Helo Pilot
Posts: 12 +0
Hello everyone. Just wanted to say thanks in advance and appreciate your time assisting me with this..
Here are the requested logs:
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.22.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
DHC2 :: DHC2-PC [limited]
Protection: Enabled
7/22/2012 10:14:14 AM
mbam-log-2012-07-22 (10-14-14).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188231
Time elapsed: 6 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\DHC2\AppData\Local\{c73ff1fa-f964-9a12-aa2d-901676a5479d}\n. -> Quarantined and deleted successfully.
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\DHC2\AppData\Local\nhm.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 8
C:\Users\DHC2\AppData\Roaming\System32\rundll32.exe (Trojan.Phex.THAGen4) -> Quarantined and deleted successfully.
C:\Users\DHC2\AppData\Local\Temp\racnewxosm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\DHC2\AppData\Local\Temp\jte440458.exe (Trojan.FakeHDD) -> Quarantined and deleted successfully.
C:\Users\DHC2\AppData\Local\Temp\ms0cfg32.exe (Trojan.Blueinit) -> Quarantined and deleted successfully.
C:\Users\DHC2\AppData\Local\Temp\0.7122137029281014.exe (Malware.Gen) -> Quarantined and deleted successfully.
C:\Users\DHC2\AppData\Local\Temp\3672190cos6926785.exe (Trojan.FakeAlert.3CH) -> Quarantined and deleted successfully.
C:\Windows\Installer\{c73ff1fa-f964-9a12-aa2d-901676a5479d}\n (RootKit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{c73ff1fa-f964-9a12-aa2d-901676a5479d}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-22 11:24:14
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-24A0RT0 rev.01.01A02
Running: xb14cp0j.exe; Driver: C:\Users\DHC2\AppData\Local\Temp\kxldapob.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ZwCreateSection [0x99B4B700]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C3E3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C77D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C7EEAC 4 Bytes [00, B7, B4, 99]
? System32\drivers\aopygyee.sys The system cannot find the path specified. !
---- User code sections - GMER 1.0.15 ----
? C:\Windows\system32\services.exe[504] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeHeap] 51EC8B55
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeUnicodeString] 8B565351
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!DbgPrintEx] FF560875
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUpcaseUnicodeChar] B3510815
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtClose] 85D88B00
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationFile] C2840FDB
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenFile] 57000000
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationFile] 0068406A
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCompareUnicodeString] FF000010
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeStringToString] 006A5073
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAllocateHeap] 508415FF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToInteger] F88B00B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreatePagingFile] 85FC7D89
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!_alldiv] 9E840FFF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQuerySystemInformation] 8B000000
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!_allmul] A4F3544B
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtFlushKey] 1443B70F
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDeleteValueKey] 0653B70F
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetValueKey] 1818448D
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateKey] 8B0CC083
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCompareMemory] 08758B08
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDeviceIoControlFile] 03FC7D8B
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeStringEx] 8BF903F1
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExtendedIntegerMultiply] C083FC48
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryVolumeInformationFile] A4F34A28
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationProcess] [758BE975] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeToString] 443D8BFC
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeString] 2B00B351
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetSystemInformation] 458D0875
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDosPathNameToNtPathName_U] 056A50F8
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExpandEnvironmentStrings_U] 75FF016A
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryValueKey] 85D7FFFC
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateFile] EB2574C0
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenKey] 04488B1D
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!_vsnwprintf] 56F84D29
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventWrite] 8B08508D
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventEnabled] FC450300
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetSecurityObject] 52F8C183
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetOwnerSecurityDescriptor] 5051E9D1
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetDaclSecurityDescriptor] 514015FF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAddAccessAllowedAce] 7D8300B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateAcl] DD7500F8
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateSecurityDescriptor] 50F8458D
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAllocateAndInitializeSid] 016A016A
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUnicodeString] FFFC75FF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtReadFile] 74C085D7
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!_chkstk] 0C488D20
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtMakeTemporaryObject] C085018B
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateSymbolicLinkObject] F18B1774
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenDirectoryObject] 03FC4D8B
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAnsiStringToUnicodeString] 15FF50C1
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitAnsiString] [00B35080] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!_stricmp] 8B14C683
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!qsort] [75C08506] C:\Windows\system32\KERNELBASE.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlRandomEx] FC458BEB
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!LdrVerifyImageMatchesChecksumEx] C95B5E5F
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateDirectoryObject] 560004C2
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlEqualUnicodeString] 7140BF57
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!memcpy] 8B5700B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsicmp] 7C15FFF1
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetEnvironmentVariable] 6A00B350
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!iswspace] 3C83580F
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlQueryEnvironmentVariable_U] B3715885
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFindSetBits] 09740000
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInterlockedSetBitRun] 8548C88B
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlTestBit] EBEF75C9
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnlockBootStatusData] 85348907
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlGetSetBootStatusData] [00B37158] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlLockBootStatusData] 3415FF57
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetSaclSecurityDescriptor] 5F00B350
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAddMandatoryAce] 5756C35E
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlLengthSid] B37140BF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlGetAce] F18B5700
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlPrefixUnicodeString] 507C15FF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQuerySymbolicLinkObject] 0F6A00B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenSymbolicLinkObject] 85343958
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryDirectoryObject] [00B37158] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlTimeToTimeFields] C88B0974
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSerializeBoot] 75C98548
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!memset] 8308EBF0
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtMapViewOfSection] 71588524
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateSection] 570000B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlQueryRegistryValues] 503415FF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDosSearchPath_U] 5E5F00B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtResumeThread] 800068C3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWaitForSingleObject] 006A0000
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtTerminateProcess] 7815FF51
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDestroyProcessParameters] 5000B350
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUserProcess] 513C15FF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateProcessParametersEx] 55C300B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDisplayString] 5351EC8B
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWriteFile] 35FF5756
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsupr] [00B37198] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAdjustPrivilege] 513815FF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtInitializeRegistry] 8D5900B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!TpReleaseWork] E8400044
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!TpPostWork] 00002B8C
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!TpAllocWork] 75FFFC8B
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetEvent] FC7D8908
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetCurrentEnvironment] 719835FF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateEnvironment] EC6800B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenEvent] 5700B353
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetBits] 513415FF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlClearAllBits] DB3300B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeBitMap] 3910C483
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcCreatePort] 6E7D085D
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationProcess] FFF63357
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateTagHeap] B3507415
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockExclusive] 85F88B00
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockExclusive] 8D3774FF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationThread] 6A500845
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationToken] FF575602
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenThreadToken] B3513015
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcImpersonateClientOfPort] 7CC08500
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockShared] FF556A25
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockShared] 15FFFC75
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!TpSetPoolMinThreads] [00B3512C] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcDisconnectPort] C9335959
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeSRWLock] 08896657
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtConnectPort] FFFE1FE8
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!AlpcGetMessageAttribute] 85D88BFF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcAcceptConnectPort] 8B0774DB
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcOpenSenderProcess] F72B0875
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcCancelMessage] FF57F303
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcSendWaitReceivePort] B3507015
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!AlpcInitializeMessageAttribute] 74F68500
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetThreadIsCritical] FC4D8B53
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtRequestWaitReplyPort] B37084BA
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDuplicateObject] 85D6FF00
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateEvent] 684575C0
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlWakeConditionVariable] 00008000
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlClearBits] 15FF5350
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDeleteNoSplay] [00B35078] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtClearEvent] 5D3936EB
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSleepConditionVariableSRW] BB31740C
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlWakeAllConditionVariable] [00B37140] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFindClearBits] 7C15FF53
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeSid] BE00B350
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtRaiseHardError] [00B37194] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWaitForMultipleObjects] C085068B
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!TpAllocAlpcCompletion] 4D8B0774
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!TpAllocPool] FFD78B08
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetProcessIsCritical] 83C68BD0
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventRegister] 583D04EE
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetHeapInformation] 7500B371
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeConditionVariable] 15FF53E7
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDelayExecution] [00B35034] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToAnsiString] 5FF0658D
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryEvent] C2C95B5E
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleasePrivilege] 8B550008
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquirePrivilege] B8EC81EC
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!LdrQueryImageFileExecutionOptions] 53000008
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!wcstoul] 0B6A5756
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsnicmp] 5420BE59
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnhandledExceptionFilter] BD8D00B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnwind] FFFFFF4C
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlNormalizeProcessParams] 526AA5F3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlConnectToSm] 858DFF33
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSendMsgToSm] FFFFFF78
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000063 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
DDS Text
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by DHC2 at 11:27:10 on 2012-07-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2999.1598 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciServiceHost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
\\.\globalroot\systemroot\Installer\{c73ff1fa-f964-9a12-aa2d-901676a5479d}\U
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
Here are the requested logs:
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.22.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
DHC2 :: DHC2-PC [limited]
Protection: Enabled
7/22/2012 10:14:14 AM
mbam-log-2012-07-22 (10-14-14).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188231
Time elapsed: 6 minute(s), 54 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Data: C:\Users\DHC2\AppData\Local\{c73ff1fa-f964-9a12-aa2d-901676a5479d}\n. -> Quarantined and deleted successfully.
Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\DHC2\AppData\Local\nhm.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 8
C:\Users\DHC2\AppData\Roaming\System32\rundll32.exe (Trojan.Phex.THAGen4) -> Quarantined and deleted successfully.
C:\Users\DHC2\AppData\Local\Temp\racnewxosm.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\DHC2\AppData\Local\Temp\jte440458.exe (Trojan.FakeHDD) -> Quarantined and deleted successfully.
C:\Users\DHC2\AppData\Local\Temp\ms0cfg32.exe (Trojan.Blueinit) -> Quarantined and deleted successfully.
C:\Users\DHC2\AppData\Local\Temp\0.7122137029281014.exe (Malware.Gen) -> Quarantined and deleted successfully.
C:\Users\DHC2\AppData\Local\Temp\3672190cos6926785.exe (Trojan.FakeAlert.3CH) -> Quarantined and deleted successfully.
C:\Windows\Installer\{c73ff1fa-f964-9a12-aa2d-901676a5479d}\n (RootKit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{c73ff1fa-f964-9a12-aa2d-901676a5479d}\U\800000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
(end)
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-22 11:24:14
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-24A0RT0 rev.01.01A02
Running: xb14cp0j.exe; Driver: C:\Users\DHC2\AppData\Local\Temp\kxldapob.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ZwCreateSection [0x99B4B700]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C3E3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C77D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82C7EEAC 4 Bytes [00, B7, B4, 99]
? System32\drivers\aopygyee.sys The system cannot find the path specified. !
---- User code sections - GMER 1.0.15 ----
? C:\Windows\system32\services.exe[504] C:\Windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeHeap] 51EC8B55
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeUnicodeString] 8B565351
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!DbgPrintEx] FF560875
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUpcaseUnicodeChar] B3510815
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtClose] 85D88B00
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationFile] C2840FDB
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenFile] 57000000
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationFile] 0068406A
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCompareUnicodeString] FF000010
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeStringToString] 006A5073
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAllocateHeap] 508415FF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToInteger] F88B00B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreatePagingFile] 85FC7D89
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!_alldiv] 9E840FFF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQuerySystemInformation] 8B000000
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!_allmul] A4F3544B
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtFlushKey] 1443B70F
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDeleteValueKey] 0653B70F
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetValueKey] 1818448D
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateKey] 8B0CC083
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCompareMemory] 08758B08
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDeviceIoControlFile] 03FC7D8B
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeStringEx] 8BF903F1
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExtendedIntegerMultiply] C083FC48
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryVolumeInformationFile] A4F34A28
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationProcess] [758BE975] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeToString] 443D8BFC
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeString] 2B00B351
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetSystemInformation] 458D0875
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDosPathNameToNtPathName_U] 056A50F8
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlExpandEnvironmentStrings_U] 75FF016A
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryValueKey] 85D7FFFC
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateFile] EB2574C0
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenKey] 04488B1D
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!_vsnwprintf] 56F84D29
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventWrite] 8B08508D
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventEnabled] FC450300
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetSecurityObject] 52F8C183
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetOwnerSecurityDescriptor] 5051E9D1
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetDaclSecurityDescriptor] 514015FF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAddAccessAllowedAce] 7D8300B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateAcl] DD7500F8
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateSecurityDescriptor] 50F8458D
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAllocateAndInitializeSid] 016A016A
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUnicodeString] FFFC75FF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtReadFile] 74C085D7
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!_chkstk] 0C488D20
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtMakeTemporaryObject] C085018B
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateSymbolicLinkObject] F18B1774
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenDirectoryObject] 03FC4D8B
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAnsiStringToUnicodeString] 15FF50C1
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitAnsiString] [00B35080] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!_stricmp] 8B14C683
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!qsort] [75C08506] C:\Windows\system32\KERNELBASE.dll (Windows NT BASE API Client DLL/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlRandomEx] FC458BEB
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!LdrVerifyImageMatchesChecksumEx] C95B5E5F
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateDirectoryObject] 560004C2
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlEqualUnicodeString] 7140BF57
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!memcpy] 8B5700B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsicmp] 7C15FFF1
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetEnvironmentVariable] 6A00B350
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!iswspace] 3C83580F
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlQueryEnvironmentVariable_U] B3715885
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFindSetBits] 09740000
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInterlockedSetBitRun] 8548C88B
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlTestBit] EBEF75C9
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnlockBootStatusData] 85348907
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlGetSetBootStatusData] [00B37158] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlLockBootStatusData] 3415FF57
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetSaclSecurityDescriptor] 5F00B350
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAddMandatoryAce] 5756C35E
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlLengthSid] B37140BF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlGetAce] F18B5700
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlPrefixUnicodeString] 507C15FF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQuerySymbolicLinkObject] 0F6A00B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenSymbolicLinkObject] 85343958
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryDirectoryObject] [00B37158] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlTimeToTimeFields] C88B0974
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSerializeBoot] 75C98548
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!memset] 8308EBF0
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtMapViewOfSection] 71588524
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateSection] 570000B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlQueryRegistryValues] 503415FF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDosSearchPath_U] 5E5F00B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtResumeThread] 800068C3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWaitForSingleObject] 006A0000
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtTerminateProcess] 7815FF51
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDestroyProcessParameters] 5000B350
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateUserProcess] 513C15FF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateProcessParametersEx] 55C300B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDisplayString] 5351EC8B
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWriteFile] 35FF5756
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsupr] [00B37198] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAdjustPrivilege] 513815FF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtInitializeRegistry] 8D5900B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!TpReleaseWork] E8400044
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!TpPostWork] 00002B8C
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!TpAllocWork] 75FFFC8B
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetEvent] FC7D8908
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetCurrentEnvironment] 719835FF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateEnvironment] EC6800B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenEvent] 5700B353
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetBits] 513415FF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlClearAllBits] DB3300B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeBitMap] 3910C483
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcCreatePort] 6E7D085D
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationProcess] FFF63357
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlCreateTagHeap] B3507415
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockExclusive] 85F88B00
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockExclusive] 8D3774FF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtSetInformationThread] 6A500845
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryInformationToken] FF575602
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtOpenThreadToken] B3513015
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcImpersonateClientOfPort] 7CC08500
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockShared] FF556A25
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockShared] 15FFFC75
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!TpSetPoolMinThreads] [00B3512C] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcDisconnectPort] C9335959
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeSRWLock] 08896657
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtConnectPort] FFFE1FE8
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!AlpcGetMessageAttribute] 85D88BFF
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcAcceptConnectPort] 8B0774DB
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcOpenSenderProcess] F72B0875
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcCancelMessage] FF57F303
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtAlpcSendWaitReceivePort] B3507015
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!AlpcInitializeMessageAttribute] 74F68500
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetThreadIsCritical] FC4D8B53
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtRequestWaitReplyPort] B37084BA
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDuplicateObject] 85D6FF00
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtCreateEvent] 684575C0
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlWakeConditionVariable] 00008000
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlClearBits] 15FF5350
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlDeleteNoSplay] [00B35078] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtClearEvent] 5D3936EB
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSleepConditionVariableSRW] BB31740C
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlWakeAllConditionVariable] [00B37140] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFindClearBits] 7C15FF53
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlFreeSid] BE00B350
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtRaiseHardError] [00B37194] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtWaitForMultipleObjects] C085068B
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!TpAllocAlpcCompletion] 4D8B0774
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!TpAllocPool] FFD78B08
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetProcessIsCritical] 83C68BD0
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!EtwEventRegister] 583D04EE
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSetHeapInformation] 7500B371
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlInitializeConditionVariable] 15FF53E7
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtDelayExecution] [00B35034] C:\Windows\system32\smss.exe (Windows Session Manager/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToAnsiString] 5FF0658D
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!NtQueryEvent] C2C95B5E
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlReleasePrivilege] 8B550008
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlAcquirePrivilege] B8EC81EC
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!LdrQueryImageFileExecutionOptions] 53000008
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!wcstoul] 0B6A5756
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!_wcsnicmp] 5420BE59
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnhandledExceptionFilter] BD8D00B3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlUnwind] FFFFFF4C
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlNormalizeProcessParams] 526AA5F3
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlConnectToSm] 858DFF33
IAT C:\Windows\system32\services.exe[504] @ C:\Windows\system32\smss.exe [ntdll.dll!RtlSendMsgToSm] FFFFFF78
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000063 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
DDS Text
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by DHC2 at 11:27:10 on 2012-07-22
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2999.1598 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciServiceHost.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
\\.\globalroot\systemroot\Installer\{c73ff1fa-f964-9a12-aa2d-901676a5479d}\U
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============