1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan Horse problems, I believe

Discussion in 'Virus & Other Malware Removal' started by builder4580, Dec 8, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. builder4580

    builder4580 Thread Starter

    Joined:
    Sep 28, 2004
    Messages:
    6
    Tech Support Guy System Info Utility version 1.0.0.2
    OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
    Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz, x64 Family 6 Model 15 Stepping 11
    Processor Count: 2
    RAM: 3069 Mb
    Graphics Card: NVIDIA GeForce 8400M GS, 128 Mb
    Hard Drives: C: Total - 225594 MB, Free - 151993 MB; D: Total - 10239 MB, Free - 5951 MB;
    Motherboard: Dell Inc.,
    Antivirus: AVG Anti-Virus Free Edition 2012, Updated and Enabled

    I thank you in advance for your help,
    I have the following System:

    Dell XPS M1330 Specs
    Model: Inspiron M1330
    Processor: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20 GHz
    RAM: 3.0 GB
    System Type: 32-bit Operating System
    Windows Edition: Windows Vista Home Premium
    Service pack 2

    I have the following issues with my computer:

    1) I get frequent pop-ups wiith the message "TCP/IP Ping Command has stopped working"
    Windows can check online for a solution to the problem.
    (option) Check online for a solution (recommended)
    (option) Close
    2) AVG pop-ups appear frequently with "Threat Deleated" notices (see below)
    3) Firefox and IE freeze for periods of time, then continue.
    4) I lose Internet Access for periods of time (no doubt accounting for 3 above)
    5) Occasionally I lose Internet Access altogether and have to turn my internet modem off, unplug it for 10 secs, plug it back in and turn it on again to regain access.
    6) I also get the occasional BSOD - maybe 2-3 times per week.
    The problems started after I ran Malwarebytes the last time. MB "fixed" a couple of malware issues, but does not show any issues when I run it now.


    AVG Resident Shield Alerts that I started to note down.

    Threat detected!
    12/04/11 1:57pm
    Filename: c:\Windows\System32\drivers\dfsc.sys
    Threat Name: Trojan horse Hider.OMK
    Show Details: Process name: c:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    Process ID: 7900

    Threat detected!
    12/04/11 2:40pm
    Filename: c:\Windows\winsxs\x86_microsoft-windows- dfsclient_31bf3856ad364e35_6.0.6002.18451_none_894b9dbde369cb1f\dfsc.sys
    Threat Name: Trojan horse Hider.OMK

    Threat detected!
    12/05/11 12:23pm
    Filename: C:\WINDOWS\TEMP\FVLOWQ\SETUP.EXE

    **********************************************************

    My Hijackthis log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:55:39 PM, on 12/8/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\OEM02Mon.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Browny02\Brother\BrStMonW.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\ArcSoft\MediaConverter 4 Platinum\Monitor.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\Fingerprint Reader Suite\psqltray.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Windows\system32\wbem\unsecapp.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
    C:\Program Files\Java\jre6\bin\java.exe
    C:\Windows\System32\notepad.exe
    C:\Users\cormact\Desktop\HijackThis.exe
    C:\Windows\system32\SearchProtocolHost.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/eltima/{480F2D80-F386-4D58-963E-D302366B6C78}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80126
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - (no file)
    O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\VIDEOD~1\ARCURL~1.DLL
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ToolbarBHO Class - {9519AF7E-638D-4933-BAD6-D33D23C79FE5} - C:\PROGRA~1\ArcSoft\RAWTHU~1\EXIFToolBar.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - C:\PROGRA~1\ArcSoft\RAWTHU~1\EXIFToolBar.dll
    O3 - Toolbar: (no name) - {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - (no file)
    O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
    O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
    O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe /AUTORUN
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Facebook Update] "C:\Users\cormact\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: Device Monitor.lnk = C:\Program Files\ArcSoft\MediaConverter 4 Platinum\Monitor.exe
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O8 - Extra context menu item: Read EXIF - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://www.vectorvest.com
    O16 - DPF: {1FBDF235-C5A9-4F21-BD79-9EC0DCF8AC29} (CV781Object Object) - http://deablm.guardcctv.com:100/AVC_AX_DVR.cab
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F8E68292-91F9-4C77-A9B5-BBA0B6764383}: NameServer = 68.94.156.1,68.94.157.1
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: BrYNSvc - Brother Industries, Ltd. - C:\Program Files\Browny02\BrYNSvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - Unknown owner - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (file missing)
    O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 10947 bytes

    **********************************************************************************************

    This is my DDS File

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
    Run by cormact at 19:59:21 on 2011-12-08
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.1148 [GMT -6:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\aestsrv.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Windows\system32\STacSV.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Program Files\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\OEM02Mon.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Browny02\Brother\BrStMonW.exe
    C:\Program Files\Real\RealPlayer\Update\realsched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\ArcSoft\MediaConverter 4 Platinum\Monitor.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Fingerprint Reader Suite\psqltray.exe
    C:\Program Files\Browny02\BrYNSvc.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Windows\system32\wbem\unsecapp.exe
    c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
    C:\Program Files\Java\jre6\bin\java.exe
    C:\Windows\System32\notepad.exe
    C:\Windows\system32\wermgr.exe
    C:\Windows\System32\ping.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page =
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.msn.com
    uSearch Bar =
    mStart Page = hxxp://www.bigseekpro.com/eltima/{480F2D80-F386-4D58-963E-D302366B6C78}
    uInternet Settings,ProxyOverride = <local>
    mSearchAssistant =
    mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80126
    uURLSearchHooks: H - No File
    BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\videod~1\ARCURL~1.DLL
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: ToolbarBHO Class: {9519af7e-638d-4933-bad6-d33d23c79fe5} - c:\progra~1\arcsoft\rawthu~1\EXIFToolBar.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: RAW Thumbnail Viewer: {f301665a-12f8-4331-804a-5bcbd379668c} - c:\progra~1\arcsoft\rawthu~1\EXIFToolBar.dll
    TB: {1e48c56f-08cd-43aa-a6ef-c1ec891551ab} - No File
    TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
    TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    TB: {043C5167-00BB-4324-AF7E-62013FAEDACF} - No File
    TB: {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - No File
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Facebook Update] "c:\users\cormact\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
    mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    mRun: [DELL Webcam Manager] "c:\program files\dell\dell webcam manager\DellWMgr.exe" /s
    mRun: [PSQLLauncher] "c:\program files\fingerprint reader suite\launcher.exe" /startup
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [<NO NAME>]
    mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
    mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
    mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\users\cormact\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\device~1.lnk - c:\program files\arcsoft\mediaconverter 4 platinum\Monitor.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\program files\dell\quickset\quickset.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Read EXIF - c:\program files\arcsoft\raw thumbnail viewer\ArcEXIFM.htm
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    LSP: mswsock.dll
    Trusted Zone: vectorvest.com\www
    DPF: {1FBDF235-C5A9-4F21-BD79-9EC0DCF8AC29} - hxxp://deablm.guardcctv.com:100/AVC_AX_DVR.cab
    DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxp://support.dell.com/systemprofiler/SysProExe.CAB
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    TCP: DhcpNameServer = 192.168.0.1 192.168.0.1
    TCP: Interfaces\{F8E68292-91F9-4C77-A9B5-BBA0B6764383} : NameServer = 68.94.156.1,68.94.157.1
    TCP: Interfaces\{F8E68292-91F9-4C77-A9B5-BBA0B6764383} : DhcpNameServer = 192.168.0.1 192.168.0.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Notify: psfus - c:\windows\system32\psqlpwd.dll
    LSA: Notification Packages = scecli psqlpwd
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\cormact\appdata\roaming\mozilla\firefox\profiles\njucu1qh.default\
    FF - prefs.js: browser.search.selectedEngine - Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&appid=137&systemid=101&sr=0&q=
    FF - component: c:\program files\arcsoft\raw thumbnail viewer\firefox extension\components\FirefoxMenu.dll
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\users\cormact\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-12-28 73728]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-29 21504]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
    R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-12-28 179712]
    R3 BrYNSvc;BrYNSvc;c:\program files\browny02\BrYNSvc.exe [2011-8-11 245760]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-12-08 14:07:03 -------- d-----w- c:\users\cormact\appdata\local\{55164C6D-1394-4DA6-91E0-572CD0C9C5EF}
    2011-12-08 14:06:49 -------- d-----w- c:\users\cormact\appdata\local\{1969709F-8DDF-47F3-B8ED-EE089F0EF644}
    2011-12-08 05:46:18 -------- d-----w- c:\users\cormact\appdata\local\{C7346DED-42F3-487E-BFBB-90B6BBD72E62}
    2011-12-07 14:09:03 -------- d-----w- c:\users\cormact\appdata\local\{6E80117D-B576-4062-8143-FF0276E1A001}
    2011-12-07 14:08:45 -------- d-----w- c:\users\cormact\appdata\local\{3DB794E7-A8A5-4C3F-9C8A-A3FFF09F938B}
    2011-12-06 13:43:16 -------- d-----w- c:\users\cormact\appdata\local\{E92B7045-4FB5-4D0A-9CDB-01D2C59FB963}
    2011-12-06 13:42:31 -------- d-----w- c:\users\cormact\appdata\local\{58C175EE-D401-4E59-B1E6-45172B0E55EB}
    2011-12-05 14:11:56 677136 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
    2011-12-05 14:04:09 -------- d-----w- c:\users\cormact\appdata\local\{7E1A03D8-CDCE-4463-89DB-3E6CCCC48152}
    2011-12-04 15:38:59 -------- d-----w- c:\users\cormact\appdata\local\{1BF73A13-99CE-4CC0-BD48-69377A1B58D9}
    2011-12-03 16:26:32 -------- d-----w- c:\users\cormact\appdata\local\{E71FE4C5-9151-4633-A36A-0C139552E50E}
    2011-12-03 13:38:57 -------- d-----w- c:\users\cormact\appdata\local\{C619EDC3-A4C7-4D5C-860C-C02D3A58A579}
    2011-12-03 05:08:26 -------- d-----w- c:\users\cormact\appdata\local\{DEFA6552-008D-419B-B71D-5954A1B0F84A}
    2011-12-02 15:36:34 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-12-02 15:36:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-12-02 15:13:51 -------- d-----w- c:\users\cormact\appdata\local\{1505D1DE-47F9-4252-B988-B29856CE8E99}
    2011-12-02 15:13:31 -------- d-----w- c:\users\cormact\appdata\local\{65BE19A2-5DF2-473C-8B0E-867B2F4CD8BC}
    2011-12-02 14:50:33 -------- d-----w- c:\users\cormact\appdata\local\{16BF6E62-CEAE-4364-A007-AFE7ACA13322}
    2011-12-02 06:09:19 -------- d-----w- c:\users\cormact\appdata\local\{8E553C08-EF32-463B-A550-64F8A7CF2CFD}
    2011-12-01 14:10:29 -------- d-----w- c:\users\cormact\appdata\local\{ADFC74A9-B810-4EB8-8A4B-0726FE4B30C3}
    2011-12-01 14:10:16 -------- d-----w- c:\users\cormact\appdata\local\{E9EFA415-BA57-4389-82D0-03DBF47FC3EF}
    2011-11-30 14:05:56 -------- d-----w- c:\users\cormact\appdata\local\{A1105E6D-8B9B-4B63-9BAB-D8CE47026A5D}
    2011-11-30 14:05:43 -------- d-----w- c:\users\cormact\appdata\local\{8F8CF970-C8C8-4067-B8CF-270D660EB924}
    2011-11-27 23:51:34 -------- d-----w- c:\program files\Conduit
    2011-11-27 23:51:33 -------- d-----w- c:\users\cormact\appdata\local\Conduit
    2011-11-27 15:12:25 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
    2011-11-27 15:12:08 -------- d-----w- c:\program files\common files\xing shared
    2011-11-27 15:11:57 150696 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
    2011-11-27 15:11:52 108544 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
    2011-11-27 15:07:28 -------- d-----w- c:\users\cormact\appdata\local\{76213600-2EF0-4B7C-921C-BD793605D7EE}
    2011-11-27 15:07:16 -------- d-----w- c:\users\cormact\appdata\local\{B7A1957A-A24F-4C1D-9F9A-106BE618095D}
    2011-11-26 15:44:14 -------- d-----w- c:\users\cormact\appdata\local\{26479093-9D10-4D12-B96D-9A5BC631E3A2}
    2011-11-26 15:44:01 -------- d-----w- c:\users\cormact\appdata\local\{B89DA0C1-44E0-493B-9501-AE62125ED5C2}
    2011-11-24 14:22:26 -------- d-----w- c:\users\cormact\appdata\local\{47127BE8-55AB-4B91-8AD2-C36D7DCB5976}
    2011-11-23 12:52:24 -------- d-----w- c:\users\cormact\appdata\local\{4283794A-B278-40BF-AAF6-95061B9AFFBE}
    2011-11-21 14:07:02 -------- d-----w- c:\users\cormact\appdata\local\{83C7B36B-41C2-4824-8BDB-EF1AA2844970}
    2011-11-21 14:06:50 -------- d-----w- c:\users\cormact\appdata\local\{F6A20AE6-F924-4F45-89B0-799A8F4744DF}
    2011-11-20 04:38:44 -------- d-----w- c:\users\cormact\appdata\roaming\sjjUUVelIBtzPyA
    2011-11-20 04:38:44 -------- d-----w- c:\users\cormact\appdata\roaming\HuuvvD22obFpm5s
    2011-11-20 04:38:35 -------- d-----w- c:\users\cormact\appdata\roaming\c99hhTXXqjUekBz
    2011-11-20 04:27:12 -------- d-----w- c:\users\cormact\appdata\roaming\kEL8gTZqhCkVlBx
    2011-11-20 04:27:12 -------- d-----w- c:\users\cormact\appdata\roaming\F0ycS1ivDoFaHsJ
    2011-11-20 04:23:57 -------- d-----w- c:\users\cormact\appdata\roaming\GL9gTZqjYwIrOtP
    2011-11-20 04:23:56 -------- d-----w- c:\users\cormact\appdata\roaming\lcS2ibD3pGaHsKf
    2011-11-20 04:22:13 -------- d-----w- c:\users\cormact\appdata\roaming\uCelIBrzPyAu
    2011-11-20 04:22:13 -------- d-----w- c:\users\cormact\appdata\roaming\AmG5sQJ6dKfZhXj
    2011-11-20 04:16:40 -------- d-----w- c:\users\cormact\appdata\local\{EA66120B-781D-4B69-B9C4-9270EB496588}
    2011-11-20 04:16:19 -------- d-----w- c:\users\cormact\appdata\local\{A4C7848B-BC97-42BA-B6C9-69F8FD7550FA}
    2011-11-20 04:16:02 -------- d-----w- c:\users\cormact\appdata\roaming\gUVelOBtz0c1v2n
    2011-11-20 04:16:02 -------- d-----w- c:\users\cormact\appdata\roaming\E4amH5sWJdLgZhX
    2011-11-20 04:14:28 -------- d-----w- c:\users\cormact\appdata\roaming\FZjjYYCwk
    2011-11-20 04:14:28 -------- d-----w- c:\users\cormact\appdata\roaming\D2iiDG4aQsW
    2011-11-20 04:14:09 -------- d-----w- c:\users\cormact\appdata\roaming\cSSS1iivD
    2011-11-20 04:14:08 -------- d-----w- c:\users\cormact\appdata\roaming\zsWWK77EE9
    2011-11-20 04:14:08 -------- d-----w- c:\users\cormact\appdata\roaming\XjjYYCekIVrzNx0
    2011-11-17 14:03:48 -------- d-----w- c:\users\cormact\appdata\local\{3EB08EC9-7442-47DC-8DB6-2BAA9E289FCE}
    2011-11-17 14:03:30 -------- d-----w- c:\users\cormact\appdata\local\{8D36B048-E9E0-45F6-B55E-C6790A6BD50D}
    2011-11-16 14:07:52 -------- d-----w- c:\users\cormact\appdata\local\{A85B6972-A44C-4B2C-92CB-974C7CE649B7}
    2011-11-16 14:07:38 -------- d-----w- c:\users\cormact\appdata\local\{EA436A2F-9B90-4C34-9F59-395AF563EAEF}
    2011-11-13 13:25:49 -------- d-----w- c:\users\cormact\appdata\local\{B24F2D06-67B4-4A3B-8D84-FB64C36F4DA2}
    2011-11-11 14:06:21 -------- d-----w- c:\users\cormact\appdata\local\{22737F20-3825-4589-8B3E-3E082FEBD20F}
    2011-11-11 14:06:09 -------- d-----w- c:\users\cormact\appdata\local\{646D9393-23E1-49C2-923C-3A92FD609293}
    2011-11-11 03:41:53 -------- d-----w- c:\program files\Eltima Software
    2011-11-09 15:16:32 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
    2011-11-09 15:12:09 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-11-09 15:12:09 707584 ----a-w- c:\program files\common files\system\wab32.dll
    2011-11-09 15:02:51 -------- d-----w- c:\users\cormact\appdata\local\{BE2675FC-2B2B-4861-B7D0-0440D2F9E0D7}
    2011-11-09 15:02:32 -------- d-----w- c:\users\cormact\appdata\local\{422B788F-33AE-4C3B-BBBB-20D4EF619660}
    .
    ==================== Find3M ====================
    .
    2011-11-27 15:11:45 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-11-27 15:11:45 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-11-15 14:10:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-07 11:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 11:21:16 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-09-13 11:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    .
    ============= FINISH: 20:00:33.85 ===============


    ************************************************************************************************************

    My GMER file ark.txt

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-08 21:09:15
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LB01
    Running: fnnbvoku.exe; Driver: C:\Users\cormact\AppData\Local\Temp\uwriafoc.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA0FA5F3C]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA0FA5FE4]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA0FA6080]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA0FA611C]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 3F1 820C1B74 1 Byte [3C]
    .text ntkrnlpa.exe!KeSetEvent + 3F1 820C1B74 4 Bytes [3C, 5F, FA, A0]
    .text ntkrnlpa.exe!KeSetEvent + 621 820C1DA4 8 Bytes [E4, 5F, FA, A0, 80, 60, FA, ...] {IN AL, 0x5f; CLI ; MOV AL, [0xa0fa6080]}
    .text ntkrnlpa.exe!KeSetEvent + 681 820C1E04 4 Bytes [1C, 61, FA, A0]
    ? C:\Users\cormact\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\svchost.exe[1072] ntdll.dll!NtProtectVirtualMemory 77114B84 5 Bytes JMP 00FF000A
    .text C:\Windows\system32\svchost.exe[1072] ntdll.dll!NtWriteVirtualMemory 771154C4 5 Bytes JMP 0109000A
    .text C:\Windows\system32\svchost.exe[1072] ntdll.dll!KiUserExceptionDispatcher 77115BF8 5 Bytes JMP 00FE000A
    .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[1656] kernel32.dll!SetUnhandledExceptionFilter 76E0A8C5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4108] USER32.dll!SetWindowLongA 7654E7CD 5 Bytes JMP 60EAC350 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4108] USER32.dll!SetWindowLongW 765513B4 5 Bytes JMP 60EAC2E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4108] USER32.dll!GetWindowInfo 7655428E 5 Bytes JMP 60C5E363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4108] USER32.dll!TrackPopupMenu 765614F3 5 Bytes JMP 60C5E91C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\firefox.exe[4388] ntdll.dll!LdrLoadDll 770D93A8 5 Bytes JMP 60AE2EC0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\BTHUSB \Device\0000006d bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
    Device \Driver\BTHUSB \Device\0000006f bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001dd9eb1240
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001dd9eb1240 (not active ControlSet)

    ---- Files - GMER 1.0.15 ----

    File C:\Windows\$NtUninstallKB7624$\3650063859 0 bytes
    File C:\Windows\$NtUninstallKB7624$\3891657277 0 bytes
    File C:\Windows\$NtUninstallKB7624$\3891657277\@ 2048 bytes
    File C:\Windows\$NtUninstallKB7624$\3891657277\bckfg.tmp 851 bytes
    File C:\Windows\$NtUninstallKB7624$\3891657277\cfg.ini 208 bytes
    File C:\Windows\$NtUninstallKB7624$\3891657277\Desktop.ini 4608 bytes
    File C:\Windows\$NtUninstallKB7624$\3891657277\keywords 179 bytes
    File C:\Windows\$NtUninstallKB7624$\3891657277\kwrd.dll 223744 bytes
    File C:\Windows\$NtUninstallKB7624$\3891657277\L 0 bytes
    File C:\Windows\$NtUninstallKB7624$\3891657277\L\qnbwvoto 75264 bytes
    File C:\Windows\$NtUninstallKB7624$\3891657277\lsflt7.ver 5176 bytes
    File C:\Windows\$NtUninstallKB7624$\3891657277\U 0 bytes
    File C:\Windows\$NtUninstallKB7624$\3891657277\U\[email protected] 2048 bytes
    File C:\Windows\$NtUninstallKB7624$\3891657277\U\[email protected] 224768 bytes
    File C:\Windows\$NtUninstallKB7624$\3891657277\U\[email protected] 1024 bytes
    File C:\Windows\$NtUninstallKB7624$\3891657277\U\[email protected] 1024 bytes
    File C:\Windows\$NtUninstallKB7624$\3891657277\U\[email protected] 12800 bytes
    File C:\Windows\$NtUninstallKB7624$\3891657277\U\[email protected] 98304 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\213K1WF7\b[1].gif 43 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CH058I8A\searchCA9WAQCS.htm 417 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CH058I8A\searchCAEBQYMV.htm 417 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CH058I8A\24905_c_clickpayz_com[3].htm 14 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CH058I8A\dnserrordiagoff_webOC[1] 0 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EJCOUVW2\down[1] 0 bytes

    ---- EOF - GMER 1.0.15 ----



    Once again, thank you in advance for your help.

    builder4580
     

    Attached Files:

    • ark.txt
      File size:
      10.9 KB
      Views:
      2
  2. builder4580

    builder4580 Thread Starter

    Joined:
    Sep 28, 2004
    Messages:
    6
    Sorry,
    Attached the wrong file originally.

    builder4580
     

    Attached Files:

  3. builder4580

    builder4580 Thread Starter

    Joined:
    Sep 28, 2004
    Messages:
    6
  4. builder4580

    builder4580 Thread Starter

    Joined:
    Sep 28, 2004
    Messages:
    6
    bump. posted 12/8 - no action as at 12/21 - 13 days!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1030414

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice