1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

How to remove Codec-C?

Discussion in 'Virus & Other Malware Removal' started by BookCrazyy, Aug 4, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. BookCrazyy

    BookCrazyy Thread Starter

    Joined:
    Aug 4, 2012
    Messages:
    1
    Codec-C? I googled it, google told me that this is a virus. :eek: How do I remove it? It doesn't work when I click uninstall. And I think it seems to be messing with my comp, I had several items missing from windows menu, but I fixed that already. I just need help removing this. Please?

    Here is the log from Hijackthis.


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 1:12:18 PM, on 04/08/2012
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\VM303_STI.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Windows\V0710Mon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Windows\STK02N\STK02NM.exe
    C:\Users\-ritA-\Desktop\HijackThis.exe

    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
    O23 - Service: O2FLASH (o2flash) - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 2262 bytes


    DDS


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_33
    Run by -ritA- at 13:14:28 on 2012-08-04
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.2038.810 [GMT -5:00]
    .
    AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\WLTRYSVC.EXE
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\bcmwltry.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
    C:\Windows\system32\DRIVERS\o2flash.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\WLTRAY.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\VM303_STI.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Windows\V0710Mon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Windows\STK02N\STK02NM.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\-ritA-\Desktop\HijackThis.exe
    C:\Users\-ritA-\Desktop\dp8qckw2.exe
    C:\Users\-ritA-\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\-ritA-\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\-ritA-\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\-ritA-\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\-ritA-\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\-ritA-\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\-ritA-\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://google.ca/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\19.7.1.5\ips\IPSBHO.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Codec-C Class: {eb64d6b0-ea0e-4061-b650-14fe9bad7ad8} - c:\programdata\codec-c\bhoclass.dll
    TB: MP3 Rocket Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
    TB: {90B49673-5506-483E-B92B-CA0265BD9CA8} - No File
    uRun: [Google Update] "c:\users\-rita-\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
    uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
    uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\3.0"
    mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [BigDog303] c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [YouCam Mirror Tray icon] "c:\program files\cyberlink\youcam\YouCamTray.exe" /s
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [Rocket Live! Central 2] "c:\program files\rocketfish hd webcam lite\live! central\RFLVCentral2.exe" /mode2
    mRun: [V0710Mon.exe] c:\windows\V0710Mon.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [<NO NAME>]
    mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\stk02n~1.lnk - c:\windows\stk02n\STK02NM.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.100.254 142.161.130.155
    TCP: Interfaces\{2A7A2EF7-455A-4384-898F-E330B9951C8D} : NameServer = 192.168.100.254
    TCP: Interfaces\{3ADC423A-32FF-4DF4-B618-62247ADE10A9} : NameServer = 192.168.100.254
    TCP: Interfaces\{3ADC423A-32FF-4DF4-B618-62247ADE10A9} : DhcpNameServer = 192.168.100.254 142.161.130.155
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\-rita-\appdata\roaming\mozilla\firefox\profiles\crk0gh90.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
    FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
    FF - component: c:\users\-rita-\appdata\roaming\mozilla\firefox\profiles\crk0gh90.default\extensions\{29c0f5ff-3564-46bc-9f4a-50c73f426486}\components\dtTransparency.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\users\-rita-\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\users\-rita-\appdata\roaming\mozilla\firefox\profiles\crk0gh90.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}\plugins\np-mswmp.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1307010.005\symds.sys [2012-6-22 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1307010.005\symefa.sys [2012-6-22 905336]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\bashdefs\20120711.002\BHDrvx86.sys [2012-7-12 821920]
    R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1307010.005\ccsetx86.sys [2012-6-22 132744]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.1.0.28\definitions\ipsdefs\20120803.002_ca6\IDSvix86.sys [2012-8-3 382624]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1307010.005\ironx86.sys [2012-6-22 149624]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nav\1307010.005\symtdiv.sys [2012-6-22 345208]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\19.7.1.5\ccsvchst.exe [2012-6-22 138232]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-14 1153368]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2012-6-15 144640]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-7-29 51288]
    R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2008-6-12 43608]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 135664]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 250056]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-21 106656]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 135664]
    S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2010-1-8 33792]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-22 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-22 8320]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
    S3 V0710Vid;Rocketfish HD Webcam Lite Driver;c:\windows\system32\drivers\V0710Vid.sys [2012-6-15 322240]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-08-04 17:10:12 -------- d-----w- c:\users\-rita-\appdata\roaming\ImgBurn
    2012-08-02 08:43:08 -------- d-----w- c:\users\-rita-\appdata\local\Macromedia
    2012-07-28 21:35:57 -------- d-----w- c:\programdata\SMR310
    2012-07-28 21:32:44 -------- d-----w- c:\users\-rita-\appdata\local\NPE
    2012-07-22 20:56:05 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-07-22 20:42:00 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-22 20:42:00 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-07-22 20:42:00 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-22 20:41:58 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-22 20:41:58 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-22 20:41:55 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2012-07-12 15:55:27 -------- d-----w- c:\program files\Ask.com
    .
    ==================== Find3M ====================
    .
    2012-07-23 18:25:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-23 18:25:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-29 22:02:01 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-06-29 22:02:01 472840 ----a-w- c:\windows\system32\deployJava1.dll
    2012-06-22 02:09:25 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 20:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 20:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 13:15:44.95 ===============







    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-04 14:14:48
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD2500BEVT-75ZCT2 rev.11.01A11
    Running: dp8qckw2.exe; Driver: C:\Users\-ritA-\AppData\Local\Temp\ugloapow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 87A820A0 ZwAlertResumeThread
    SSDT 87A82180 ZwAlertThread
    SSDT 87A80A08 ZwAllocateVirtualMemory
    SSDT 879A0D38 ZwAlpcConnectPort
    SSDT 87A7F738 ZwAssignProcessToJobObject
    SSDT 87A7FE00 ZwCreateMutant
    SSDT 87A7F458 ZwCreateSymbolicLinkObject
    SSDT 87A80FB0 ZwCreateThread
    SSDT 87A7F818 ZwDebugActiveProcess
    SSDT 87A80B98 ZwDuplicateObject
    SSDT 87A80828 ZwFreeVirtualMemory
    SSDT 87A7FEF0 ZwImpersonateAnonymousToken
    SSDT 87A7FFD0 ZwImpersonateThread
    SSDT 879AD5B8 ZwLoadDriver
    SSDT 87A82F70 ZwMapViewOfSection
    SSDT 87A7FD20 ZwOpenEvent
    SSDT 87A80D38 ZwOpenProcess
    SSDT 87A80AD8 ZwOpenProcessToken
    SSDT 87A7FA40 ZwOpenSection
    SSDT 87A80C68 ZwOpenThread
    SSDT 87A7F648 ZwProtectVirtualMemory
    SSDT 87A82260 ZwResumeThread
    SSDT 87A82CC0 ZwSetContextThread
    SSDT 87A82DA0 ZwSetInformationProcess
    SSDT 87A7F8F8 ZwSetSystemInformation
    SSDT 87A7FB20 ZwSuspendProcess
    SSDT 87A82800 ZwSuspendThread
    SSDT 87ABB0F8 ZwTerminateProcess
    SSDT 87A828E0 ZwTerminateThread
    SSDT 87A82E90 ZwUnmapViewOfSection
    SSDT 87A80918 ZwWriteVirtualMemory
    SSDT 87A7F548 ZwCreateThreadEx

    INT 0x51 ? 85A0BBF8
    INT 0x51 ? 85A0BBF8
    INT 0x51 ? 85A0BBF8
    INT 0x51 ? 86A4CBF8
    INT 0x51 ? 86A4CBF8
    INT 0x51 ? 85A0BBF8
    INT 0x61 ? 85A0BBF8
    INT 0x71 ? 85A0BBF8
    INT 0x91 ? 86A4CBF8
    INT 0x91 ? 86A4CBF8
    INT 0x92 ? 86A4CBF8
    INT 0xA2 ? 86A4CBF8

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 11D 82CE87E0 8 Bytes [A0, 20, A8, 87, 80, 21, A8, ...]
    .text ntkrnlpa.exe!KeSetEvent + 131 82CE87F4 4 Bytes [08, 0A, A8, 87] {OR [EDX], CL; TEST AL, 0x87}
    .text ntkrnlpa.exe!KeSetEvent + 13D 82CE8800 4 Bytes [38, 0D, 9A, 87]
    .text ntkrnlpa.exe!KeSetEvent + 191 82CE8854 4 Bytes [38, F7, A7, 87]
    .text ntkrnlpa.exe!KeSetEvent + 1F5 82CE88B8 4 Bytes [00, FE, A7, 87]
    .text ...
    ? System32\Drivers\spgi.sys The system cannot find the path specified. !
    .text USBPORT.SYS!DllUnload 8E13841B 5 Bytes JMP 86A4C1D8
    ? C:\Users\-ritA-\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 85A111F8
    Device \FileSystem\fastfat \FatCdrom 867E64D8
    Device \Driver\volmgr \Device\VolMgrControl 85A0D1F8
    Device \Driver\usbuhci \Device\USBPDO-0 86FDB1F8
    Device \Driver\usbuhci \Device\USBPDO-1 86FDB1F8
    Device \Driver\netbt \Device\NetBT_Tcpip_{2A7A2EF7-455A-4384-898F-E330B9951C8D} 879BC1F8
    Device \Driver\usbehci \Device\USBPDO-2 86FDA1F8
    Device \Driver\usbuhci \Device\USBPDO-3 86FDB1F8
    Device \Driver\usbuhci \Device\USBPDO-4 86FDB1F8

    AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\usbuhci \Device\USBPDO-5 86FDB1F8
    Device \Driver\usbehci \Device\USBPDO-6 86FDA1F8
    Device \Driver\volmgr \Device\HarddiskVolume1 85A0D1F8
    Device \Driver\volmgr \Device\HarddiskVolume2 85A0D1F8
    Device \Driver\cdrom \Device\CdRom0 87010500
    Device \Driver\volmgr \Device\HarddiskVolume3 85A0D1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85A0F1F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 85A0F1F8
    Device \Driver\atapi \Device\Ide\IdePort0 85A0F1F8
    Device \Driver\atapi \Device\Ide\IdePort1 85A0F1F8
    Device \Driver\atapi \Device\Ide\IdePort2 85A0F1F8
    Device \Driver\atapi \Device\Ide\IdePort3 85A0F1F8
    Device \Driver\atapi \Device\Ide\IdePort4 85A0F1F8
    Device \Driver\msahci \Device\Ide\PciIde1Channel0 85A101F8
    Device \Driver\msahci \Device\Ide\PciIde1Channel1 85A101F8
    Device \Driver\msahci \Device\Ide\PciIde1Channel2 85A101F8
    Device \Driver\netbt \Device\NetBT_Tcpip_{3ADC423A-32FF-4DF4-B618-62247ADE10A9} 879BC1F8
    Device \Driver\netbt \Device\NetBt_Wins_Export 879BC1F8
    Device \Driver\Smb \Device\NetbiosSmb 8799F1F8
    Device \Driver\iScsiPrt \Device\RaidPort0 8706B1F8

    AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

    Device \Driver\usbuhci \Device\USBFDO-0 86FDB1F8
    Device \Driver\usbuhci \Device\USBFDO-1 86FDB1F8
    Device \Driver\usbehci \Device\USBFDO-2 86FDA1F8
    Device \Driver\usbuhci \Device\USBFDO-3 86FDB1F8
    Device \Driver\usbuhci \Device\USBFDO-4 86FDB1F8
    Device \Driver\usbuhci \Device\USBFDO-5 86FDB1F8
    Device \Driver\usbehci \Device\USBFDO-6 86FDA1F8
    Device \FileSystem\fastfat \Fat 867E64D8

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \FileSystem\cdfs \Cdfs B2D271F8

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF3 0xE4 0x2D 0x69 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xF3 0xE4 0x2D 0x69 ...

    ---- EOF - GMER 1.0.15 ----
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1063824