HDD diagnostic and iexplorer running twice in background with audio ads

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

markpetrak

Thread Starter
Joined
Dec 19, 2010
Messages
3
ok so the server where i work has been infected with the HDD diagnostic virus. i cleaned it or so i thought using mbam as well as other scans. then the server got the BSOD memory dump and it has happened a few times since the cleaning. here are my logs from hijackthis and dds and others as per the read me first sticky.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:28:55 AM, on 12/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Trend Micro\Security Server\PCCSRV\Apache2\bin\Apache.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Shift4\UTG2\UTG2Svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\OfcAoSMgr.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\Apache2\bin\Apache.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\web\service\ofcservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RD1000\Service\RDXmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\DbServer.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\roomMaster\rw5post.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Aspen Company Doc's\Downloads\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://admin.ihotelier.com/adminv6/index.cfm?now=1288881222354&cid=67532
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\SoldotnaAspenServer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: EPI Interface.lnk = ?
O4 - Global Startup: Monitor Apache Servers.lnk = Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: roomMaster for Windows (Quick Start).lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241648670234
O16 - DPF: {9BBB3919-F518-4D06-8209-299FC243FC2A} (Encrypt Class) - https://mainserver:4343/SMB/console/html/root/AtxEnc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB7D8A60-CC66-4D46-9EE1-0C1355A578E6}: NameServer = 192.168.0.1,209.165.131.12
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apache2 - Apache Software Foundation - c:\Program Files\Trend Micro\Security Server\PCCSRV\Apache2\bin\Apache.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Shift4 UTG (v2) (frmUtg2Service) - Shift4 Corporation - C:\Shift4\UTG2\UTG2Svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
O23 - Service: Trend Micro Plug-in Manager (OfcAoSMgr) - Trend Micro Inc. - C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\OfcAoSMgr.exe
O23 - Service: Trend Micro Security Server Master Service (ofcservice) - Trend Micro Inc. - C:\Program Files\Trend Micro\Security Server\PCCSRV\web\service\ofcservice.exe
O23 - Service: RDXmon 1.18 (RDXmon) - Unknown owner - C:\Program Files\RD1000\Service\RDXmon.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
O23 - Service: Trend Micro Client/Server Security Agent Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 10206 bytes



DDS (Ver_10-12-12.02) - NTFSx86
Run by SoldotnaAspenServer at 0:29:55.03 on Mon 12/20/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3054.2286 [GMT -9:00]

AV: Trend Micro Client/Server Security Agent Antivirus *Enabled/Outdated* {319821BB-378F-4DC4-95AE-6FBA2BEB0F5F}
FW: Trend Micro Personal Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Trend Micro\Security Server\PCCSRV\Apache2\bin\Apache.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Shift4\UTG2\UTG2Svc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\OfcAoSMgr.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\Apache2\bin\Apache.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\web\service\ofcservice.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\RD1000\Service\RDXmon.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\Web\Service\DbServer.exe
C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe
C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe
C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\roomMaster\rw5post.exe
C:\Program Files\Trend Micro\Security Server\PCCSRV\Apache2\bin\ApacheMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Aspen Company Doc's\Downloads\HiJackThis.exe
C:\Documents and Settings\SoldotnaAspenServer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SoldotnaAspenServer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\SoldotnaAspenServer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Aspen Company Doc's\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://admin.ihotelier.com/adminv6/index.cfm?now=1288881222354&cid=67532
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\soldotnaaspenserver\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [OfficeScanNT Monitor] "c:\program files\trend micro\client server security agent\pccntmon.exe" -HideWindow
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epiint~1.lnk - c:\program files\roommaster\rw5post.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\program files\trend micro\security server\pccsrv\apache2\bin\ApacheMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\roomma~1.lnk - c:\program files\roommaster\rw5main.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1241648670234
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {9BBB3919-F518-4D06-8209-299FC243FC2A} - hxxps://mainserver:4343/SMB/console/html/root/AtxEnc.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
TCP: {FB7D8A60-CC66-4D46-9EE1-0C1355A578E6} = 192.168.0.1,209.165.131.12
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2009-4-1 24064]
R2 frmUtg2Service;Shift4 UTG (v2);c:\shift4\utg2\UTG2Svc.exe [2009-2-11 3437056]
R2 OfcAoSMgr;Trend Micro Plug-in Manager;c:\program files\trend micro\security server\pccsrv\web\service\OfcAoSMgr.exe [2008-11-6 230784]
R2 ofcservice;Trend Micro Security Server Master Service;c:\program files\trend micro\security server\pccsrv\web\service\OfcService.exe [2009-5-5 2196864]
R2 RDXmon;RDXmon 1.18;c:\program files\rd1000\service\RDXmon.exe [2008-2-7 45056]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-3-1 77824]
R2 TmFilter;Trend Micro Filter;c:\program files\trend micro\client server security agent\tmxpflt.sys [2009-5-5 230928]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\trend micro\client server security agent\tmpreflt.sys [2009-5-5 36368]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [2009-5-7 6016]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2009-4-1 144480]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-5-5 334352]
R3 TmPfw;Trend Micro Client/Server Security Agent Personal Firewall;c:\program files\trend micro\client server security agent\TmPfw.exe [2009-5-5 492888]
R3 TmProxy;Trend Micro Client/Server Security Agent Proxy Service;c:\program files\trend micro\client server security agent\TmProxy.exe [2009-5-5 677128]
S3 RegKernelHelp;RegKernelHelp;\??\c:\program files\safe returner\regkernelhelp.sys --> c:\program files\safe returner\RegKernelHelp.sys [?]
S4 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]

=============== Created Last 30 ================

2010-12-20 08:47:05 -------- d-sha-r- C:\cmdcons
2010-12-20 08:40:02 89088 ----a-w- c:\windows\MBR.exe
2010-12-20 08:40:00 256512 ----a-w- c:\windows\PEV.exe
2010-12-20 08:40:00 161792 ----a-w- c:\windows\SWREG.exe
2010-12-20 08:39:59 98816 ----a-w- c:\windows\sed.exe
2010-12-20 08:36:15 -------- d-----w- C:\ComboFix
2010-12-14 21:59:03 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-14 21:57:50 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-09 07:43:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\SafeReturner
2010-12-09 05:45:26 388096 ----a-r- c:\docume~1\soldot~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-12-09 04:20:04 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-09 04:20:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-12-09 04:19:07 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-12-09 04:05:53 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-08 19:23:17 -------- d-----w- c:\windows\system32\wbem\repository\FS
2010-12-08 19:23:17 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-08 18:54:29 -------- d-----w- c:\program files\Free Window Registry Repair
2010-12-06 21:52:10 0 ----a-w- c:\windows\system32\drivers\sst2D4.tmp

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:27:10 1862272 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 0:36:01.81 ===============



GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-20 01:21:24
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.1AC0
Running: e4gx77l9.exe; Driver: C:\DOCUME~1\SOLDOT~1\LOCALS~1\Temp\fwriiuog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8B90000, 0x19DAB0, 0xE8000020]
? C:\DOCUME~1\SOLDOT~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Threads - GMER 1.0.15 ----

Thread System [4:160] 89AE958D
Thread System [4:164] 89AEA876

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs 1

---- EOF - GMER 1.0.15 ----
 

Attachments

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top