Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.
1 - 11 of 11 Posts

·
Registered
Joined
·
22 Posts
Discussion Starter · #1 ·
Hi there :)

I got a virus/trojan of some sort today when an IT technician just had to poke his USB inside my netbook. The immediate effect I noticed was that Google Chrome started opening whatever link I clicked in a new tab, even though I did not press CTRL when clicking. Also, when I clicked the newly opened tab, it instantly closed. I noticed that pressing CTRL + Tab allowed me to swtich between tabs without them closing, so yay for me :rolleyes: What was even weirder was that the virus/trojan not only affected Chrome, but also my desktop. I could no longer drag and drop to move files into a folder, and I can't move a single thing on my desktop (they'd return to their original place and not snap onto another grid/column/row).

Then I tried finding a solution, and came across two posts on Google support forums, describing the exact same problem as what I was facing (both were dated 2011):

http://www.google.com/support/forum/p/Chrome/thread?tid=67613fa3ec0a4204&hl=en

http://www.google.com/support/forum/p/Chrome/thread?tid=74626c629a771199&hl=en

After reading, I realised that when I click Other bookmarks on my bookmarks bar, Chrome will ask if I want to open all of my bookmarks in new tabs. Anyway, the solution posted by the supposed "top contributor" was really a big help :rolleyes:

So here I am :D After running HijackThis, DDS, & GMER, the symptoms are finally gone (after running GMER, actually). It says the thing is a rootkit. But I'm not sure if it's still there...
 

·
Registered
Joined
·
22 Posts
Discussion Starter · #2 ·
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:07:44 PM, on 06/10/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe
C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.6.0.0_0\plugin\ClickClean.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Smadav\SM?RTP.exe
C:\Windows\Explorer.EXE
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Bubbles\Downloads\HijackThis 2.0.5 (Beta)\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_MY&c=94&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_MY&c=94&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_MY&c=94&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_MY&c=94&bd=Pavilion&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [StarterBackgroundChanger] "C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe"
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe" /m
O4 - HKCU\..\Run: [SM?RT-Protection] C:\Program Files\Smadav\SM?RTP.exe rtp
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{99C6BFE8-1B74-4A94-BA82-C6E389CB8E77}: NameServer = 10.50.2.10,10.50.2.11
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
O23 - Service: ArcGIS License Manager - Acresso Software Inc. - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DCService.exe - Unknown owner - C:\ProgramData\DatacardService\DCService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe

--
End of file - 11776 bytes
 

·
Registered
Joined
·
22 Posts
Discussion Starter · #3 ·
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26
Run by Bubbles at 21:09:02 on 2011-10-06
Microsoft Windows 7 Starter 6.1.7601.1.1252.44.1033.18.1790.910 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_8e7d5b9d3a91d8c5\aestsrv.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Windows\system32\conhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\nlssrv32.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\StarterBackgroundChanger\StarterBackgroundChangerTask.exe
C:\Program Files\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.6.0.0_0\plugin\ClickClean.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\PROGRA~1\ESRI\License\arcgis9x\ARCGIS.exe
C:\Windows\Explorer.EXE
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Update\1.3.21.69\GoogleCrashHandler.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Bubbles\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_MY&c=94&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_MY&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_MY&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_MY&c=94&bd=Pavilion&pf=cnnb
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [StarterBackgroundChanger] "c:\program files\starterbackgroundchanger\StarterBackgroundChangerTask.exe"
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 4\Suo10_SmartRAM.exe" /m
uRun: [SM?RT-Protection] c:\program files\smadav\SM?RTP.exe rtp
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-system: WallpaperStyle = 2
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 10.50.2.10 10.50.2.11
TCP: Interfaces\{2A7F4581-686E-42DC-B2C1-212FE4ECE931} : DhcpNameServer = 10.50.2.10 10.50.2.11
TCP: Interfaces\{2A7F4581-686E-42DC-B2C1-212FE4ECE931}\14B696E6162616C657029584 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{2A7F4581-686E-42DC-B2C1-212FE4ECE931}\55D435D23545554454E445 : DhcpNameServer = 10.50.2.10 10.50.2.11
TCP: Interfaces\{2A7F4581-686E-42DC-B2C1-212FE4ECE931}\55D435F5055524C49434 : DhcpNameServer = 10.50.2.10 10.50.2.11
TCP: Interfaces\{2A7F4581-686E-42DC-B2C1-212FE4ECE931}\C4F6262695 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{2A7F4581-686E-42DC-B2C1-212FE4ECE931}\D6578646E6162696C6B68616C616669303 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{99C6BFE8-1B74-4A94-BA82-C6E389CB8E77} : NameServer = 10.50.2.10,10.50.2.11
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: cryptnet32 - cryptnet32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\bubbles\appdata\roaming\mozilla\firefox\profiles\hqyw8ecx.default\
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\bubbles\appdata\local\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\users\bubbles\appdata\local\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\users\bubbles\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Babylon Spelling and Proofreading: [email protected] - c:\program files\mozilla firefox\extensions\[email protected]
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: HP Smart Web Printing: [email protected] - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - %profile%\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Undo Closed Tabs Button: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: HP Smart Web Printing: [email protected] - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-7-17 16184]
R1 archlp;archlp;c:\windows\system32\drivers\ArcHlp.sys [2009-6-4 131584]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl312afba8;MpKsl312afba8;c:\programdata\microsoft\microsoft antimalware\definition updates\{2522921b-aa5c-426f-9625-bc7247420c46}\MpKsl312afba8.sys [2011-10-5 28752]
R1 MpKslf2e01bf2;MpKslf2e01bf2;c:\programdata\microsoft\microsoft antimalware\definition updates\{2522921b-aa5c-426f-9625-bc7247420c46}\MpKslf2e01bf2.sys [2011-10-6 28752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-8-28 29472]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-6 22216]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-8-21 66592]
R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\RegFilter.sys [2011-7-17 30600]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-10-6 41272]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\drivers\cmusbser.sys [2011-1-12 97408]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-8-28 171008]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-10-1 52224]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2011-7-17 19280]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2011-7-17 18768]
.
=============== Created Last 30 ================
.
2011-10-06 07:09:52 -------- d-----w- c:\users\bubbles\appdata\roaming\Smadav
2011-10-06 07:09:49 -------- d-----w- c:\program files\Smadav
2011-10-06 07:09:39 -------- d-sh--w- C:\[Smad-Cage]
2011-10-06 06:43:07 54016 ----a-w- c:\windows\system32\drivers\gncs.sys
2011-10-06 06:31:24 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-06 06:30:14 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-06 05:01:47 -------- d--h--w- C:\Folder Settings
2011-10-06 02:36:32 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2522921b-aa5c-426f-9625-bc7247420c46}\MpKslf2e01bf2.sys
2011-10-05 08:00:40 -------- d-----r- c:\program files\Skype
2011-10-05 07:35:44 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2011-10-05 07:35:41 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-10-05 07:35:40 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-10-05 07:35:38 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-10-05 07:35:16 614532 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2011-10-05 07:34:59 -------- d-----w- c:\users\bubbles\appdata\local\Programs
2011-10-05 07:34:05 -------- d-----w- c:\users\bubbles\appdata\local\ArcSoft
2011-10-05 03:41:11 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2522921b-aa5c-426f-9625-bc7247420c46}\MpKsl312afba8.sys
2011-10-05 03:39:52 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2522921b-aa5c-426f-9625-bc7247420c46}\offreg.dll
2011-10-05 03:39:46 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{2522921b-aa5c-426f-9625-bc7247420c46}\mpengine.dll
2011-10-04 10:32:39 -------- d-----w- c:\programdata\GARMIN
2011-10-04 10:30:23 -------- d-----w- c:\program files\Garmin
2011-10-03 02:53:05 7269712 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-10-02 04:14:28 439632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c50d633c-aff0-43da-9bcd-d85ec9e40bc5}\gapaengine.dll
2011-10-02 03:57:57 -------- d-----w- c:\windows\system32\SPReview
2011-10-02 03:46:50 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-01 10:59:59 -------- d--h--w- c:\programdata\Common Files
2011-10-01 10:59:24 -------- d-----w- c:\programdata\MFAData
2011-10-01 08:27:54 -------- d-----w- c:\windows\system32\EventProviders
2011-10-01 08:25:10 7269712 ------w- c:\programdata\microsoft\windows defender\definition updates\{d90df3f8-06a7-470c-8982-70a7b73d179c}\mpengine.dll
2011-10-01 07:27:20 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-10-01 07:27:09 52224 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2011-10-01 07:27:09 3215872 ----a-w- c:\windows\system32\mstscax.dll
2011-10-01 07:27:09 11776 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2011-10-01 07:27:02 1171456 ----a-w- c:\windows\system32\d3d10warp.dll
2011-10-01 07:27:01 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-10-01 07:27:01 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-10-01 07:25:59 563712 ----a-w- c:\windows\system32\netlogon.dll
2011-10-01 07:24:59 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
2011-10-01 07:23:59 51200 ----a-w- c:\windows\twain_32.dll
2011-10-01 07:22:59 386048 ----a-w- c:\windows\system32\html.iec
2011-10-01 07:20:35 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-10-01 07:20:35 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2011-10-01 07:20:34 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-10-01 07:20:34 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-10-01 07:19:39 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2011-10-01 07:19:09 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2011-10-01 07:19:09 189952 ----a-w- c:\windows\system32\wdscore.dll
2011-10-01 07:16:53 323072 ----a-w- c:\windows\system32\drvstore.dll
2011-10-01 07:16:51 257024 ----a-w- c:\windows\system32\dpx.dll
2011-09-30 08:51:42 -------- d-----w- c:\users\bubbles\appdata\roaming\Nokia Ovi Suite
2011-09-30 08:32:52 -------- d-----w- c:\users\bubbles\appdata\local\NokiaAccount
2011-09-30 07:59:16 -------- d-----w- c:\users\bubbles\appdata\local\Nokia
2011-09-30 07:54:42 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-09-30 07:54:24 -------- d-----w- c:\program files\PC Connectivity Solution
2011-09-30 07:45:56 -------- d-----w- c:\programdata\NokiaInstallerCache
2011-09-21 05:53:58 -------- d-----w- c:\program files\dnrgarmin
2011-09-21 01:35:54 4566176 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2011-09-07 16:43:11 -------- d-----w- c:\program files\Babylon
2011-09-07 16:41:47 -------- d-----w- c:\program files\eRightSoft
.
==================== Find3M ====================
.
2011-10-02 04:30:30 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-07-23 07:40:07 74240 ----a-w- c:\windows\system32\fsutil.exe
2011-07-23 07:40:07 1699328 ----a-w- c:\windows\system32\esent.dll
2011-07-23 07:40:07 148864 ----a-w- c:\windows\system32\drivers\storport.sys
2011-07-23 07:40:07 1211264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-07-23 07:40:06 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-07-23 07:40:06 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-07-23 07:40:05 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-07-23 07:40:05 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-07-23 07:40:05 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-07-23 07:38:30 75776 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-23 07:38:30 5888 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-07-23 07:38:30 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-07-23 07:38:30 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-07-23 07:38:30 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-07-23 07:38:29 43008 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-07-23 07:38:29 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-07-23 07:35:42 2334208 ----a-w- c:\windows\system32\win32k.sys
2011-07-22 04:54:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-21 09:25:20 74752 ----a-w- c:\windows\temp.003
2011-07-21 09:25:20 74752 ----a-w- c:\windows\temp.002
2011-07-21 09:25:20 74752 ----a-w- c:\windows\temp.001
2011-07-21 09:25:20 74752 ----a-w- c:\windows\temp.000
2011-07-21 09:23:31 253952 ------w- c:\windows\Setup1.exe
2011-07-21 09:23:25 74752 ------w- c:\windows\ST6UNST.EXE
2011-07-16 04:27:30 290816 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 02:17:19 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-09 04:29:46 2048 ----a-w- c:\windows\system32\tzres.dll
2011-07-09 02:30:00 223744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2006-05-03 04:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 05:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 07:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-06 16:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
============= FINISH: 21:12:16.49 ===============
 

·
Registered
Joined
·
22 Posts
Discussion Starter · #5 ·
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-06 22:56:07
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\0000006d ST925031 rev.0005
Running: lkh453f3.exe; Driver: C:\Users\Bubbles\AppData\Local\Temp\fwdyypow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKey + 13D1 83490349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834C9D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\drivers\gncs.sys The system cannot find the path specified. !
PAGE [email protected]@3PADA + 4F90 A548E000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE [email protected]@3PADA + 50B3 A548E123 629 Bytes [95, 48, A5, FE, 05, 34, 95, ...]
PAGE [email protected]@3PADA + 5329 A548E399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE [email protected]@3PADA + 538F A548E3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE [email protected]@3PADA + 543B A548E4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ...
---- Processes - GMER 1.0.15 ----

Library C:\Program (*** hidden *** ) @ C:\Program [3244] 0x00400000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6b2af2e9
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\904ce5bf1242
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0x52 0xD4 0xE5 0x4F ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6b2af2e9 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\904ce5bf1242 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0x52 0xD4 0xE5 0x4F ...
Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\[email protected] C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_7.5.7601.17514_fad415412951899dbe43ad6b6c9d75c48b39d5b_cab_11f1f0db
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\[email protected]:\Users\Bubbles\Documents\Downloads\Programs\SUPER \xa9 v2010.build.37 (Jan 2, 2010)\SUPERsetup.exe 1

---- EOF - GMER 1.0.15 ----
 
1 - 11 of 11 Posts
Status
Not open for further replies.
Top