1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Setup.exe virus?

Discussion in 'Virus & Other Malware Removal' started by Klonoa, Feb 22, 2013.

Thread Status:
Not open for further replies.
  1. Klonoa

    Klonoa Thread Starter

    Joined:
    Jul 12, 2007
    Messages:
    16
    A process named setup.exe sometimes launches at around 1-3 AM that eats up all my CPU resources. This happens around once in a week and I've noticed it happen a couple of times. None of my programs should auto-update at this time, as far as I know. The last time I noticed this, there was also a process with a name starting with 20. that closed along with the setup.exe when I ended the process.

    I'm not completely sure if this is a virus, as there haven't been any noticeable effects. It is suspicious, though. I've ran scans with Spybot and Avira Antivir, but they haven't detected anything. Is this a false alarm, or some sort of malware?

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:52:54, on 2013/02/23
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\Ati2evxx.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\Avira\AntiVir Desktop\sched.exe
    E:\WINDOWS\system32\Ati2evxx.exe
    E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\WizMouse\WizMouse.exe
    E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    E:\Program Files\Java\jre6\bin\jqs.exe
    E:\WINDOWS\system32\PnkBstrA.exe
    E:\WINDOWS\system32\svchost.exe
    E:\Program Files\RocketDock\RocketDock.exe
    E:\WINDOWS\system32\drwtsn32.exe
    E:\WINDOWS\system32\drwtsn32.exe
    E:\WINDOWS\explorer.exe
    E:\WINDOWS\explorer.exe
    E:\WINDOWS\system32\drwtsn32.exe
    E:\Program Files\foobar2001\foobar2000.exe
    E:\Program Files\Mozilla Firefox\firefox.exe
    E:\Program Files\Mozilla Firefox\plugin-container.exe
    E:\Documents and Settings\Klonoa\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_FI
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\Program Files\FlashGet\getflash.dll
    O4 - HKLM\..\Run: [StartCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [avgnt] "E:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\CTFMON.EXE
    O4 - HKCU\..\Run: [WizMouse] "E:\Program Files\WizMouse\WizMouse.exe"
    O4 - HKCU\..\Run: [Google Update] "E:\Documents and Settings\Klonoa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Global Startup: Tango Patcher 2600 Reloader.lnk = E:\WINDOWS\Tango Patcher 2600\Reloader.exe
    O8 - Extra context menu item: &Download All with FlashGet - E:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - E:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://E:\WINDOWS\system32\GPhotos.scr/200
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234542872640
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234542859953
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
    O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - E:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Desura Install Service - Desura Pty Ltd - E:\Program Files\Common Files\Desura\desura_service.exe
    O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - E:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Steam Client Service - Valve Corporation - E:\Program Files\Common Files\Steam\SteamService.exe

    --
    End of file - 6427 bytes

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_12
    Run by Klonoa at 3:00:34 on 2013-02-23
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.81.1033.18.3327.1636 [GMT 2:00]
    .
    .
    ============== Running Processes ================
    .
    E:\WINDOWS\system32\Ati2evxx.exe
    E:\Program Files\Avira\AntiVir Desktop\sched.exe
    E:\WINDOWS\system32\Ati2evxx.exe
    E:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\WizMouse\WizMouse.exe
    E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    E:\Program Files\Java\jre6\bin\jqs.exe
    E:\WINDOWS\system32\PnkBstrA.exe
    E:\WINDOWS\system32\wdfmgr.exe
    E:\Program Files\RocketDock\RocketDock.exe
    E:\WINDOWS\system32\drwtsn32.exe
    E:\WINDOWS\system32\drwtsn32.exe
    E:\WINDOWS\explorer.exe
    E:\WINDOWS\explorer.exe
    E:\WINDOWS\system32\drwtsn32.exe
    E:\Program Files\foobar2001\foobar2000.exe
    E:\Program Files\Mozilla Firefox\firefox.exe
    E:\Program Files\Mozilla Firefox\plugin-container.exe
    E:\Documents and Settings\Klonoa\Desktop\HijackThis.exe
    E:\WINDOWS\system32\wbem\wmiprvse.exe
    E:\WINDOWS\System32\svchost.exe -k netsvcs
    E:\WINDOWS\system32\svchost.exe -k NetworkService
    E:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_FI
    mWinlogon: SFCDisable = dword:-99
    BHO: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - e:\program files\flashget\jccatch.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - e:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - e:\program files\flashget\getflash.dll
    uRun: [ctfmon.exe] e:\windows\system32\CTFMON.EXE
    uRun: [WizMouse] "e:\program files\wizmouse\WizMouse.exe"
    uRun: [Google Update] "e:\documents and settings\klonoa\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [StartCCC] "e:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [avgnt] "e:\program files\avira\antivir desktop\avgnt.exe" /min
    dRun: [CTFMON.EXE] e:\windows\system32\CTFMON.EXE
    dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\tangop~1.lnk - e:\windows\tango patcher 2600\Reloader.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    uPolicies-Explorer: ForceClassicControlPanel = dword:1
    uPolicies-Explorer: NoSMMyDocs = dword:1
    uPolicies-Explorer: NoSMMyPictures = dword:1
    mPolicies-Explorer: HideRunAsVerb = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:177
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-Explorer: ForceClassicControlPanel = dword:1
    mPolicies-Explorer: NoSMMyDocs = dword:1
    mPolicies-Explorer: NoSMMyPictures = dword:1
    IE: &Download All with FlashGet - e:\program files\flashget\jc_all.htm
    IE: &Download with FlashGet - e:\program files\flashget\jc_link.htm
    IE: Add to Google Photos Screensa&ver - e:\windows\system32\GPhotos.scr/200
    IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - e:\program files\flashget\FlashGet.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.8.110.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234542872640
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1234542859953
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    TCP: NameServer = 192.168.100.1
    TCP: Interfaces\{BCB25561-630D-4E00-B1E0-9EAE5396D24E} : DHCPNameServer = 192.168.100.1
    Notify: AtiExtEvent - Ati2evxx.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - e:\documents and settings\klonoa\application data\mozilla\firefox\profiles\mc2xuv6o.default\
    FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
    FF - plugin: e:\documents and settings\all users\application data\id software\quakelive\npquakezero.dll
    FF - plugin: e:\documents and settings\klonoa\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: e:\documents and settings\klonoa\local settings\application data\square enix\nprun3d.dll
    FF - plugin: e:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: e:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: e:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: e:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
    FF - plugin: e:\program files\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: e:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 d347bus;d347bus;e:\windows\system32\drivers\d347bus.sys [2009-2-22 155136]
    R0 d347prt;d347prt;e:\windows\system32\drivers\d347prt.sys [2009-2-22 5248]
    R1 avkmgr;avkmgr;e:\windows\system32\drivers\avkmgr.sys [2012-8-4 36000]
    R2 AntiVirSchedulerService;Avira Scheduler;e:\program files\avira\antivir desktop\sched.exe [2012-8-4 86224]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;e:\windows\system32\drivers\AtihdXP3.sys [2012-8-18 103040]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;e:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 cpuz131;cpuz131;\??\e:\docume~1\klonoa\locals~1\temp\cpuz131\cpuz_x32.sys --> e:\docume~1\klonoa\locals~1\temp\cpuz131\cpuz_x32.sys [?]
    S3 Desura Install Service;Desura Install Service;e:\program files\common files\desura\desura_service.exe [2012-7-23 131912]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);e:\windows\system32\drivers\ssudbus.sys [2012-7-3 77624]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
    S3 SUPERWEBCAM;SuperWebcam, WDM Virtual Video Capture Device;e:\windows\system32\drivers\superwebcam.sys [2009-2-22 31872]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;e:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 AntiVirService;Avira Realtime Protection;e:\program files\avira\antivir desktop\avguard.exe [2012-8-4 110032]
    .
    =============== File Associations ===============
    .
    FileExt: .reg: regfile="regedit.exe" "%1"
    ShellExec: FOXITR~1.EXE: print="e:\progra~1\foxits~1\foxitr~1\FOXITR~1.EXE"/p "%1"
    ShellExec: FOXITR~1.EXE: printto="e:\progra~1\foxits~1\foxitr~1\FOXITR~1.EXE"/t "%1" "%2" "%3" "%4"
    .
    =============== Created Last 30 ================
    .
    2013-02-22 18:44:57 -------- d-----w- e:\program files\Spiderweb Software
    2013-02-22 16:56:26 -------- d-----w- e:\documents and settings\klonoa\application data\Mount&Blade Warband
    2013-02-22 16:51:21 -------- d-----w- e:\program files\Mount&Blade Warband
    2013-02-21 20:41:45 -------- d-----w- e:\documents and settings\klonoa\.games
    2013-02-01 21:28:58 -------- d-----w- e:\program files\Grinding Gear Games
    2013-01-31 13:26:49 -------- d-----w- e:\program files\Key
    .
    ==================== Find3M ====================
    .
    2007-04-19 17:39:58 99840 ----a-w- e:\program files\Lunar IPS.exe
    .
    ============= FINISH: 3:00:51.98 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/29/2009 8:52:26 PM
    System Uptime: 11/29/2012 2:06:45 PM (2053 hours ago)
    .
    Motherboard: MSI | | MS-7369
    Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+ | CPU 1 | 3084/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 98 GiB total, 51.616 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 293 GiB total, 20.609 GiB free.
    F: is FIXED (NTFS) - 932 GiB total, 197.781 GiB free.
    G: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    ????3
    µTorrent
    1C Company\Space Rangers 2 - Reboot Add-on
    3D??????
    7-Zip 9.20
    A Valley Without Wind 2
    ƒ`ƒ‹ƒmƒNƒ‰ƒCƒ}[
    Abe's Exoddus
    ActionGameStudio Fonts
    Adobe AIR
    Adobe Flash Player 11 Plugin
    AION Free-To-Play
    AMD Catalyst Install Manager
    AMD Processor Driver
    ASIO4ALL
    ASUS nVidia Driver
    Avernum
    Avira Free Antivirus
    Baldur's Gate(TM) II - Throne of Bhaal (TM)
    Billy 4.1
    Bionic Commando Rearmed
    Blue Fiend - Programmed by William Starkovich
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    CDisplay 1.8
    Cherry Tree High Comedy Club 1.00
    ClearType Tuning Control Panel Applet
    Collab
    Combined Community Codec Pack 2012-12-30
    Crysis(R) SP Demo
    DAEMON Tools
    Defraggler
    Desura
    DEVIL MAY CRY 4
    Dragonsphere
    Dual-Core Optimizer
    Emote-Launcher (remove only)
    Euro Truck Simulator 2
    Fallout 2 Unofficial Patch 1.02.27.3
    Fallout 3
    Fallout 3 - The Garden of Eden Creation Kit
    Fallout 3 - Unofficial Fallout 3 Patch
    Fallout Mod Manager 0.12.6
    Fallout2
    Faster Than Light
    File Uploader
    FL Studio 8
    FlashGet 1.9.6.1073
    Foxit Reader
    Francesco's leveled creatures-items mod 4.5b
    Francesco's optional new items/creatures 4.5
    Fraps
    Google Chrome
    GTK+ Runtime 2.14.6 rev a (remove only)
    Half-Life 2
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows XP (KB954550-v5)
    HydraVision
    IL Download Manager
    ImgBurn
    Java(TM) 6 Update 12
    La-Mulana
    LEAVEs 1.0E
    Legend of Grimrock
    LibreOffice 3.5
    Microsoft .NET Compact Framework 2.0 SP1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft AppLocale
    Microsoft Game Studios Common Redistributables Pack 1
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Windows Application Compatibility Database
    Microsoft WinUsb 1.0
    Microsoft XML Parser
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    Morrowind
    Mount&Blade Warband
    Mozilla Firefox 19.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 6.0 Parser (KB933579)
    MTP Porting Kit
    MusicBrainz Picard 0.11
    Mystery of the Mummy 1.00
    NC Launcher (GameForge)
    Nikon Message Center
    Nitronic Rush (2012-03-03) version 20120303.0
    NVIDIA Drivers
    NVIDIA PhysX
    Oblivion
    Oblivion - Horse Armor Pack
    Oblivion - Knights of the Nine
    Oblivion - Mehrunes Razor
    Oblivion - Orrery
    Oblivion - Spell Tomes
    Oblivion - Thieves Den
    Oblivion - Vile Lair
    Oblivion - Wizard's Tower
    OpenAL
    Operation Optimization v1.1.1
    Paint.NET v3.36
    Path of Exile
    PhysX Screen Saver
    Picasa 3
    Pidgin
    Pingus
    PoiZone
    PowerResizer
    Prince of Persia Warrior Within
    PunkBuster Services
    Python 2.5
    Quake Live Mozilla Plugin
    QuickSFV (Remove only)
    Realtek High Definition Audio Driver
    RocketDock 1.3.5
    RPG????2000 ??????????
    RTP 1.32 Add-On for RM2k
    RTP for RM2K (Png, Wav, Midi, Fonts)
    Sam and Max - Season Two - Sam and Max Episode 202 - Moai Better Blues
    SAMSUNG USB Driver for Mobile Phones
    Secret Maryo Chronicles
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB923789)
    Sid Meier's Civilization 4
    Sid Meier's Civilization 4 - Beyond the Sword
    Sid Meier's Civilization 4 - Warlords
    Sonic Racer 4k
    Source SDK Base 2007
    SpeedFan (remove only)
    Spybot - Search & Destroy
    Square Enix Secure Launcher
    StarTalesBenchmark
    Steam
    STREET FIGHTER IV BENCHMARK
    System Requirements Lab
    Tango Patcher (Applications) 8.06
    Tango Patcher 2600 8.06
    Team Fortress 2
    TES Construction Set
    The Secret World
    TmNationsForever
    Toxic Biohazard
    Treasure Adventure Game
    Trillian
    TSLRCM 1.8
    Unity Web Player
    Unofficial Oblivion Patch v3.2.0
    Unofficial Shivering Isles Patch v1.4.0
    Vampire - The Masquerade Bloodlines
    WebFldrs XP
    WinDirStat 1.1.2
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Media Format Runtime
    Windows XP Service Pack 3
    WizMouse v1.6.0.2
    Wizorb
    wxPython 2.8.0.1 (ansi) for Python 2.5
    X-Chat 2.8.6-2
    XBCD 1.07
    XBCD Uninstaller
    YsF
    YsI & II COMPLETE
    .
    ==== End Of File ===========================

    GMER 2.1.19081 - http://www.gmer.net
    Rootkit scan 2013-02-23 03:06:22
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6 SAMSUNG_HD501LJ rev.CR100-13 465.76GB
    Running: gmer.exe; Driver: E:\DOCUME~1\Klonoa\LOCALS~1\Temp\ugtdypog.sys


    ---- System - GMER 2.1 ----

    SSDT B86E4384 ZwClose
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xB7E767D0]
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xB7E6AA20]
    SSDT B86E438E ZwCreateSection
    SSDT B86E4334 ZwCreateThread
    SSDT B86E437F ZwDuplicateObject
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xB7E6B2A8]
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xB7E76910]
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xB7E76794]
    SSDT B86E4320 ZwOpenProcess
    SSDT B86E4325 ZwOpenThread
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xB7E6B2C8]
    SSDT B86E43A7 ZwQueryValueKey
    SSDT B86E4398 ZwRequestWaitReplyPort
    SSDT B86E4393 ZwSetContextThread
    SSDT B86E439D ZwSetSecurityObject
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xB7E760B0]
    SSDT sprt.sys ZwSetValueKey [0xB7EC719A]
    SSDT B86E43A2 ZwSystemDebugControl
    SSDT B86E432F ZwTerminateProcess

    INT 0x63 ? 8ADF7BF8
    INT 0x83 ? 8B083BF8
    INT 0x83 ? 8B083BF8
    INT 0x83 ? 8ADF7BF8
    INT 0x83 ? 8B083BF8

    ---- Kernel code sections - GMER 2.1 ----

    ? sprt.sys The system cannot find the file specified. !
    ? The system cannot find the path specified. !
    .text USBPORT.SYS!DllUnload B6F618AC 5 Bytes JMP 8ADF71D8
    .text E:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB670F000, 0x1E2E6E, 0xE8000020]
    .text E:\WINDOWS\system32\DRIVERS\ithsgt.sys section is writeable [0x9A4B0300, 0x21770, 0xE8000020]
    ? E:\DOCUME~1\Klonoa\LOCALS~1\Temp\mbr.sys The filename, directory name, or volume label syntax is incorrect. !

    ---- User code sections - GMER 2.1 ----

    .text E:\Program Files\Mozilla Firefox\firefox.exe[5132] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01588BF0 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text E:\Program Files\Mozilla Firefox\firefox.exe[5132] kernel32.dll!lstrlenW + 43 7C809ADC 7 Bytes JMP 018D7FF0 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text E:\Program Files\Mozilla Firefox\firefox.exe[5132] kernel32.dll!MapViewOfFileEx + 6A 7C80B990 7 Bytes JMP 018D7FCD E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text E:\Program Files\Mozilla Firefox\firefox.exe[5132] kernel32.dll!ValidateLocale + B1E8 7C8449F8 7 Bytes JMP 0159F1AD E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text E:\Program Files\Mozilla Firefox\firefox.exe[5132] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 017577D6 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text E:\Program Files\Mozilla Firefox\firefox.exe[5132] GDI32.dll!SetDIBitsToDevice + 209 77F19E04 7 Bytes JMP 018D7F4E E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text E:\Program Files\Mozilla Firefox\plugin-container.exe[19728] USER32.dll!DefWindowProcA + 11A 7E42C298 7 Bytes JMP 10831678 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text E:\Program Files\Mozilla Firefox\plugin-container.exe[19728] USER32.dll!SetWindowLongA + 19 7E42C2B6 7 Bytes JMP 10831607 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text E:\Program Files\Mozilla Firefox\plugin-container.exe[19728] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1045FBF7 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text E:\Program Files\Mozilla Firefox\plugin-container.exe[19728] USER32.dll!GetMenuContextHelpId + 1A 7E465319 7 Bytes JMP 10460118 E:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Devices - GMER 2.1 ----

    Device \FileSystem\Ntfs \Ntfs 8B0121F8
    Device \FileSystem\Ntfs \Ntfs 8AFC5280
    Device \FileSystem\Fastfat \FatCdrom 893CD1F8
    Device \FileSystem\Fastfat \FatCdrom 8944D5B8
    Device \FileSystem\Udfs \UdfsCdRom 89CDD1F8
    Device \FileSystem\Udfs \UdfsCdRom 87F35FB0
    Device \FileSystem\Udfs \UdfsDisk 89CDD1F8
    Device \FileSystem\Udfs \UdfsDisk 87F35FB0
    Device \Driver\usbohci \Device\USBPDO-0 8ADF61F8
    Device \Driver\usbehci \Device\USBPDO-1 8ADF51F8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 8B0141F8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 8B0141F8
    Device \Driver\Cdrom \Device\CdRom0 8AB97518
    Device \FileSystem\Rdbss \Device\FsWrap 8AC2A2D0
    Device \Driver\atapi \Device\Ide\IdePort0 8ADDA878
    Device \Driver\atapi \Device\Ide\IdePort1 8ADDA878
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-6 8ADDA878
    Device \Driver\atapi \Device\Ide\IdePort2 8ADDA878
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-e 8ADDA878
    Device \Driver\atapi \Device\Ide\IdePort3 8ADDA878
    Device \Driver\Cdrom \Device\CdRom1 8AB97518
    Device \Driver\Ftdisk \Device\HarddiskVolume3 8B0141F8
    Device \Driver\Ftdisk \Device\HarddiskVolume5 8B0141F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{BCB25561-630D-4E00-B1E0-9EAE5396D24E} 8A3C51F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 8A3C51F8
    Device \Driver\NetBT \Device\NetbiosSmb 8A3C51F8
    Device \FileSystem\Srv \Device\LanmanServer 8A31E240
    Device \Driver\usbohci \Device\USBFDO-0 8ADF61F8
    Device \Driver\usbstor \Device\000000e5 8A3C71F8
    Device \Driver\usbehci \Device\USBFDO-1 8ADF51F8
    Device \Driver\usbstor \Device\000000e6 8A3C71F8
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A3A1500
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8ACAD858
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A3A1500
    Device \FileSystem\MRxSmb \Device\LanmanRedirector 8ACAD858
    Device \FileSystem\Npfs \Device\NamedPipe 8ADAB250
    Device \Driver\Ftdisk \Device\FtControl 8B0141F8
    Device \FileSystem\Msfs \Device\Mailslot 8A403480
    Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 8ABFC9B8
    Device \Driver\d347prt \Device\Scsi\d347prt1 8ABFC9B8
    Device \FileSystem\Fastfat \Fat 893CD1F8
    Device \FileSystem\Fastfat \Fat 8944D5B8
    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8ABE3678
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8ABE3678
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8ABE3678
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8ABE3678
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8ABE3678
    Device \FileSystem\Cdfs \Cdfs 8A45B1F8
    Device \FileSystem\Cdfs \Cdfs 8A2FE2D8

    ---- Trace I/O - GMER 2.1 ----

    Trace ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8adda878]<< 8adda878
    Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8afd0ab8] 8afd0ab8
    Trace 3 CLASSPNP.SYS[b80d8fd7] -> nt!IofCallDriver -> \Device\00000069[0x8afa8f18] 8afa8f18
    Trace 5 ACPI.sys[b7e41620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x8afc6940] 8afc6940
    Trace \Driver\atapi[0x8b094090] -> IRP_MJ_CREATE -> 0x8adda878 8adda878

    ---- Modules - GMER 2.1 ----

    Module _________ (FILE NOT FOUND) B7DF3000-B7E0B000 (98304 bytes)

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x20 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0xC5 0xAC 0x1F 0x9C ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x5F 0xAC 0x1F 0x9C ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x5F 0xAC 0x1F 0x9C ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x5F 0xAC 0x1F 0x9C ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x5F 0xAC 0x1F 0x9C ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x20 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x68 0x57 0xD1 0xC1 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x20 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x68 0x57 0xD1 0xC1 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf43
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x20 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x68 0x57 0xD1 0xC1 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0xC2 0x27 0x8D 0xCE ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0xC2 0x27 0x8D 0xCE ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0xC2 0x27 0x8D 0xCE ...

    ---- EOF - GMER 2.1 ----
     
  2. Glaswegian

    Glaswegian Malware Specialist

    Joined:
    Dec 5, 2004
    Messages:
    3,823
    Hi

    My name is Iain and I will be helping you clean your system.

    You may wish to Subscribe to this thread (bottom left corner of this thread) so that you are notified when you receive a reply.

    Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

    Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

    If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

    Please ensure that you follow the instructions in the order I have them listed. Note that if you do not respond within 3 days I shall no longer check this thread for replies.

    Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.


    IMPORTANT - for Windows Vista and Windows 7 start all tools by using right click > Run as Administrator.




    Combofix
    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please read all the information carefully! If using Windows XP you should ensure you install the Recovery Console.

    You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

    Please include the log C:\ComboFix.txt in your next reply for further review.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090650

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice