My Disk has taken over/HijackThis & all other requested logs included

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

holkob01

Thread Starter
Joined
Dec 15, 2008
Messages
41
:(Hello all,

Thank you for your help in the past, and thanks in advance with your help with this. I appreciate all of you IMMENSELY! This is my husband's work computer............ouch!

HiJack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:30:08 PM, on 1/9/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_17\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\sholko\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://swebi.schneider-electric.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: InternetDownloadToolBar - {376CA00C-3F95-46F7-8F04-E69906E52A1F} - C:\Program Files\NBget\InternetDownload\IDTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_17\bin\ssv.dll

DDS.txt:


DDS (Ver_10-12-12.02) - NTFSx86
Run by sholko at 12:38:09.25 on Sun 01/09/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.5.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1316 [GMT -6:00]
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\TEMP\Temporary Internet Files\Content.IE5\5OW31H4L\dds[1].scr
============== Pseudo HJT Report ===============


Attack.txt:


DDS (Ver_10-12-12.02) - NTFSx86
Run by sholko at 12:38:09.25 on Sun 01/09/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.5.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1316 [GMT -6:00]
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\TEMP\Temporary Internet Files\Content.IE5\5OW31H4L\dds[1].scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.Google.com/
uSearch Page = hxxp://www.Google.com/
uWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = hxxp://swebi.schneider-electric.com/
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: InternetDownloadToolBar: {376ca00c-3f95-46f7-8f04-e69906e52a1f} - c:\program files\nbget\internetdownload\IDTB.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_17\bin\ssv.dll
TB: InternetDownloadToolBar: {376ca00c-3f95-46f7-8f04-e69906e52a1f} - c:\program files\nbget\internetdownload\IDTB.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.5.0_17\bin\jusched.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IMSCMig] c:\progra~1\common~1\micros~1\ime\imsc40a\IMSCMIG.EXE /Preload
mRun: [IMJPMIG9.0] c:\progra~1\common~1\micros~1\ime\imjp9\IMJPMIG.EXE /Preload /Migration32
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [InternetDownload_upgrade] "c:\program files\nbget\internetdownload\InternetDownload.exe" /upgrade
mRun: [<NO NAME>]
mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{a7091e1d-36a4-47f1-a739-173cc341414f}\Icon3E5562ED7.ico
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: DisallowRun = 1 (0x1)
uPolicies-disallowrun: 1 = badblue.exe
uPolicies-disallowrun: 2 = BearShare.exe
uPolicies-disallowrun: 3 = BitTorrent-3.4.2.exe
uPolicies-disallowrun: 4 = blubster.exe
uPolicies-disallowrun: 5 = BonziBDY.exe
uPolicies-disallowrun: 6 = Direct Connect.exe
uPolicies-disallowrun: 7 = DirectConnect.exe
uPolicies-disallowrun: 8 = djnap.exe
uPolicies-disallowrun: 9 = filetopia.exe
uPolicies-disallowrun: 10 = furhter.bat
uPolicies-disallowrun: 11 = hpSplooge.exe
uPolicies-disallowrun: 12 = IE7-WindowsXP-x86-enu.exe
uPolicies-disallowrun: 13 = iMeshClient.exe
uPolicies-disallowrun: 14 = inoize.exe
uPolicies-disallowrun: 15 = kast.exe
uPolicies-disallowrun: 16 = kazaa.exe
uPolicies-disallowrun: 17 = LimeWire.exe
uPolicies-disallowrun: 18 = mirc.exe
uPolicies-disallowrun: 19 = morpheus.exe
uPolicies-disallowrun: 20 = overnet.exe
uPolicies-disallowrun: 21 = PinPost.exe
uPolicies-disallowrun: 22 = piolet.exe
uPolicies-disallowrun: 23 = runGrokster.exe
uPolicies-disallowrun: 24 = Shareaza.exe
uPolicies-disallowrun: 25 = slsk.exe
uPolicies-disallowrun: 26 = winmx.exe
uPolicies-disallowrun: 27 = wippit.exe
uPolicies-disallowrun: 28 = xolox.exe
mPolicies-explorer: NoMSAppLogo5ChannelNotify = 1 (0x1)
IE: Download by NBget Internet Download - c:\program files\nbget\internetdownload\adddownload.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_17\bin\ssv.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: bmnet.dll
Trusted Zone: apc.com\configurator
Trusted Zone: apc.com\emea2
Trusted Zone: apc.com\emeasametime
Trusted Zone: apc.com\emeasametime.emea
Trusted Zone: apc.com\intouch
Trusted Zone: apc.com\jpaa-en
Trusted Zone: apc.com\jupiter
Trusted Zone: apc.com\jupiter1
Trusted Zone: apc.com\jupiter2
Trusted Zone: apc.com\jupiter4
Trusted Zone: apc.com\lam-en
Trusted Zone: apc.com\lam-es
Trusted Zone: apc.com\namsametime
Trusted Zone: apc.com\namsametime.ams
Trusted Zone: apc.com\order1
Trusted Zone: apc.com\USCMF2F2HVG1.ams
Trusted Zone: apc.com\uscmfcpk8qh1.ams
Trusted Zone: apcc.com\configurator
Trusted Zone: apcc.com\emea2
Trusted Zone: apcc.com\emeasametime
Trusted Zone: apcc.com\intouch
Trusted Zone: apcc.com\jupiter
Trusted Zone: apcc.com\jupiter1
Trusted Zone: apcc.com\jupiter2
Trusted Zone: apcc.com\jupiter4
Trusted Zone: apcc.com\namsametime
Trusted Zone: apcc.com\order1
Trusted Zone: custhelp.com\conextproducts
Trusted Zone: download.com
Trusted Zone: emeasametime
Trusted Zone: namsametime
Trusted Zone: apc.com\emea-cs
Trusted Zone: apc.com\emea-de
Trusted Zone: apc.com\emea-en
Trusted Zone: apc.com\emea-es
Trusted Zone: apc.com\emea-fr
Trusted Zone: apc.com\emea-it
Trusted Zone: apc.com\emea-pl
Trusted Zone: apc.com\emea2
Trusted Zone: apc.com\emeasametime.emea
Trusted Zone: apc.com\intouch
Trusted Zone: apc.com\jpaa-en
Trusted Zone: apc.com\jupiter
Trusted Zone: apc.com\jupiter1
Trusted Zone: apc.com\jupiter2
Trusted Zone: apc.com\jupiter4
Trusted Zone: apc.com\lam-en
Trusted Zone: apc.com\lam-es
Trusted Zone: apc.com\nam-en
Trusted Zone: apc.com\namsametime.ams
Trusted Zone: apc.com\order1
Trusted Zone: apc.com\siebel78.ams
Trusted Zone: apc.com\trojan
Trusted Zone: apc.com\trojan3
Trusted Zone: apcc.com\emea2
Trusted Zone: apcc.com\intouch
Trusted Zone: apcc.com\jupiter
Trusted Zone: apcc.com\jupiter1
Trusted Zone: apcc.com\jupiter2
Trusted Zone: apcc.com\jupiter4
Trusted Zone: apcc.com\order1
Trusted Zone: apcc.com\trojan
Trusted Zone: apcc.com\trojan3
Trusted Zone: custhelp.com\conextproducts
Trusted Zone: emeasametime
Trusted Zone: namsametime
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {54ACA3E0-63F2-4B76-9709-A32581F93FA8} - hxxp://siebel78.ams.apc.com/nam_enu/19230/applets/SiebelAx_HI_Client.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {85615D08-3D5B-4045-976D-231011156A6D} - hxxp://siebel78.ams.apc.com/nam_enu/19230/applets/SiebelAx_OutBound_mail.cab
DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18}
DPF: {C3FB013F-6E58-4B7B-A164-26035E15F5DB} - hxxp://uscmfcpk8qh1.ams.apc.com/19230/applets/SiebelAx_Calendar.cab
DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}
DPF: {DA22A626-F199-47F1-BB8E-87BE3C2F59B0} - hxxp://siebel78.ams.apc.com/nam_enu/19230/applets/SiebelAx_Calendar.cab
DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} - hxxp://uscmfcpk8qh1.ams.apc.com/19230/applets/SiebelAx_HI_Client.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: PCANotify - PCANotify.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\sholko\applic~1\mozilla\firefox\profiles\mttgzb4z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPJPI150_17.dll
FF - plugin: c:\program files\java\jre1.5.0_17\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2003-5-5 16984]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2008-5-19 370872]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-3 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110109.003\naveng.sys [2011-1-9 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110109.003\navex15.sys [2011-1-9 1360760]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2010-7-15 121416]
S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2003-5-19 106496]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2006-11-7 99200]
S3 PCX504;Cisco Systems Wireless LAN Adapter Driver;c:\windows\system32\drivers\PCX504.sys [2003-2-14 96256]
S3 RapFile;RapFile;c:\windows\system32\drivers\RapFile.sys [2003-11-7 36676]
S3 RapNet;RapNet;c:\windows\system32\drivers\RapNet.sys [2003-11-7 24344]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2009-8-12 197504]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [2009-7-22 148992]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
=============== Created Last 30 ================
2011-01-09 03:17:09 -------- d-----w- c:\docume~1\sholko\applic~1\Malwarebytes
2011-01-09 03:17:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-09 03:17:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-09 03:17:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-09 03:17:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-08 19:52:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\fNcNi09000
2010-12-31 22:40:03 -------- d-----w- c:\docume~1\sholko\locals~1\applic~1\Mozilla
2010-12-28 02:43:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\pCaAk09000
==================== Find3M ====================
2003-04-29 22:38:34 153088 ----a-w- c:\program files\UNWISE.EXE
============= FINISH: 12:39:24.26 ===============


ark.txt

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-09 14:44:55
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD800BEVT-75ZCT1 rev.11.01A11
Running: 5lq94spt.exe; Driver: D:\TEMP\kwddquog.sys

---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA8AD8A20]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA8AD9350]
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xA8AD9110]
SSDT 8AA45C78 ZwQueryValueKey
SSDT 8A912FD0 ZwResumeThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA8AD9580]
---- Kernel code sections - GMER 1.0.15 ----
page C:\WINDOWS\System32\Drivers\oz776.sys entry point in "page" section [0xB98AEE34]
? D:\TEMP\mbr.sys The system cannot find the file specified. !
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.sys (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0020e0495cf1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0020e0495cf1 (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0020e0495cf1
---- EOF - GMER 1.0.15 ----
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top