Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Search Search
Search for:
Tech Support Guy > > >

How to remove Codec-C?

(New)
(!)

BookCrazyy's Avatar
BookCrazyy BookCrazyy is offline
Member with 1 posts.
THREAD STARTER
 
Join Date: Aug 2012
Experience: Beginner
04-Aug-2012, 03:51 PM #1
How to remove Codec-C?
Codec-C? I googled it, google told me that this is a virus. How do I remove it? It doesn't work when I click uninstall. And I think it seems to be messing with my comp, I had several items missing from windows menu, but I fixed that already. I just need help removing this. Please?

Here is the log from Hijackthis.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:12:18 PM, on 04/08/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\VM303_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\V0710Mon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Windows\STK02N\STK02NM.exe
C:\Users\-ritA-\Desktop\HijackThis.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
O23 - Service: O2FLASH (o2flash) - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 2262 bytes


DDS


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
Run by -ritA- at 13:14:28 on 2012-08-04
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.2038.810 [GMT -5:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\VM303_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\V0710Mon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Windows\STK02N\STK02NM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Users\-ritA-\Desktop\HijackThis.exe
C:\Users\-ritA-\Desktop\dp8qckw2.exe
C:\Users\-ritA-\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\-ritA-\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\-ritA-\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\-ritA-\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\-ritA-\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\-ritA-\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\-ritA-\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.ca/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\19.7.1.5\ips\IPSBHO.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Codec-C Class: {eb64d6b0-ea0e-4061-b650-14fe9bad7ad8} - c:\programdata\codec-c\bhoclass.dll
TB: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB: {90B49673-5506-483E-B92B-CA0265BD9CA8} - No File
uRun: [Google Update] "c:\users\-rita-\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"
mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [BigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [YouCam Mirror Tray icon] "c:\program files\cyberlink\youcam\YouCamTray.exe" /s
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Rocket Live! Central 2] "c:\program files\rocketfish hd webcam lite\live! central\RFLVCentral2.exe" /mode2
mRun: [V0710Mon.exe] c:\windows\V0710Mon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\stk02n~1.lnk - c:\windows\stk02n\STK02NM.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.100.254 142.161.130.155
TCP: Interfaces\{2A7A2EF7-455A-4384-898F-E330B9951C8D} : NameServer = 192.168.100.254
TCP: Interfaces\{3ADC423A-32FF-4DF4-B618-62247ADE10A9} : NameServer = 192.168.100.254
TCP: Interfaces\{3ADC423A-32FF-4DF4-B618-62247ADE10A9} : DhcpNameServer = 192.168.100.254 142.161.130.155
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\-rita-\appdata\roaming\mozilla\firefox\profiles\crk0gh90.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\-rita-\appdata\roaming\mozilla\firefox\profiles\crk0gh90.default\extensions\{29c0 f5ff-3564-46bc-9f4a-50c73f426486}\components\dtTransparency.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\users\-rita-\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\users\-rita-\appdata\roaming\mozilla\firefox\profiles\crk0gh90.default\extensions\{90b4 9673-5506-483e-b92b-ca0265bd9ca8}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1307010.005\symds.sys [2012-6-22 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1307010.005\symefa.sys [2012-6-22 905336]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1307010.005\ccsetx86.sys [2012-6-22 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\ipsdefs\20120803.002_ca6\IDSvix86.s ys [2012-8-3 382624]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1307010.005\ironx86.sys [2012-6-22 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1307010.005\symtdiv.sys [2012-6-22 345208]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\19.7.1.5\ccsvchst.exe [2012-6-22 138232]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-14 1153368]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2012-6-15 144640]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-7-29 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-12 43608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 250056]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-21 106656]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 135664]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-1-8 33792]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-22 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-22 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 V0710Vid;Rocketfish HD Webcam Lite Driver;c:\windows\system32\drivers\V0710Vid.sys [2012-6-15 322240]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v040 0.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-04 17:10:12 -------- d-----w- c:\users\-rita-\appdata\roaming\ImgBurn
2012-08-02 08:43:08 -------- d-----w- c:\users\-rita-\appdata\local\Macromedia
2012-07-28 21:35:57 -------- d-----w- c:\programdata\SMR310
2012-07-28 21:32:44 -------- d-----w- c:\users\-rita-\appdata\local\NPE
2012-07-22 20:56:05 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-22 20:42:00 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-22 20:42:00 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-22 20:42:00 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-22 20:41:58 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-22 20:41:58 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-22 20:41:55 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-12 15:55:27 -------- d-----w- c:\program files\Ask.com
.
==================== Find3M ====================
.
2012-07-23 18:25:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-23 18:25:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-29 22:02:01 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-29 22:02:01 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-22 02:09:25 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 13:15:44.95 ===============







GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-04 14:14:48
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD2500BEVT-75ZCT2 rev.11.01A11
Running: dp8qckw2.exe; Driver: C:\Users\-ritA-\AppData\Local\Temp\ugloapow.sys


---- System - GMER 1.0.15 ----

SSDT 87A820A0 ZwAlertResumeThread
SSDT 87A82180 ZwAlertThread
SSDT 87A80A08 ZwAllocateVirtualMemory
SSDT 879A0D38 ZwAlpcConnectPort
SSDT 87A7F738 ZwAssignProcessToJobObject
SSDT 87A7FE00 ZwCreateMutant
SSDT 87A7F458 ZwCreateSymbolicLinkObject
SSDT 87A80FB0 ZwCreateThread
SSDT 87A7F818 ZwDebugActiveProcess
SSDT 87A80B98 ZwDuplicateObject
SSDT 87A80828 ZwFreeVirtualMemory
SSDT 87A7FEF0 ZwImpersonateAnonymousToken
SSDT 87A7FFD0 ZwImpersonateThread
SSDT 879AD5B8 ZwLoadDriver
SSDT 87A82F70 ZwMapViewOfSection
SSDT 87A7FD20 ZwOpenEvent
SSDT 87A80D38 ZwOpenProcess
SSDT 87A80AD8 ZwOpenProcessToken
SSDT 87A7FA40 ZwOpenSection
SSDT 87A80C68 ZwOpenThread
SSDT 87A7F648 ZwProtectVirtualMemory
SSDT 87A82260 ZwResumeThread
SSDT 87A82CC0 ZwSetContextThread
SSDT 87A82DA0 ZwSetInformationProcess
SSDT 87A7F8F8 ZwSetSystemInformation
SSDT 87A7FB20 ZwSuspendProcess
SSDT 87A82800 ZwSuspendThread
SSDT 87ABB0F8 ZwTerminateProcess
SSDT 87A828E0 ZwTerminateThread
SSDT 87A82E90 ZwUnmapViewOfSection
SSDT 87A80918 ZwWriteVirtualMemory
SSDT 87A7F548 ZwCreateThreadEx

INT 0x51 ? 85A0BBF8
INT 0x51 ? 85A0BBF8
INT 0x51 ? 85A0BBF8
INT 0x51 ? 86A4CBF8
INT 0x51 ? 86A4CBF8
INT 0x51 ? 85A0BBF8
INT 0x61 ? 85A0BBF8
INT 0x71 ? 85A0BBF8
INT 0x91 ? 86A4CBF8
INT 0x91 ? 86A4CBF8
INT 0x92 ? 86A4CBF8
INT 0xA2 ? 86A4CBF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 82CE87E0 8 Bytes [A0, 20, A8, 87, 80, 21, A8, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 82CE87F4 4 Bytes [08, 0A, A8, 87] {OR [EDX], CL; TEST AL, 0x87}
.text ntkrnlpa.exe!KeSetEvent + 13D 82CE8800 4 Bytes [38, 0D, 9A, 87]
.text ntkrnlpa.exe!KeSetEvent + 191 82CE8854 4 Bytes [38, F7, A7, 87]
.text ntkrnlpa.exe!KeSetEvent + 1F5 82CE88B8 4 Bytes [00, FE, A7, 87]
.text ...
? System32\Drivers\spgi.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload 8E13841B 5 Bytes JMP 86A4C1D8
? C:\Users\-ritA-\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85A111F8
Device \FileSystem\fastfat \FatCdrom 867E64D8
Device \Driver\volmgr \Device\VolMgrControl 85A0D1F8
Device \Driver\usbuhci \Device\USBPDO-0 86FDB1F8
Device \Driver\usbuhci \Device\USBPDO-1 86FDB1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{2A7A2EF7-455A-4384-898F-E330B9951C8D} 879BC1F8
Device \Driver\usbehci \Device\USBPDO-2 86FDA1F8
Device \Driver\usbuhci \Device\USBPDO-3 86FDB1F8
Device \Driver\usbuhci \Device\USBPDO-4 86FDB1F8

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBPDO-5 86FDB1F8
Device \Driver\usbehci \Device\USBPDO-6 86FDA1F8
Device \Driver\volmgr \Device\HarddiskVolume1 85A0D1F8
Device \Driver\volmgr \Device\HarddiskVolume2 85A0D1F8
Device \Driver\cdrom \Device\CdRom0 87010500
Device \Driver\volmgr \Device\HarddiskVolume3 85A0D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85A0F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 85A0F1F8
Device \Driver\atapi \Device\Ide\IdePort0 85A0F1F8
Device \Driver\atapi \Device\Ide\IdePort1 85A0F1F8
Device \Driver\atapi \Device\Ide\IdePort2 85A0F1F8
Device \Driver\atapi \Device\Ide\IdePort3 85A0F1F8
Device \Driver\atapi \Device\Ide\IdePort4 85A0F1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 85A101F8
Device \Driver\msahci \Device\Ide\PciIde1Channel1 85A101F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 85A101F8
Device \Driver\netbt \Device\NetBT_Tcpip_{3ADC423A-32FF-4DF4-B618-62247ADE10A9} 879BC1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 879BC1F8
Device \Driver\Smb \Device\NetbiosSmb 8799F1F8
Device \Driver\iScsiPrt \Device\RaidPort0 8706B1F8

AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 86FDB1F8
Device \Driver\usbuhci \Device\USBFDO-1 86FDB1F8
Device \Driver\usbehci \Device\USBFDO-2 86FDA1F8
Device \Driver\usbuhci \Device\USBFDO-3 86FDB1F8
Device \Driver\usbuhci \Device\USBFDO-4 86FDB1F8
Device \Driver\usbuhci \Device\USBFDO-5 86FDB1F8
Device \Driver\usbehci \Device\USBFDO-6 86FDA1F8
Device \FileSystem\fastfat \Fat 867E64D8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs B2D271F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A 64CEC@hdf12 0xF3 0xE4 0x2D 0x69 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CE C@hdf12 0xF3 0xE4 0x2D 0x69 ...

---- EOF - GMER 1.0.15 ----
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
codec-c virus

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑