Jump to content

Mugwamp Jissom

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Mugwamp Jissom
    I think I may have some kind of virus,it has been affecting my java and flash,cant stream any video youtube etc and has made my PC crash. I have run Hijackthis,malwarebytes,DDS & GMER. Any help would be really apreciated,have attached the Hijackthis,DDS & GMER logs. DDS (Ver_10-03-17.01) - NTFSx86 Run by Mugwamp Jissom at 13:14:00.57 on 12/04/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.425 [GMT 1:00] AV: Doctor Web Anti-Virus *On-access scanning enabled* (Updated) {3454C8F1-ECBC-4180-A6F4-04632FBA762B} AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\Ati2evxx.exe svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\DrWeb\SpIDerAgent.exe C:\Program Files\DrWeb\spiderml.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\avcenter.exe C:\Program Files\Avira\AntiVir Desktop\avscan.exe C:\Documents and Settings\Mugwamp Jissom\My Documents\Downloads\jnuxzuuz.exe C:\WINDOWS\System32\vssvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\dllhost.exe C:\Documents and Settings\Mugwamp Jissom\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" mRun: [TI WLAN] c:\program files\wirelwss lan utility\TIWLANCu.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [Creative WebCam Tray] c:\program files\creative\shared files\CAMTRAY.EXE mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [spIDerAgent] "c:\program files\drweb\SpIDerAgent.exe" mRun: [spIDerMail] "c:\program files\drweb\spiderml.exe" -autorun mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll LSP: c:\program files\drweb\drwebsp.dll DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\mugwam~1\applic~1\mozilla\firefox\profiles\4xboofch.default\ FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 DwProt;DrWeb Protection;c:\windows\system32\drivers\dwprot.sys [2010-4-2 116216] R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [2010-4-2 75000] R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-12 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-12 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-12 267432] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-12 60936] R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);c:\program files\common files\doctor web\scanning engine\dwengine.exe [2010-2-24 1491288] R3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\TNET1130.sys [2010-2-22 438912] S4 iteraid;iteraid; [x] S4 Si3112r;Si3112r; [x] S4 viasraid;viasraid; [x] =============== Created Last 30 ================ 2010-04-12 12:13:00 0 d-----w- c:\windows\system32\NtmsData 2010-04-12 12:08:23 0 d-----w- c:\docume~1\mugwam~1\applic~1\Avira 2010-04-12 12:04:45 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2010-04-12 12:04:40 0 d-----w- c:\program files\Avira 2010-04-12 12:04:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-04-12 11:34:07 699904 ----a-w- c:\windows\isRS-000.tmp 2010-04-12 11:27:08 176 ----a-w- c:\documents and settings\mugwamp jissom\defogger_reenable 2010-04-11 11:17:03 0 d-----w- c:\program files\TrendMicro 2010-04-10 22:27:30 73728 ----a-w- c:\windows\system32\javacpl.cpl 2010-04-09 10:42:12 1776 ----a-w- c:\documents and settings\mugwamp jissom\tmp.files1 2010-04-08 17:23:07 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys 2010-04-08 17:23:07 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys 2010-04-04 21:24:04 515416 ----a-w- c:\windows\system32\XAudio2_5.dll 2010-04-04 21:24:02 238936 ----a-w- c:\windows\system32\xactengine3_5.dll 2010-04-04 21:24:00 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll 2010-04-04 21:22:58 238088 ----a-w- c:\windows\system32\xactengine3_0.dll 2010-04-02 20:04:18 0 dc----w- C:\BlueByte 2010-04-02 20:04:06 0 d-----w- c:\documents and settings\mugwamp jissom\WINDOWS 2010-04-02 19:59:58 111 -csh--r- C:\IO32.IDX 2010-04-02 19:59:56 179456 ----a-w- c:\windows\hdk3ctnt.dll 2010-04-02 19:59:54 112 ----a-w- c:\windows\SDDINST.INI 2010-04-02 19:59:54 0 dc----w- C:\sdd 2010-04-02 01:57:54 116216 ----a-w- c:\windows\system32\drivers\dwprot.sys 2010-04-02 01:57:52 75000 ----a-w- c:\windows\system32\drivers\spiderg3.sys 2010-04-02 01:57:42 0 d-----w- c:\program files\DrWeb 2010-04-02 01:57:42 0 d-----w- c:\program files\common files\Doctor Web 2010-04-02 01:57:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Doctor Web 2010-04-02 00:09:16 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2010-03-31 06:27:11 594432 ----a-w- c:\windows\system32\SET2E5.tmp 2010-03-31 06:27:11 55296 ----a-w- c:\windows\system32\SET2E4.tmp 2010-03-31 06:27:11 25600 ------w- c:\windows\system32\SET2E6.tmp 2010-03-31 06:27:09 916480 ----a-w- c:\windows\system32\SET2DF.tmp 2010-03-31 06:27:08 1985536 ----a-w- c:\windows\system32\SET2E8.tmp 2010-03-31 06:27:07 1209344 ----a-w- c:\windows\system32\SET2E0.tmp 2010-03-31 06:27:06 5944832 ----a-w- c:\windows\system32\SET2E3.tmp 2010-03-18 12:13:27 69 ----a-w- c:\windows\NeroDigital.ini 2010-03-16 00:28:00 0 d-----w- c:\program files\MSXML 4.0 2010-03-15 19:36:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero 2010-03-15 17:08:58 0 d-----w- c:\docume~1\mugwam~1\applic~1\Malwarebytes 2010-03-15 17:08:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-15 17:08:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-03-15 17:08:39 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-15 17:08:39 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-15 01:52:57 4984 ----a-w- c:\windows\system32\drivers\nvphy.bin 2010-03-15 01:52:51 6045 ----a-w- c:\windows\system32\nvnrm.nvu 2010-03-15 01:52:49 446464 ----a-w- c:\windows\system32\nvunrm.exe 2010-03-15 01:48:35 0 ----a-w- c:\windows\ativpsrm.bin 2010-03-15 01:43:45 0 d-----w- c:\program files\common files\NVIDIA Shared 2010-03-15 01:43:44 0 d-----w- c:\program files\NVIDIA Corporation 2010-03-15 01:42:58 4624 ----a-w- c:\windows\system32\nvaudio.nvu 2010-03-15 01:42:58 176128 ----a-w- c:\windows\system32\nvuaudio.exe 2010-03-15 01:42:16 176128 ------w- c:\windows\system32\nvuide.exe 2010-03-15 01:38:39 1108 ----a-w- c:\windows\ATICIM.INI 2010-03-14 17:20:53 0 d-----w- c:\program files\common files\DivX Shared 2010-03-14 17:20:51 0 d-----w- c:\program files\DivX 2010-03-14 16:17:20 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-03-14 16:17:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-03-13 21:53:01 0 d-----w- c:\windows\system32\custom matrices 2010-03-13 21:52:47 0 d-----w- c:\windows\system32\QuickTime 2010-03-13 21:52:47 0 d-----w- c:\windows\system32\C2MP 2010-03-13 21:42:35 0 d-----w- c:\program files\Veoh Networks ==================== Find3M ==================== 2010-04-10 22:26:58 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-04 01:48:30 509488 ----a-w- c:\windows\system32\msvcp71.dll 2010-03-04 01:48:30 353840 ----a-w- c:\windows\system32\msvcr71.dll 2010-03-04 01:48:30 1066544 ----a-w- c:\windows\system32\mfc71.dll 2010-02-25 22:52:38 21840 ----atw- c:\windows\system32\SIntfNT.dll 2010-02-25 22:52:37 17212 ----atw- c:\windows\system32\SIntf32.dll 2010-02-25 22:52:37 12067 ----atw- c:\windows\system32\SIntf16.dll 2010-02-25 17:58:52 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-02-25 10:54:36 11070976 ----a-w- c:\windows\system32\SET2EA.tmp 2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll 2010-02-24 02:59:51 720896 ----a-w- c:\windows\iun6002ev.exe 2010-02-22 02:39:59 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-02-12 10:03:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-11 05:17:44 11845632 ----a-w- c:\windows\system32\atioglxx.dll 2010-02-11 05:07:40 307200 ----a-w- c:\windows\system32\atiiiexx.dll 2010-02-11 04:46:14 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2010-02-11 04:45:14 325120 ----a-w- c:\windows\system32\ati2dvag.dll 2010-02-11 04:37:08 290816 ----a-w- c:\windows\system32\atiok3x2.dll 2010-02-11 04:36:00 204800 ----a-w- c:\windows\system32\atipdlxx.dll 2010-02-11 04:35:44 155648 ----a-w- c:\windows\system32\Oemdspif.dll 2010-02-11 04:35:32 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe 2010-02-11 04:35:24 43520 ----a-w- c:\windows\system32\ati2edxx.dll 2010-02-11 04:35:10 155648 ----a-w- c:\windows\system32\ati2evxx.dll 2010-02-11 04:33:56 602112 ----a-w- c:\windows\system32\ati2evxx.exe 2010-02-11 04:32:36 53248 ----a-w- c:\windows\system32\ATIDDC.DLL 2010-02-11 04:25:10 3818144 ----a-w- c:\windows\system32\ati3duag.dll 2010-02-11 04:23:04 45056 ----a-w- c:\windows\system32\aticalrt.dll 2010-02-11 04:22:52 45056 ----a-w- c:\windows\system32\aticalcl.dll 2010-02-11 04:21:14 3227648 ----a-w- c:\windows\system32\aticaldd.dll 2010-02-11 04:12:24 2670592 ----a-w- c:\windows\system32\ativvaxx.dll 2010-02-11 04:12:00 887724 ----a-w- c:\windows\system32\ativva6x.dat 2010-02-11 04:12:00 3107788 ----a-w- c:\windows\system32\ativva5x.dat 2010-02-11 03:59:16 49664 ----a-w- c:\windows\system32\amdpcom32.dll 2010-02-11 03:55:40 475136 ----a-w- c:\windows\system32\atikvmag.dll 2010-02-11 03:54:04 126976 ----a-w- c:\windows\system32\atiadlxx.dll 2010-02-11 03:53:46 17408 ----a-w- c:\windows\system32\atitvo32.dll 2010-02-11 03:47:50 626688 ----a-w- c:\windows\system32\ati2cqag.dll 2010-02-10 21:20:00 593920 ------w- c:\windows\system32\ati2sgag.exe ============= FINISH: 13:16:23.56 =============== GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-04-12 13:24:42 Windows 5.1.2600 Service Pack 3 Running: jnuxzuuz.exe; Driver: C:\DOCUME~1\MUGWAM~1\LOCALS~1\Temp\pwpyrfog.sys ---- System - GMER 1.0.15 ---- SSDT F7B3F026 ZwCreateKey SSDT F7B3F01C ZwCreateThread SSDT F7B3F02B ZwDeleteKey SSDT F7B3F035 ZwDeleteValueKey SSDT F7B3F03A ZwLoadKey SSDT F7B3F008 ZwOpenProcess SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwOpenSection [0xF726F302] SSDT F7B3F00D ZwOpenThread SSDT F7B3F044 ZwReplaceKey SSDT F7B3F03F ZwRestoreKey SSDT F7B3F030 ZwSetValueKey SSDT dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ZwSystemDebugControl [0xF726F230] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) AttachedDevice \Driver\Tcpip \Device\Ip dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) AttachedDevice \Driver\Tcpip \Device\Tcp dwprot.sys (Dr.Web Protection for Windows/Doctor Web, Ltd.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDC 0x74 0xAE 0xA4 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x01 0xC4 0x7A 0x04 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9F 0xA5 0x9F 0x19 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x91 0x38 0x23 0x64 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x01 0xC4 0x7A 0x04 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0F 0xC0 0x85 0x5C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x91 0x38 0x23 0x64 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x01 0xC4 0x7A 0x04 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0F 0xC0 0x85 0x5C ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 01: copy of MBR Disk \Device\Harddisk0\DR0 sector 02: copy of MBR Disk \Device\Harddisk0\DR0 sector 03: copy of MBR Disk \Device\Harddisk0\DR0 sector 04: copy of MBR Disk \Device\Harddisk0\DR0 sector 05: copy of MBR Disk \Device\Harddisk0\DR0 sector 06: copy of MBR Disk \Device\Harddisk0\DR0 sector 07: copy of MBR Disk \Device\Harddisk0\DR0 sector 08: copy of MBR Disk \Device\Harddisk0\DR0 sector 09: copy of MBR Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR Disk \Device\Harddisk0\DR0 sector 11: copy of MBR Disk \Device\Harddisk0\DR0 sector 12: copy of MBR Disk \Device\Harddisk0\DR0 sector 13: copy of MBR Disk \Device\Harddisk0\DR0 sector 14: copy of MBR Disk \Device\Harddisk0\DR0 sector 15: copy of MBR Disk \Device\Harddisk0\DR0 sector 16: copy of MBR Disk \Device\Harddisk0\DR0 sector 17: copy of MBR Disk \Device\Harddisk0\DR0 sector 18: copy of MBR Disk \Device\Harddisk0\DR0 sector 19: copy of MBR Disk \Device\Harddisk0\DR0 sector 20: copy of MBR Disk \Device\Harddisk0\DR0 sector 21: copy of MBR Disk \Device\Harddisk0\DR0 sector 22: copy of MBR Disk \Device\Harddisk0\DR0 sector 23: copy of MBR Disk \Device\Harddisk0\DR0 sector 24: copy of MBR Disk \Device\Harddisk0\DR0 sector 25: copy of MBR Disk \Device\Harddisk0\DR0 sector 26: copy of MBR Disk \Device\Harddisk0\DR0 sector 27: copy of MBR Disk \Device\Harddisk0\DR0 sector 28: copy of MBR Disk \Device\Harddisk0\DR0 sector 29: copy of MBR Disk \Device\Harddisk0\DR0 sector 30: copy of MBR Disk \Device\Harddisk0\DR0 sector 31: copy of MBR Disk \Device\Harddisk0\DR0 sector 32: copy of MBR Disk \Device\Harddisk0\DR0 sector 33: copy of MBR Disk \Device\Harddisk0\DR0 sector 34: copy of MBR Disk \Device\Harddisk0\DR0 sector 35: copy of MBR Disk \Device\Harddisk0\DR0 sector 36: copy of MBR Disk \Device\Harddisk0\DR0 sector 37: copy of MBR Disk \Device\Harddisk0\DR0 sector 38: copy of MBR Disk \Device\Harddisk0\DR0 sector 39: copy of MBR Disk \Device\Harddisk0\DR0 sector 40: copy of MBR Disk \Device\Harddisk0\DR0 sector 41: copy of MBR Disk \Device\Harddisk0\DR0 sector 42: copy of MBR Disk \Device\Harddisk0\DR0 sector 43: copy of MBR Disk \Device\Harddisk0\DR0 sector 44: copy of MBR Disk \Device\Harddisk0\DR0 sector 45: copy of MBR Disk \Device\Harddisk0\DR0 sector 46: copy of MBR Disk \Device\Harddisk0\DR0 sector 47: copy of MBR Disk \Device\Harddisk0\DR0 sector 48: copy of MBR Disk \Device\Harddisk0\DR0 sector 49: copy of MBR Disk \Device\Harddisk0\DR0 sector 50: copy of MBR Disk \Device\Harddisk0\DR0 sector 51: copy of MBR Disk \Device\Harddisk0\DR0 sector 52: copy of MBR Disk \Device\Harddisk0\DR0 sector 53: copy of MBR Disk \Device\Harddisk0\DR0 sector 54: copy of MBR Disk \Device\Harddisk0\DR0 sector 55: copy of MBR Disk \Device\Harddisk0\DR0 sector 56: copy of MBR Disk \Device\Harddisk0\DR0 sector 57: copy of MBR Disk \Device\Harddisk0\DR0 sector 58: copy of MBR Disk \Device\Harddisk0\DR0 sector 59: copy of MBR Disk \Device\Harddisk0\DR0 sector 60: copy of MBR Disk \Device\Harddisk0\DR0 sector 61: copy of MBR Disk \Device\Harddisk0\DR0 sector 62: copy of MBR Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR ---- EOF - GMER 1.0.15 ---- Logfile of Trend Micro HijackThis v2.0.3 (BETA) Scan saved at 14:07:18, on 12/04/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\DrWeb\SpIDerAgent.exe C:\Program Files\DrWeb\spiderml.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [spIDerAgent] "C:\Program Files\DrWeb\SpIDerAgent.exe" O4 - HKLM\..\Run: [spIDerMail] "C:\Program Files\DrWeb\spiderml.exe" -autorun O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: BlueSoleil.lnk = ? O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Dr.Web Scanning Engine (DrWebEngine) (DrWebEngine) - Doctor Web, Ltd. - C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe -- End of file - 7212 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.