1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan found, computer uber slow

Discussion in 'Virus & Other Malware Removal' started by RabbleRR, Nov 15, 2011.

Thread Status:
Not open for further replies.
  1. RabbleRR

    RabbleRR Thread Starter

    Joined:
    Nov 15, 2011
    Messages:
    2
    Comp is real slow, Kaperksy rootkit takes 15 mins to do when it normally takes 10 secs. Mozilla keeps not responding
    Malware anit bytes found a trojan.checker the other day and quaritnted in but still not right

    ESET has found 3 THREATS - A VARIANT OF WIN32/INSTALLCORE.D APPLICATION

    logs enclosed


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:08:13, on 15/11/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Live\Installer\wlstartup.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Chris\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.visagecomputers.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.visagecomputers.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Visage Computers
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\IPS\IPSBHO.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coIEPlg.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe

    --
    End of file - 6117 bytes
    ---------------------------------------
    DDS
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.1.0
    Run by Chris at 21:10:19 on 2011-11-15
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3060.1667 [GMT 0:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Windows Live\Installer\wlstartup.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\msiexec.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.visagecomputers.co.uk/
    uStart Page = hxxp://www.visagecomputers.co.uk/
    uWindow Title = Visage Computers
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\19.2.0.10\coIEPlg.dll
    BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\19.2.0.10\ips\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\19.2.0.10\coIEPlg.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71} : DhcpNameServer = 192.168.0.203
    TCP: Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : DhcpNameServer = 192.168.0.1
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\x3c2r6k3.default\
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1302000.00a\symds.sys [2011-11-15 340088]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1302000.00a\symefa.sys [2011-11-15 897656]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\bashdefs\20111114.002\BHDrvx86.sys [2011-11-14 819320]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nis\1302000.00a\ccsetx86.sys [2011-11-15 132744]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.1.0.28\definitions\ipsdefs\20111112.030\IDSvix86.sys [2011-11-12 368248]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1302000.00a\ironx86.sys [2011-11-15 149624]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1302000.00a\symtdiv.sys [2011-11-15 344184]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-19 116608]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-11-15 366152]
    R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\19.2.0.10\ccsvchst.exe [2011-11-15 138760]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-15 106104]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-11-15 22216]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2010-11-19 43520]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-11-15 16:55:06 876032 ----a-w- c:\windows\system32\XpsPrint.dll
    2011-11-15 16:51:25 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-11-15 16:51:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-11-15 16:47:46 -------- d-----w- c:\users\chris\appdata\roaming\SUPERAntiSpyware.com
    2011-11-15 16:47:38 -------- d-----w- c:\programdata\!SASCORE
    2011-11-15 16:47:34 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-11-15 16:47:34 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-11-15 16:46:27 -------- d-----w- c:\users\chris\appdata\roaming\Malwarebytes
    2011-11-15 16:46:22 -------- d-----w- c:\programdata\Malwarebytes
    2011-11-15 16:43:16 -------- d-----w- c:\users\chris\Tracing
    2011-11-15 16:39:52 -------- d-----w- c:\users\chris\appdata\local\Secunia PSI
    2011-11-15 16:39:47 -------- d-----w- c:\program files\Secunia
    2011-11-15 16:15:49 -------- d-----w- c:\users\chris\appdata\local\Windows Live
    2011-11-15 16:15:43 -------- d-----w- c:\program files\common files\Windows Live
    2011-11-15 16:13:19 -------- d-----w- c:\users\chris\appdata\local\Adobe
    2011-11-15 16:07:31 -------- d-----w- c:\program files\FileHippo.com
    2011-11-15 16:06:50 897656 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\symefa.sys
    2011-11-15 16:06:50 344184 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\symtdiv.sys
    2011-11-15 16:06:50 314488 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\symnets.sys
    2011-11-15 16:06:49 566904 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\srtsp.sys
    2011-11-15 16:06:49 340088 ----a-r- c:\windows\system32\drivers\nis\1302000.00a\symds.sys
    2011-11-15 16:06:49 31864 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\srtspx.sys
    2011-11-15 16:06:49 149624 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\ironx86.sys
    2011-11-15 16:06:49 132744 ----a-w- c:\windows\system32\drivers\nis\1302000.00a\ccsetx86.sys
    2011-11-15 16:05:56 -------- d-----w- c:\windows\system32\drivers\nis\1302000.00A
    2011-11-15 15:58:05 -------- d-----w- c:\program files\common files\xing shared
    2011-11-15 15:55:26 544656 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-15 15:53:40 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-15 15:37:32 98816 ----a-w- c:\windows\system32\mfps.dll
    2011-11-15 15:27:58 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2011-11-15 15:26:58 563712 ----a-w- c:\windows\system32\oleaut32.dll
    2011-11-15 15:24:14 276992 ----a-w- c:\windows\system32\schannel.dll
    2011-11-15 15:24:13 707584 ----a-w- c:\program files\common files\system\wab32.dll
    2011-11-15 15:18:06 -------- d-----w- c:\programdata\Symantec
    2011-11-15 15:18:03 127096 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-11-15 15:18:03 -------- d-----w- c:\program files\Symantec
    2011-11-15 15:18:03 -------- d-----w- c:\program files\common files\Symantec Shared
    2011-11-15 15:17:12 -------- d-----w- c:\windows\system32\drivers\NIS
    2011-11-15 15:17:11 -------- d-----w- c:\program files\Norton Internet Security
    2011-11-15 15:17:10 -------- d-----w- c:\programdata\Norton
    2011-11-15 15:17:02 -------- d-----w- c:\programdata\NortonInstaller
    2011-11-15 15:17:02 -------- d-----w- c:\program files\NortonInstaller
    .
    ==================== Find3M ====================
    .
    2011-11-15 15:37:32 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
    2011-09-20 21:02:55 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
    2011-08-25 16:15:04 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
    2011-08-25 16:14:01 238080 ----a-w- c:\windows\system32\oleacc.dll
    2011-08-25 13:31:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    ============= FINISH: 21:11:00.18 ===============

    -------------------------------------------

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 04/02/2011 10:32:19
    System Uptime: 15/11/2011 20:51:21 (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0K216C
    Processor: Intel(R) Core(TM)2 Duo CPU E6750 @ 2.66GHz | Socket 775 | 2664/333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 288 GiB total, 257.227 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 3.888 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP16: 15/11/2011 15:14:17 - Windows Update
    RP17: 15/11/2011 15:28:20 - Windows Update
    RP18: 15/11/2011 15:53:46 - Installed Java(TM) 6 Update 29
    RP19: 15/11/2011 15:58:08 - Windows Update
    RP20: 15/11/2011 16:10:00 - Installed Java(TM) 7 Update 1
    RP21: 15/11/2011 16:12:42 - Installed Adobe Reader X (10.1.0).
    RP22: 15/11/2011 16:15:06 - CheckIfInstallerIsBusy
    RP24: 15/11/2011 16:16:13 - Windows Live Essentials
    RP25: 15/11/2011 16:55:08 - Windows Update
    RP26: 15/11/2011 19:40:22 - Windows Update
    RP27: 15/11/2011 21:00:35 - Installed HiJackThis
    RP28: 15/11/2011 21:06:28 - Removed HiJackThis
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.1)
    Adobe Shockwave Player 11.6
    D3DX10
    EasyBCD 1.7
    ffdshow [rev 2180] [2008-10-04]
    FileHippo.com Update Checker
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 29
    Java(TM) 7 Update 1
    Junk Mail filter update
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Silverlight
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 8.0 (x86 en-GB)
    MSVCRT
    Nero 7 Lite 7.10.1.2
    Norton Internet Security
    PowerDVD
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Secunia PSI (2.0.0.3003)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Segoe UI
    SUPERAntiSpyware
    swMSM
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    15/11/2011 16:13:55, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    15/11/2011 16:13:55, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    15/11/2011 16:13:55, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    .
    ==== End Of File ===========================




    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-11-15 21:30:42
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3320613AS rev.DE11
    Running: kt1u8r0u.exe; Driver: C:\Users\Chris\AppData\Local\Temp\kfriapod.sys


    ---- System - GMER 1.0.15 ----

    SSDT 867845D0 ZwAlertResumeThread
    SSDT 867846B0 ZwAlertThread
    SSDT 86784FC0 ZwAllocateVirtualMemory
    SSDT 85CD6910 ZwAlpcConnectPort
    SSDT 86785D68 ZwAssignProcessToJobObject
    SSDT 86784320 ZwCreateMutant
    SSDT 86785A88 ZwCreateSymbolicLinkObject
    SSDT 8676E878 ZwCreateThread
    SSDT 86785E48 ZwDebugActiveProcess
    SSDT 8676E580 ZwDuplicateObject
    SSDT 86784DE0 ZwFreeVirtualMemory
    SSDT 86784410 ZwImpersonateAnonymousToken
    SSDT 867844F0 ZwImpersonateThread
    SSDT 85CEB1D0 ZwLoadDriver
    SSDT 86784CE0 ZwMapViewOfSection
    SSDT 86784240 ZwOpenEvent
    SSDT 8676E760 ZwOpenProcess
    SSDT 8676E4A0 ZwOpenProcessToken
    SSDT 86784080 ZwOpenSection
    SSDT 8676E670 ZwOpenThread
    SSDT 86785C78 ZwProtectVirtualMemory
    SSDT 86784790 ZwResumeThread
    SSDT 86784A30 ZwSetContextThread
    SSDT 86784B10 ZwSetInformationProcess
    SSDT 86785F28 ZwSetSystemInformation
    SSDT 86784160 ZwSuspendProcess
    SSDT 86784870 ZwSuspendThread
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8F799640]
    SSDT 86784950 ZwTerminateThread
    SSDT 86784C00 ZwUnmapViewOfSection
    SSDT 86784ED0 ZwWriteVirtualMemory
    SSDT 86785B78 ZwCreateThreadEx

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 11D 81AC48A0 8 Bytes [D0, 45, 78, 86, B0, 46, 78, ...]
    .text ntkrnlpa.exe!KeSetEvent + 131 81AC48B4 4 Bytes [C0, 4F, 78, 86] {ROR BYTE [EDI+0x78], 0x86}
    .text ntkrnlpa.exe!KeSetEvent + 13D 81AC48C0 4 Bytes [10, 69, CD, 85]
    .text ntkrnlpa.exe!KeSetEvent + 191 81AC4914 4 Bytes [68, 5D, 78, 86]
    .text ntkrnlpa.exe!KeSetEvent + 1F5 81AC4978 4 Bytes [20, 43, 78, 86]
    .text ...
    ? C:\Users\Chris\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[724] ntdll.dll!LdrLoadDll 76DF93A8 5 Bytes JMP 65CD2EC0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[1368] kernel32.dll!SetUnhandledExceptionFilter 75B7A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2672] USER32.dll!SetWindowLongA 757EE7CD 5 Bytes JMP 6609C350 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2672] USER32.dll!SetWindowLongW 757F13B4 5 Bytes JMP 6609C2E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2672] USER32.dll!GetWindowInfo 757F428E 5 Bytes JMP 65E4E363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[2672] USER32.dll!TrackPopupMenu 758014F3 5 Bytes JMP 65E4E91C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----
     
  2. RabbleRR

    RabbleRR Thread Starter

    Joined:
    Nov 15, 2011
    Messages:
    2
    its been 3 days, am I okay to bump it?
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1027022

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice