Trojan found, computer uber slow

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

RabbleRR

Thread Starter
Joined
Nov 15, 2011
Messages
2
Comp is real slow, Kaperksy rootkit takes 15 mins to do when it normally takes 10 secs. Mozilla keeps not responding
Malware anit bytes found a trojan.checker the other day and quaritnted in but still not right

ESET has found 3 THREATS - A VARIANT OF WIN32/INSTALLCORE.D APPLICATION

logs enclosed


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:08:13, on 15/11/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Installer\wlstartup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chris\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.visagecomputers.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.visagecomputers.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Visage Computers
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe

--
End of file - 6117 bytes
---------------------------------------
DDS
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0
Run by Chris at 21:10:19 on 2011-11-15
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1667 [GMT 0:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Installer\wlstartup.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\DllHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\msiexec.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.visagecomputers.co.uk/
uStart Page = hxxp://www.visagecomputers.co.uk/
uWindow Title = Visage Computers
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.2.0.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.2.0.10\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.2.0.10\coIEPlg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71} : DhcpNameServer = 192.168.0.203
TCP: Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\x3c2r6k3.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1302000.00a\symds.sys [2011-11-15 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1302000.00a\symefa.sys [2011-11-15 897656]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20111114.002\BHDrvx86.sys [2011-11-14 819320]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1302000.00a\ccsetx86.sys [2011-11-15 132744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20111112.030\IDSvix86.sys [2011-11-12 368248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1302000.00a\ironx86.sys [2011-11-15 149624]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1302000.00a\symtdiv.sys [2011-11-15 344184]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-19 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-15 366152]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.2.0.10\ccsvchst.exe [2011-11-15 138760]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-15 106104]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-15 22216]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2010-11-19 43520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-11-15 16:55:06 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-11-15 16:51:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 16:51:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-15 16:47:46 -------- d-----w- c:\users\chris\appdata\roaming\SUPERAntiSpyware.com
2011-11-15 16:47:38 -------- d-----w- c:\programdata\!SASCORE
2011-11-15 16:47:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-15 16:47:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-15 16:46:27 -------- d-----w- c:\users\chris\appdata\roaming\Malwarebytes
2011-11-15 16:46:22 -------- d-----w- c:\programdata\Malwarebytes
2011-11-15 16:43:16 -------- d-----w- c:\users\chris\Tracing
2011-11-15 16:39:52 -------- d-----w- c:\users\chris\appdata\local\Secunia PSI
2011-11-15 16:39:47 -------- d-----w- c:\program files\Secunia
2011-11-15 16:15:49 -------- d-----w- c:\users\chris\appdata\local\Windows Live
2011-11-15 16:15:43 -------- d-----w- c:\program files\common files\Windows Live
2011-11-15 16:13:19 -------- d-----w- c:\users\chris\appdata\local\Adobe
2011-11-15 16:07:31 -------- d-----w- c:\program files\FileHippo.com
2011-11-15 16:06:50 897656 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\symefa.sys
2011-11-15 16:06:50 344184 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\symtdiv.sys
2011-11-15 16:06:50 314488 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\symnets.sys
2011-11-15 16:06:49 566904 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\srtsp.sys
2011-11-15 16:06:49 340088 ----a-r- c:\windows\system32\drivers\nis\1302000.00a\symds.sys
2011-11-15 16:06:49 31864 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\srtspx.sys
2011-11-15 16:06:49 149624 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\ironx86.sys
2011-11-15 16:06:49 132744 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\ccsetx86.sys
2011-11-15 16:05:56 -------- d-----w- c:\windows\system32\drivers\nis\1302000.00A
2011-11-15 15:58:05 -------- d-----w- c:\program files\common files\xing shared
2011-11-15 15:55:26 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-15 15:53:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-15 15:37:32 98816 ----a-w- c:\windows\system32\mfps.dll
2011-11-15 15:27:58 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-11-15 15:26:58 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-15 15:24:14 276992 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 15:24:13 707584 ----a-w- c:\program files\common files\system\wab32.dll
2011-11-15 15:18:06 -------- d-----w- c:\programdata\Symantec
2011-11-15 15:18:03 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-11-15 15:18:03 -------- d-----w- c:\program files\Symantec
2011-11-15 15:18:03 -------- d-----w- c:\program files\common files\Symantec Shared
2011-11-15 15:17:12 -------- d-----w- c:\windows\system32\drivers\NIS
2011-11-15 15:17:11 -------- d-----w- c:\program files\Norton Internet Security
2011-11-15 15:17:10 -------- d-----w- c:\programdata\Norton
2011-11-15 15:17:02 -------- d-----w- c:\programdata\NortonInstaller
2011-11-15 15:17:02 -------- d-----w- c:\program files\NortonInstaller
.
==================== Find3M ====================
.
2011-11-15 15:37:32 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-09-20 21:02:55 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
============= FINISH: 21:11:00.18 ===============

-------------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 04/02/2011 10:32:19
System Uptime: 15/11/2011 20:51:21 (1 hours ago)
.
Motherboard: Dell Inc. | | 0K216C
Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2664/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 257.227 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.888 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP16: 15/11/2011 15:14:17 - Windows Update
RP17: 15/11/2011 15:28:20 - Windows Update
RP18: 15/11/2011 15:53:46 - Installed Java(TM) 6 Update 29
RP19: 15/11/2011 15:58:08 - Windows Update
RP20: 15/11/2011 16:10:00 - Installed Java(TM) 7 Update 1
RP21: 15/11/2011 16:12:42 - Installed Adobe Reader X (10.1.0).
RP22: 15/11/2011 16:15:06 - CheckIfInstallerIsBusy
RP24: 15/11/2011 16:16:13 - Windows Live Essentials
RP25: 15/11/2011 16:55:08 - Windows Update
RP26: 15/11/2011 19:40:22 - Windows Update
RP27: 15/11/2011 21:00:35 - Installed HiJackThis
RP28: 15/11/2011 21:06:28 - Removed HiJackThis
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1)
Adobe Shockwave Player 11.6
D3DX10
EasyBCD 1.7
ffdshow [rev 2180] [2008-10-04]
FileHippo.com Update Checker
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 29
Java(TM) 7 Update 1
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 8.0 (x86 en-GB)
MSVCRT
Nero 7 Lite 7.10.1.2
Norton Internet Security
PowerDVD
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Secunia PSI (2.0.0.3003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Segoe UI
SUPERAntiSpyware
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
15/11/2011 16:13:55, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
15/11/2011 16:13:55, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/11/2011 16:13:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================




GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-15 21:30:42
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320613AS rev.DE11
Running: kt1u8r0u.exe; Driver: C:\Users\Chris\AppData\Local\Temp\kfriapod.sys


---- System - GMER 1.0.15 ----

SSDT 867845D0 ZwAlertResumeThread
SSDT 867846B0 ZwAlertThread
SSDT 86784FC0 ZwAllocateVirtualMemory
SSDT 85CD6910 ZwAlpcConnectPort
SSDT 86785D68 ZwAssignProcessToJobObject
SSDT 86784320 ZwCreateMutant
SSDT 86785A88 ZwCreateSymbolicLinkObject
SSDT 8676E878 ZwCreateThread
SSDT 86785E48 ZwDebugActiveProcess
SSDT 8676E580 ZwDuplicateObject
SSDT 86784DE0 ZwFreeVirtualMemory
SSDT 86784410 ZwImpersonateAnonymousToken
SSDT 867844F0 ZwImpersonateThread
SSDT 85CEB1D0 ZwLoadDriver
SSDT 86784CE0 ZwMapViewOfSection
SSDT 86784240 ZwOpenEvent
SSDT 8676E760 ZwOpenProcess
SSDT 8676E4A0 ZwOpenProcessToken
SSDT 86784080 ZwOpenSection
SSDT 8676E670 ZwOpenThread
SSDT 86785C78 ZwProtectVirtualMemory
SSDT 86784790 ZwResumeThread
SSDT 86784A30 ZwSetContextThread
SSDT 86784B10 ZwSetInformationProcess
SSDT 86785F28 ZwSetSystemInformation
SSDT 86784160 ZwSuspendProcess
SSDT 86784870 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8F799640]
SSDT 86784950 ZwTerminateThread
SSDT 86784C00 ZwUnmapViewOfSection
SSDT 86784ED0 ZwWriteVirtualMemory
SSDT 86785B78 ZwCreateThreadEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 81AC48A0 8 Bytes [D0, 45, 78, 86, B0, 46, 78, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 81AC48B4 4 Bytes [C0, 4F, 78, 86] {ROR BYTE [EDI+0x78], 0x86}
.text ntkrnlpa.exe!KeSetEvent + 13D 81AC48C0 4 Bytes [10, 69, CD, 85]
.text ntkrnlpa.exe!KeSetEvent + 191 81AC4914 4 Bytes [68, 5D, 78, 86]
.text ntkrnlpa.exe!KeSetEvent + 1F5 81AC4978 4 Bytes [20, 43, 78, 86]
.text ...
? C:\Users\Chris\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[724] ntdll.dll!LdrLoadDll 76DF93A8 5 Bytes JMP 65CD2EC0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[1368] kernel32.dll!SetUnhandledExceptionFilter 75B7A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2672] USER32.dll!SetWindowLongA 757EE7CD 5 Bytes JMP 6609C350 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2672] USER32.dll!SetWindowLongW 757F13B4 5 Bytes JMP 6609C2E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2672] USER32.dll!GetWindowInfo 757F428E 5 Bytes JMP 65E4E363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2672] USER32.dll!TrackPopupMenu 758014F3 5 Bytes JMP 65E4E91C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top