08-08 14:37 -------- d-----w- c:\program files\NewsLeecher

2009-08-08 13:38 . 2009-08-09 14:13 -------- d-----w- c:\program files\PeerGuardian2

2009-08-06 09:54 . 2009-08-06 09:56 -------- d-----w- c:\documents and settings\Shane Twogood\Application Data\GrabIt

2009-08-06 09:53 . 2009-08-06 09:53 -------- d-----w- c:\program files\GrabIt

2009-08-04 16:05 . 2009-08-08 19:59 -------- d-----w- c:\documents and settings\Shane Twogood\Local Settings\Application Data\NewsBin

2009-08-04 16:05 . 2009-08-08 12:24 -------- d-----w- c:\program files\NewsBin

2009-08-04 15:59 . 2009-08-04 16:00 -------- d-----w- c:\documents and settings\Shane Twogood\Application Data\GetRightToGo

2009-08-03 17:13 . 2009-08-08 14:36 -------- d-----w- c:\documents and settings\Shane Twogood\Application Data\UseNeXT

2009-08-03 17:12 . 2009-08-03 17:12 -------- d-----w- c:\program files\UseNeXT

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-12 08:04 . 2007-02-13 02:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-10 03:09 . 2007-02-28 18:00 304 ----a-w- c:\documents and settings\Shane Twogood\Application Data\wklnhst.dat

2009-08-08 16:41 . 2006-03-12 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink

2009-08-08 14:39 . 2008-08-24 03:29 -------- d-----w- c:\program files\Windows Desktop Search

2009-08-08 14:38 . 2006-03-12 18:00 -------- d-----w- c:\documents and settings\Shane Twogood\Application Data\Azureus

2009-08-08 11:59 . 2008-05-17 14:38 47360 ----a-w- c:\documents and settings\Shane Twogood\Application Data\pcouffin.sys

2009-08-08 11:59 . 2008-05-17 14:38 47360 ----a-w- c:\documents and settings\Shane Twogood\Application Data\pcouffin.sys

2009-08-08 11:59 . 2008-05-17 14:38 -------- d-----w- c:\documents and settings\Shane Twogood\Application Data\Vso

2009-08-08 11:35 . 2008-08-09 12:11 -------- d-----w- c:\program files\Microsoft Silverlight

2009-08-07 12:01 . 2006-03-12 17:47 -------- d-----w- c:\program files\Azureus

2009-07-14 04:43 . 2004-08-04 08:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-12 11:25 . 2005-04-30 05:38 -------- d-----w- c:\program files\Google

2009-07-03 17:09 . 2004-08-04 08:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-01 03:28 . 2009-06-04 03:44 -------- d-----w- c:\program files\DVDFab 6

2009-06-16 14:36 . 2004-08-04 08:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:36 . 2004-08-04 08:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-03 19:09 . 2004-08-04 08:00 1291264 ----a-w- c:\windows\system32\quartz.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-07-24 14:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-16 68856]

"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]

"Upromise Update"="c:\program files\Upromise\dca-ua.exe" [2009-04-13 96136]

"Upromise Tray"="c:\program files\Upromise\UpromiseTray.exe" [2009-04-14 139264]

"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-11-18 1457152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]

"eBayToolbar"="c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2009-01-17 632048]

"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-09 2000152]

"Run StartupMonitor"="StartupMonitor.exe" - c:\windows\StartupMonitor.exe [2000-05-20 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Exif Launcher 2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2006-9-27 294912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-09 10:58 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"navapsvc"=2 (0x2)

"iPodService"=3 (0x3)

"ccSetMgr"=2 (0x2)

"ccPwdSvc"=3 (0x3)

"ccProxy"=2 (0x2)

"ccEvtMgr"=2 (0x2)

"wscsvc"=2 (0x2)

"SNDSrvc"=2 (0x2)

"SharedAccess"=2 (0x2)

"Messenger"=2 (0x2)

"InCDsrv"=2 (0x2)

"SymWSC"=2 (0x2)

"SPBBCSvc"=2 (0x2)

"SAVScan"=3 (0x3)

"ISSVC"=2 (0x2)

"SBService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Azureus\\Azureus.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\NewsBin\\nbpro.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping

"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)

"49149:TCP"= 49149:TCP:p2p

"49149:UDP"= 49149:UDP:p2p2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/9/2009 5:58 AM 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/9/2009 5:58 AM 108552]

R1 TSKNF800.SYS;TSKNF800.SYS;c:\windows\system32\drivers\Tsknf800.sys [2/28/2009 8:08 AM 17672]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/9/2009 5:57 AM 297752]

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 10:18 AM 231424]

S2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\Drivers\p1c1394.sys --> c:\windows\system32\Drivers\p1c1394.sys [?]

S2 pciinfo;HP Pci Information;\??\c:\docume~1\SHANET~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\SHANET~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]

S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [12/30/2006 12:08 PM 20160]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{BBCDEFGH-1234-IJKL-5678-MNOPQRSTUVWX}]

c:\windows\uninst32.exe

.

- - - - ORPHANS REMOVED - - - -

Notify-__c00804F6 - c:\windows\system32\__c00804F6.dat

.

------- Supplementary Scan -------

.

uStart Page = www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

Trusted Zone: buysub.com\w1

Trusted Zone: gsnrecipes.com\hy-vee

Trusted Zone: microsoft.com\*.update

Trusted Zone: windowsupdate.com\download

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-12 13:00

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1044)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2772)

c:\windows\system32\WININET.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Retrospect\Retrospect 7.5\retrorun.exe

c:\windows\system32\tcpsvcs.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\ati2evxx.exe

.

**************************************************************************

.

Completion time: 2009-08-12 13:08 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-12 18:08

Pre-Run: 18,828,210,176 bytes free

Post-Run: 19,230,056,448 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

278 --- E O F --- 2009-08-12 08:05

Link to post
Share on other sites

i did a quick scan and it found 14 infections. then i did a second 2nd quick scan and it showed 0. then i did a full scan and it found 8 more infectons. everything seems to be running pretty good. a little slow still but better then it was. here are the logs for the quick scan and the full scan. i dont know if its all gone yet but i can run antivirus software and the google thing is gone.

Malwarebytes' Anti-Malware 1.40

Database version: 2612

Windows 5.1.2600 Service Pack 3

8/12/2009 2:49:16 PM

mbam-log-2009-08-12 (14-49-16).txt

Scan type: Quick Scan

Objects scanned: 104362

Time elapsed: 6 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 8

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{bbcdefgh-1234-ijkl-5678-mnopqrstuvwx} (Generic.Bot.H) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\virtualdns.virtualdnsobj (Adware.WebDir) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\virtualdns.virtualdnsobj.1 (Adware.WebDir) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1f63b171-e2f3-4362-a484-8563144d62e6} (Adware.WebDir) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{143414d1-c324-4d6f-9756-5075d9a4a485} (Adware.WebDir) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd4f7a6d-0107-4bdf-b72b-021b717b06ce} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\Windows AntiVirus Pro (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\uninst32.exe (Generic.Bot.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\minix32.exe (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Program Files\Windows AntiVirus Pro\ANTI_files.exe (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\Documents and Settings\Shane Twogood\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.40

Database version: 2612

Windows 5.1.2600 Service Pack 3

8/12/2009 5:19:49 PM

mbam-log-2009-08-12 (17-19-49).txt

Scan type: Full Scan (C:\|)

Objects scanned: 234947

Time elapsed: 1 hour(s), 44 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 8

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Qoobox\Quarantine\C\WINDOWS\system32\hs7f3uhduhfukde.dll.vir (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP779\A0048535.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP779\A0048537.exe (Rogue.WindowsAntiVirusPro) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP779\A0048538.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP779\A0048539.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP779\A0048540.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP788\A0052545.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP789\A0052704.dll (Trojan.Agent) -> Quarantined and deleted successfully.

Link to post
Share on other sites

the os is running alot faster now then it has for a long time. internet explorer loads slow when i first start it. that prolly has something to do with ebay toolbar and google toolbar. thinkin about getting rid of both. i did what you said and it comes up with "Windows cannot find 'ComboFix'. Make sure you typed the name correctly, and then try again. To search for a file. click the Start button, nad then click Search."

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.