When using google, sometimes the search links will redirect to random spam sites. I ran spybot and housecall in safemode, both removing maleware. Sorry, but I do not remember what was removed and no log was saved (that I know of).
I tried to run Malwarebytes but it does not open, instead giving me an error of
"Malwarebytes Anti-Malware has encountered a problem and needs to close. We are sorry for the inconvenience."
I tried to reinstall it but the program still gives the error (uninstall, ccleaner, restart, reinstall)
Lastly, maybe not related, but I am noticing a slowdown on my computer. Right click menus can take up to five seconds to pop up, simple web pages taking forever to load and slow everything else down, etc. etc.
I am noticing in task manager that an scvhost.exe entry takes up 100% cpu for a couple minutes, bringing everything else to a halt. I suspected at one point this was maybe an automatic updater for software, but I checked around and I have automatic updates turned off. I can end the task with no errors, I have no idea what it is.
Here is the GMER log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-31 23:28:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1200JB-00GVA0 rev.08.02D08
Running: 47eo8sol.exe; Driver: C:\DOCUME~1\Jim\LOCALS~1\Temp\uwtyipog.sys
---- System - GMER 1.0.15 ----
SSDT spgi.sys ZwEnumerateKey [0xF76ADCA2]
SSDT spgi.sys ZwEnumerateValueKey [0xF76AE030]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 [F75F7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F75F7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 [F75F7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F75F7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 [F75F7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\abcwf6bc \Device\Scsi\abcwf6bc1Port3Path0Target0Lun0 874DB1F8
Device \Driver\abcwf6bc \Device\Scsi\abcwf6bc1Port3Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\aammfwqo \Device\Scsi\aammfwqo1 8738C500
Device \Driver\aammfwqo \Device\Scsi\aammfwqo1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\aammfwqo \Device\Scsi\aammfwqo1Port2Path0Target0Lun0 8738C500
Device \Driver\aammfwqo \Device\Scsi\aammfwqo1Port2Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\abcwf6bc \Device\Scsi\abcwf6bc1 874DB1F8
Device \Driver\abcwf6bc \Device\Scsi\abcwf6bc1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Ntfs \Ntfs 877D61F8
Device \FileSystem\Fastfat \Fat 86C281F8
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
---- EOF - GMER 1.0.15 ----
DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Run by Jim at 23:47:22 on 2011-12-31
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.421 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: ESET Smart Security 4.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
F:\Applications\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
svchost.exe
F:\Applications\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTSvcCDA.exe
F:\Applications\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {2872FCAB-D624-41EC-A962-ED0042E88703} - No File
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {4A35215E-CC2C-479D-8497-B4E0E717ED5D} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\applic~1\spybot~1\SDHelper.dll
BHO: {60BAB90D-8901-435C-A5CC-CA57A71AD1D6} - No File
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies inc\notebook software\NotebookPlugin.dll
BHO: {76BB1260-B534-4682-954B-1CFD70E1143F} - No File
BHO: {D04FE4B9-60A7-4051-90DA-7EBA950E9D5F} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZeroBar: {f5735c15-1fb2-41fe-ba12-242757e69dde} - c:\program files\netzero\toolbar.dll
TB: Ant.com Toolbar: {6cd56c02-cb4d-41b5-a0fe-b479061ccb41} - c:\program files\antbar\ant.com toolbar\tbcore3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
uRun: [SpybotSD TeaTimer] f:\applications\spybot - search & destroy\TeaTimer.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
uRun: [Yahoo! Pager] 1
uRun: [AnyDVD] f:\applications\slysoft\anydvd\AnyDVDtray.exe
uRun: [Google Update] "c:\documents and settings\jim\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Disc Detector] c:\program files\creative\sharedll\CtNotify.exe
mRun: [egui] "f:\applications\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRunOnce: [Malwarebytes Anti-Malware] f:\applications\malwarebytes' anti-malware-new\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart technologies inc\smart board software\SMARTBoardTools.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\applic~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172204194994
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172204156809
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{FD5F352E-CC10-4B25-916D-E6FA26F59732} : DhcpNameServer = 10.0.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\hgGyvuTL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jim\application data\mozilla\firefox\profiles\1rquwdzu.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.ftp - 50.19.217.60
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 50.19.217.60
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 50.19.217.60
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 50.19.217.60
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 50.19.217.60
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\jim\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\jim\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrl.1.0.21115.0.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPStreamPlug.dll
FF - plugin: f:\applications\quicktime\plugins\npqtplugin.dll
FF - plugin: f:\applications\videolan\vlc\npvlc.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - %profile%\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
FF - Ext: XULRunner: {EE0587B7-CF2F-4433-B78B-E9026F4EB3A7} - c:\documents and settings\jim\local settings\application data\{EE0587B7-CF2F-4433-B78B-E9026F4EB3A7}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-27 64288]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/02/27 21:48:50];f:\applications\cyberlink\powerdvd9\powerdvd9\navfilter\000.fcl [2009-12-15 87536]
R2 ekrn;ESET Service;f:\applications\eset\eset smart security\ekrn.exe [2009-2-6 727720]
R2 sensorsview32;sensorsview32;c:\windows\system32\drivers\sensorsview32.sys [2009-5-8 14416]
R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-1 217600]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-12-31 40776]
S0 fcoheezf;fcoheezf; [x]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 2151640]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-11 15232]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [2011-9-27 21648]
S3 SaiH053c;SaiH053c;c:\windows\system32\drivers\SaiH053c.sys [2004-7-26 56576]
S3 SMART Web Server;SMART Web Server;c:\program files\smart technologies inc\smart board software\WebServer.exe [2007-11-2 767240]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2012-01-01 03:29:12 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-01 03:29:03 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-31 22:52:44 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
.
==================== Find3M ====================
.
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
.
============= FINISH: 23:48:45.45 ===============
I tried to run Malwarebytes but it does not open, instead giving me an error of
"Malwarebytes Anti-Malware has encountered a problem and needs to close. We are sorry for the inconvenience."
I tried to reinstall it but the program still gives the error (uninstall, ccleaner, restart, reinstall)
Lastly, maybe not related, but I am noticing a slowdown on my computer. Right click menus can take up to five seconds to pop up, simple web pages taking forever to load and slow everything else down, etc. etc.
I am noticing in task manager that an scvhost.exe entry takes up 100% cpu for a couple minutes, bringing everything else to a halt. I suspected at one point this was maybe an automatic updater for software, but I checked around and I have automatic updates turned off. I can end the task with no errors, I have no idea what it is.
Here is the GMER log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-12-31 23:28:45
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD1200JB-00GVA0 rev.08.02D08
Running: 47eo8sol.exe; Driver: C:\DOCUME~1\Jim\LOCALS~1\Temp\uwtyipog.sys
---- System - GMER 1.0.15 ----
SSDT spgi.sys ZwEnumerateKey [0xF76ADCA2]
SSDT spgi.sys ZwEnumerateValueKey [0xF76AE030]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdePort0 [F75F7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F75F7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 [F75F7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F75F7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 [F75F7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\abcwf6bc \Device\Scsi\abcwf6bc1Port3Path0Target0Lun0 874DB1F8
Device \Driver\abcwf6bc \Device\Scsi\abcwf6bc1Port3Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\aammfwqo \Device\Scsi\aammfwqo1 8738C500
Device \Driver\aammfwqo \Device\Scsi\aammfwqo1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\aammfwqo \Device\Scsi\aammfwqo1Port2Path0Target0Lun0 8738C500
Device \Driver\aammfwqo \Device\Scsi\aammfwqo1Port2Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\abcwf6bc \Device\Scsi\abcwf6bc1 874DB1F8
Device \Driver\abcwf6bc \Device\Scsi\abcwf6bc1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Ntfs \Ntfs 877D61F8
Device \FileSystem\Fastfat \Fat 86C281F8
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
---- EOF - GMER 1.0.15 ----
DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Run by Jim at 23:47:22 on 2011-12-31
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.421 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: ESET Smart Security 4.0 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\ShareDLL\CtNotify.exe
F:\Applications\ESET\ESET Smart Security\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
svchost.exe
F:\Applications\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\CTSvcCDA.exe
F:\Applications\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {2872FCAB-D624-41EC-A962-ED0042E88703} - No File
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {4A35215E-CC2C-479D-8497-B4E0E717ED5D} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\applic~1\spybot~1\SDHelper.dll
BHO: {60BAB90D-8901-435C-A5CC-CA57A71AD1D6} - No File
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - c:\program files\smart technologies inc\notebook software\NotebookPlugin.dll
BHO: {76BB1260-B534-4682-954B-1CFD70E1143F} - No File
BHO: {D04FE4B9-60A7-4051-90DA-7EBA950E9D5F} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: ZeroBar: {f5735c15-1fb2-41fe-ba12-242757e69dde} - c:\program files\netzero\toolbar.dll
TB: Ant.com Toolbar: {6cd56c02-cb4d-41b5-a0fe-b479061ccb41} - c:\program files\antbar\ant.com toolbar\tbcore3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
uRun: [SpybotSD TeaTimer] f:\applications\spybot - search & destroy\TeaTimer.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AdobeBridge]
uRun: [Yahoo! Pager] 1
uRun: [AnyDVD] f:\applications\slysoft\anydvd\AnyDVDtray.exe
uRun: [Google Update] "c:\documents and settings\jim\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Disc Detector] c:\program files\creative\sharedll\CtNotify.exe
mRun: [egui] "f:\applications\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRunOnce: [Malwarebytes Anti-Malware] f:\applications\malwarebytes' anti-malware-new\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart technologies inc\smart board software\SMARTBoardTools.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\applic~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1172204194994
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172204156809
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{FD5F352E-CC10-4B25-916D-E6FA26F59732} : DhcpNameServer = 10.0.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll
AppInit_DLLs: wbsys.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\hgGyvuTL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jim\application data\mozilla\firefox\profiles\1rquwdzu.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.ftp - 50.19.217.60
FF - prefs.js: network.proxy.ftp_port - 80
FF - prefs.js: network.proxy.gopher - 50.19.217.60
FF - prefs.js: network.proxy.gopher_port - 80
FF - prefs.js: network.proxy.http - 50.19.217.60
FF - prefs.js: network.proxy.http_port - 80
FF - prefs.js: network.proxy.socks - 50.19.217.60
FF - prefs.js: network.proxy.socks_port - 80
FF - prefs.js: network.proxy.ssl - 50.19.217.60
FF - prefs.js: network.proxy.ssl_port - 80
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\jim\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\jim\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrl.1.0.21115.0.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPStreamPlug.dll
FF - plugin: f:\applications\quicktime\plugins\npqtplugin.dll
FF - plugin: f:\applications\videolan\vlc\npvlc.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: <![CDATA[1-ClickWeather]]>: {DCBD1271-D228-4082-9FBC-36D9B7660B03} - %profile%\extensions\{DCBD1271-D228-4082-9FBC-36D9B7660B03}
FF - Ext: XULRunner: {EE0587B7-CF2F-4433-B78B-E9026F4EB3A7} - c:\documents and settings\jim\local settings\application data\{EE0587B7-CF2F-4433-B78B-E9026F4EB3A7}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-27 64288]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/02/27 21:48:50];f:\applications\cyberlink\powerdvd9\powerdvd9\navfilter\000.fcl [2009-12-15 87536]
R2 ekrn;ESET Service;f:\applications\eset\eset smart security\ekrn.exe [2009-2-6 727720]
R2 sensorsview32;sensorsview32;c:\windows\system32\drivers\sensorsview32.sys [2009-5-8 14416]
R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-1 217600]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-12-31 40776]
S0 fcoheezf;fcoheezf; [x]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 2151640]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-11 15232]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [2011-9-27 21648]
S3 SaiH053c;SaiH053c;c:\windows\system32\drivers\SaiH053c.sys [2004-7-26 56576]
S3 SMART Web Server;SMART Web Server;c:\program files\smart technologies inc\smart board software\WebServer.exe [2007-11-2 767240]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== Created Last 30 ================
.
2012-01-01 03:29:12 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-01 03:29:03 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-31 22:52:44 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
.
==================== Find3M ====================
.
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
.
============= FINISH: 23:48:45.45 ===============