Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Infection that turns installation .exe into invalid win32 application

Started by Daniel14 , Jul 13 2012 09:04 AM

  • This topic is locked This topic is locked
77 replies to this topic

#1 Daniel14

Daniel14

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 13 July 2012 - 09:04 AM

Hello people,

my name is Daniel and this is my first post at whatthetech forums. First of all, I did not come here just to 'seek and go', no. I did not visit this website just for help, and then after my infection (hopefully) is cleared and removed I go away. That's not my purpose. In fact, I came here to learn, because I felt like using computer for 10 years taught me nothing about this subject, I am so ashamed. So long time ago I wanted to be part of a friendly community that teaches many stuff about computing and it came in coincidence that I am facing this problem, and like we say 'two birds with one stone..'. This whole speech may be useless for some people, but it's not for me and hopefully some people will understand me eventually.
Let's start about when it happened, how it happened. Well, quite frankly I have no idea how I got infected, I'm probably browsing 'without a head' or something like that. I trust what I download, I even scan before downloading with two different 'computer-protectors' such as Avast and Malwarebytes anti-malware. Yup, this last is powerful! I trust what I download.. Before I visit a website, I usually scan it with an online PC scanner that relies on multiple protectors. Would you believe me if I tell you that I had a virus in my computer for around 8 months of trying to remove it?! I was so lazy, dayam on me! I finally realized that I need serious help, not on that 8 month-infection thing, but on a different one that I recently got. I was so foolish when I got it! I don't know if it's the one I talk about in this topic, but I think I got it from a program that didn't open - YYYCracker.exe.. Yup, too foolish, I knew it was malware, but my friend insisted.. Oh too foolish! Back on subject, the infection is basically a malware that identifies installation .exe as INVALID WIN32 APPLICATION. Other symptoms:

- When trying to open 'My computer's properties, Anti Trojan Elite says it has found trojan(s) on my computer, and directly after, an error pops up with the white X in the red circle informing that XYZ/XYZ/XYZblabla/rundll32.exe is INVALID WIN32 APPLICATION
- When trying to open 'Configuration panel' (translated from French, the one inside you can uninstall/install programs) - It says Anti Trojan elite found trojan(s) in computer, but despite that it opens.
- [Possible symptom] My screen goes black and dark and then it returns to normal.

DDS.txt:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_24
Run by too at 16:17:18 on 2012-07-09
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1013.223 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
AV: avast! antivirus 4.8.1351 [VPS 091101-0] *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Security *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Fichiers communs\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Micro Application\Cloneur Expert\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Anti Trojan Elite\TJEnder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\too\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\too\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Menara\dslmon.exe
C:\Documents and Settings\too\Local Settings\Application Data\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bigseekpro.com/mdickie/{7F528376-C4C0-4CA2-8667-E6A5B848625B}
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.bigseekpro.com/mdickie/{7F528376-C4C0-4CA2-8667-E6A5B848625B}
uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=1022&systemid=1&sr=0&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: ToolbarURLSearchHook Class: {ca3eb689-8f09-4026-aa10-b9534c691ce0} - c:\program files\mdickie db toolbar toolbar\tbhelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\datamngr\toolbar\wincoreimdtx.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\fichiers communs\symantec shared\coshared\browser\2.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\fichie~1\symant~1\ids\IPSBHO.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\mdickie db toolbar toolbar\tbcore3.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\fichiers communs\symantec shared\coshared\browser\2.5\CoIEPlg.dll
TB: Wincore Mediabar: {28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~1\imesha~1\mediabar\datamngr\toolbar\wincoreimdtx.dll
TB: MDickie DB Toolbar Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\mdickie db toolbar toolbar\tbcore3.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: {ACEBB9C5-8B00-43A3-B821-A5DCEFECCF0F} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [svvhost2] c:\windows\system32\svvhost2.exe
uRun: [systemlog] c:\windows\system32\systemlog.exe
uRun: [swinlogin] c:\windows\system32\swinlogin.exe
uRun: [winlogin2] c:\windows\system32\winlogin2.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Akamai NetSession Interface] "c:\documents and settings\too\local settings\application data\akamai\netsession_win.exe"
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "c:\documents and settings\too\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [ccApp] "c:\program files\fichiers communs\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
mRun: [Cloneur Expert Monitor] "c:\program files\micro application\cloneur expert\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\fichiers communs\acronis\schedule2\schedhlp.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [TkBellExe] "c:\program files\fichiers communs\real\update_ob\realsched.exe" -osboot
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SunJavaUpdateSched] "c:\program files\fichiers communs\java\java update\jusched.exe"
mRun: [Google Updater] "c:\program files\google\google updater\GoogleUpdater.exe" -check_deprecation
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [GameXL]
mRun: [Anti Trojan Elite] c:\program files\anti trojan elite\TJEnder.exe :NO
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\too\menudm~1\progra~1\dmarra~1\fifa11~1.lnk - c:\program files\ea sports\fifa 11\support\EAregister.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\dslmon.lnk - c:\program files\menara\dslmon.exe
StartupFolder: c:\docume~1\alluse~1\menudm~1\progra~1\dmarra~1\metacafe.lnk - c:\program files\metacafe\MetacafeAgent.exe
uPolicies-explorer: MemCheckBoxInRunDlg = 0 (0x0)
uPolicies-explorer: NoStrCmpLogical = 0 (0x0)
mPolicies-explorer: NoChangeAnimation = 0 (0x0)
mPolicies-explorer: NoStrCmpLogical = 0 (0x0)
mPolicies-system: RunStartupScriptSync = 1 (0x1)
IE: &Download All using 4shared Desktop - c:\program files\4shared desktop\down_all.htm
IE: &Search
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Télécharger avec Mipony - file://c:\program files\mipony\browser\IEContext.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/plugins/activex/YoYo.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: Interfaces\{FB9CD8EC-1988-48E9-953C-88B70A14CA0E} : NameServer = 62.251.229.223 62.251.229.237
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\fichie~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: CLKERN.DLL c:\progra~1\google\go333c~1\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\too\application data\mozilla\firefox\profiles\kjl3xhnd.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.bigseekpro.com/mdickie/{7F528376-C4C0-4CA2-8667-E6A5B848625B}
FF - prefs.js: keyword.URL - hxxp://www.bigseekpro.com/search/toolbar/mdickie/{7F528376-C4C0-4CA2-8667-E6A5B848625B}?q=
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\too\application data\mozilla\firefox\profiles\kjl3xhnd.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\too\application data\mozilla\firefox\profiles\kjl3xhnd.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\too\application data\mozilla\firefox\profiles\kjl3xhnd.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\too\application data\mozilla\firefox\profiles\kjl3xhnd.default\extensions\battlefieldplay4free@ea.com\plugins\npBP4FUpdater.dll
FF - plugin: c:\documents and settings\too\application data\mozilla\firefox\profiles\kjl3xhnd.default\extensions\runtime@panda3d.org\platform\winnt_x86-msvc\plugins\nppanda3d.dll
FF - plugin: c:\documents and settings\too\application data\mozilla\firefox\profiles\kjl3xhnd.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
FF - plugin: c:\documents and settings\too\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\too\local settings\application data\robloxversions\version-6ca07d14e2274822\NPRobloxProxy.dll
FF - plugin: c:\documents and settings\too\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-2 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-2 20560]
R2 ATE_PROCMON;ATE_PROCMON;c:\program files\anti trojan elite\ATEPMON.sys [2012-6-2 9984]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-2 138680]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\fichiers communs\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\fichiers communs\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\fichiers communs\symantec shared\CCSVCHST.EXE [2008-1-25 149352]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\fichiers communs\pc tools\smonitor\StartManSvc.exe [2012-5-31 793048]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-2 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-2 352920]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\fichiers communs\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-18 99376]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-9-18 41216]
R3 NAVENG;NAVENG;c:\progra~1\fichie~1\symant~1\virusd~1\20080917.039\NAVENG.SYS [2008-9-18 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\fichie~1\symant~1\virusd~1\20080917.039\NAVEX15.SYS [2008-9-18 873552]
S2 EjxBPXiHAs;EjxBPXiHAs;cmd /c "c:\docume~1\too\locals~1\temp\svhost.exe" --> cmd [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-8-2 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-4-5 158856]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-12 23888]
S3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [2011-8-15 500704]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\garena messenger\room\safedrv.sys --> c:\program files\garena messenger\room\safedrv.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-1-12 30192]
S3 gupdatem;Service Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-2 133104]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384]
S3 Symantec Core LC;Symantec Core LC;c:\progra~1\fichie~1\symant~1\ccpd-lc\symlcsvc.exe [2008-9-18 1245064]
S3 UsbEvdomAtc;LGE EVDOM USB Serial Port;c:\windows\system32\drivers\lgevdomatc.sys [2009-2-17 19840]
S3 usbevdombus;LGE EVDOM Composite USB Device;c:\windows\system32\drivers\lgevdombus.sys [2009-2-17 13696]
S3 UsbEvdomDiag;LGE EVDOM USB Serial DM Port;c:\windows\system32\drivers\lgevdomdiag.sys [2009-2-17 19840]
S3 USBEVDOmModem;LGE EVDOM USB Modem;c:\windows\system32\drivers\lgevdommodem.sys [2009-2-17 21632]
S3 vproiah;vproiah;c:\windows\system32\drivers\vproiah.sys --> c:\windows\system32\drivers\vproiah.sys [?]
S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?]
S3 XDva397;XDva397;c:\windows\system32\XDva397.sys [2012-5-6 77136]
.
=============== Created Last 30 ================
.
2012-07-05 12:46:19 -------- d-----w- c:\program files\Strogino CS Portal
2012-06-28 15:53:51 -------- d-----w- c:\program files\ZeusPro
2012-06-28 10:25:30 -------- d-----w- c:\program files\ESET
2012-06-12 19:55:29 -------- d-----w- c:\documents and settings\too\local settings\application data\RobloxDownloads
2012-06-12 19:55:24 -------- d-----w- c:\documents and settings\too\local settings\application data\RobloxVersions
2012-06-12 19:55:10 -------- d-----w- c:\documents and settings\too\local settings\application data\Roblox
.
==================== Find3M ====================
.
2012-07-06 13:35:41 219128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-07-06 13:35:41 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-07-06 13:32:54 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-07-06 13:32:20 219128 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-05-20 12:21:30 138056 ----a-w- c:\documents and settings\too\application data\PnkBstrK.sys
2012-05-20 12:21:06 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-05-18 17:26:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-18 17:26:05 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-11 19:06:07 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-05-06 12:10:24 77136 ----a-w- c:\windows\system32\XDva397.sys
2012-04-16 20:31:20 19456 ----a-w- c:\windows\ed4.exe
2012-04-16 20:29:30 34795 ----a-w- c:\windows\libregex.dll
2012-04-16 20:29:12 327308 ----a-w- c:\windows\libssl32.dll
2012-04-16 20:29:07 186928 ----a-w- c:\windows\stoneh.exe
2012-04-16 20:28:41 775 ----a-w- c:\documents and settings\too\ds.bat
2012-04-15 19:02:16 68888 ----a-w- c:\windows\system\xinput1_3.dll
2012-04-15 19:02:16 444776 ----a-w- c:\windows\system\d3dx10_35.dll
2012-04-15 19:02:16 3727720 ----a-w- c:\windows\system\d3dx9_35.dll
2012-04-15 19:02:16 3497832 ----a-w- c:\windows\system\d3dx9_34.dll
.
============= FINISH: 16:19:28.01 ===============

P.S: I attached attach.txt in the bottom because in the preparation guide it says there is another dds.txt which I cannot found except attach.txt

Attached Files


    Advertisements

Register to Remove

#2 NoodleTech

NoodleTech

    Malware Eradicator

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,380 posts

Posted 13 July 2012 - 12:13 PM

Hi Daniel,

:welcome:

My name is NoodleTech. I would be glad to assist you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • Please be aware that removing malware is not without risk and while unrecoverable damage to systems is rare, it can happen and may require a re-format and re-install of your operating system. Because of this it is a good idea to back-up anything important saved on your computer.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Do not delete anything unless instructed to.
  • DO NOT use tools such as ComboFix without supervision.
  • Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clean.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Failure to respond within 3 days will result in this topic being closed - If you need more time to complete the steps required, please let me know.
===================================================

Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Posted Image
Proud Graduate of the WTT Malware Classroom.
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#3 Daniel14

Daniel14

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 13 July 2012 - 12:22 PM

Thank you NoodleTech for volunteering to help me, I really appreciate your assistance. I will do whatever you want in order to succeed. I will also ask questions if available.

----------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-07-09 17:25:38
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3160815AS rev.4.AAA
Running: gmer.exe; Driver: C:\DOCUME~1\too\LOCALS~1\Temp\pxtdypob.sys


---- System - GMER 1.0.15 ----

SSDT 869C4968 ZwAlertResumeThread
SSDT 869C4C38 ZwAlertThread
SSDT 86857920 ZwAllocateVirtualMemory
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA8F286B8]
SSDT 86957BB8 ZwConnectPort
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA8F28574]
SSDT 86864330 ZwCreateMutant
SSDT \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys ZwCreateSection [0xA87F68C6]
SSDT 8683EF00 ZwCreateThread
SSDT 86A128E0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA917E2A0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA8F28A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA8F2814C]
SSDT 868412F8 ZwFreeVirtualMemory
SSDT 869D76B0 ZwImpersonateAnonymousToken
SSDT 869C48A8 ZwImpersonateThread
SSDT 86841218 ZwMapViewOfSection
SSDT 868642B0 ZwOpenEvent
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA8F2864E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA8F2808C]
SSDT 869FFDA0 ZwOpenProcessToken
SSDT 869193C0 ZwOpenSection
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA8F280F0]
SSDT 86271670 ZwOpenThreadToken
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA8F2876E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA8F2872E]
SSDT 86A57C48 ZwResumeThread
SSDT 861EF378 ZwSetContextThread
SSDT 86A0C820 ZwSetInformationProcess
SSDT 8687B358 ZwSetInformationThread
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA8F288AE]
SSDT 86919480 ZwSuspendProcess
SSDT 869C4CB8 ZwSuspendThread
SSDT 869581F0 ZwTerminateProcess
SSDT 868343A0 ZwTerminateThread
SSDT 861EF3F8 ZwUnmapViewOfSection
SSDT 86938200 ZwWriteVirtualMemory

INT 0x62 ? 86BCDCB8
INT 0x63 ? 869BCCB8
INT 0x82 ? 86BCDCB8
INT 0x83 ? 869BCCB8
INT 0x94 ? 869BCCB8
INT 0xA4 ? 869BCCB8
INT 0xA4 ? 869BCCB8
INT 0xA4 ? 869BCCB8
INT 0xA4 ? 869BCCB8
INT 0xB4 ? 86BCDCB8
INT 0xB4 ? 86BCDCB8
INT 0xB4 ? 869BCCB8
INT 0xB4 ? 86BCDCB8

---- Kernel code sections - GMER 1.0.15 ----

.sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xF7540089]
.text USBPORT.SYS!DllUnload F6BD980C 5 Bytes JMP 869BC1C8
.text a424jami.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 F6B0E900 48 Bytes [05, 39, EF, 49, 77, 28, 94, ...]
? C:\WINDOWS\System32\Drivers\a424jami.SYS suspicious PE modification
pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xA8449F00, 0x24000, 0x48000000]

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 18, 00] {SUB [EAX], AL; SBB [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtMapViewOfSection + 6 7C91D524 1 Byte [28]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 03, 18, 00] {SUB [EBX], AL; SBB [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 18, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 01, 18, 00] {TEST AL, 0x1; SBB [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B91EE1A
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 02, 18, 00] {TEST AL, 0x2; SBB [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 01, 18, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 02, 18, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B91EE8B
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 18, 00] {TEST AL, 0x0; SBB [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B91EFB9
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 18, 00] {SUB [ECX], AL; SBB [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 02, 18, 00] {SUB [EDX], AL; SBB [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 1 Byte [68]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 03, 18, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1612] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtMapViewOfSection + 6 7C91D524 1 Byte [28]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 03, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 01, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B91F41A
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 02, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 01, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 02, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B91F48B
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B91F5B9
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 02, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 1 Byte [68]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 03, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1636] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3552] ntdll.dll!LdrLoadDll 7C925CBB 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 38, 00] {SUB [EAX], AL; CMP [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtMapViewOfSection + 6 7C91D524 1 Byte [28]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 03, 38, 00] {SUB [EBX], AL; CMP [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 38, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 01, 38, 00] {TEST AL, 0x1; CMP [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B920E1A
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 02, 38, 00] {TEST AL, 0x2; CMP [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 01, 38, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 02, 38, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B920E8B
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 38, 00] {TEST AL, 0x0; CMP [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B920FB9
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 38, 00] {SUB [ECX], AL; CMP [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 02, 38, 00] {SUB [EDX], AL; CMP [EAX], AL}
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 1 Byte [68]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 03, 38, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3996] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtMapViewOfSection + 6 7C91D524 1 Byte [28]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 03, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 01, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B922A1A
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 02, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 01, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 02, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B922A8B
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B922BB9
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 02, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 1 Byte [68]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 03, 54, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4432] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtMapViewOfSection + 6 7C91D524 1 Byte [28]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 03, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 01, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B91F41A
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 02, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 01, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 02, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B91F48B
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B91F5B9
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 02, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 1 Byte [68]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 03, 1E, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4508] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtMapViewOfSection + 6 7C91D524 1 Byte [28]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B91ED1A
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B91ED8B
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B91EEB9
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 1 Byte [68]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5536] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtMapViewOfSection + 6 7C91D524 1 Byte [28]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 03, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 01, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B91ED1A
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 02, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 01, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 02, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B91ED8B
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B91EEB9
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 02, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 1 Byte [68]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 03, 17, 00]
.text C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5636] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86BCC1E8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{613204EE-298B-4D65-9383-CB5087F42D50} 86A1C430
Device \Driver\usbuhci \Device\USBPDO-0 868BC1E8
Device \Driver\usbuhci \Device\USBPDO-1 868BC1E8
Device \Driver\usbuhci \Device\USBPDO-2 868BC1E8
Device \Driver\usbehci \Device\USBPDO-3 869AD1E8
Device \Driver\usbuhci \Device\USBPDO-4 868BC1E8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)

Device \Driver\usbuhci \Device\USBPDO-5 868BC1E8
Device \Driver\usbuhci \Device\USBPDO-6 868BC1E8
Device \Driver\PCI_PNP5164 \Device\00000057 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)

Device \Driver\usbehci \Device\USBPDO-7 869AD1E8
Device \Driver\Cdrom \Device\CdRom0 869881E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86BCD1E8
Device \Driver\atapi \Device\Ide\IdePort0 86BCD1E8
Device \Driver\atapi \Device\Ide\IdePort1 86BCD1E8
Device \Driver\atapi \Device\Ide\IdePort2 86BCD1E8
Device \Driver\atapi \Device\Ide\IdePort3 86BCD1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-12 86BCD1E8
Device \Driver\Cdrom \Device\CdRom1 869881E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 86A1C430
Device \Driver\NetBT \Device\NetBT_Tcpip_{FB9CD8EC-1988-48E9-953C-88B70A14CA0E} 86A1C430
Device \Driver\NetBT \Device\NetbiosSmb 86A1C430

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbuhci \Device\USBFDO-0 868BC1E8
Device \Driver\usbuhci \Device\USBFDO-1 868BC1E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86A14430
Device \Driver\usbuhci \Device\USBFDO-2 868BC1E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86A14430
Device \Driver\usbehci \Device\USBFDO-3 869AD1E8
Device \Driver\usbuhci \Device\USBFDO-4 868BC1E8
Device \Driver\usbuhci \Device\USBFDO-5 868BC1E8
Device \Driver\usbuhci \Device\USBFDO-6 868BC1E8
Device \Driver\usbehci \Device\USBFDO-7 869AD1E8
Device \Driver\a424jami \Device\Scsi\a424jami1Port4Path0Target0Lun0 8687A1E8
Device \Driver\a424jami \Device\Scsi\a424jami1 8687A1E8
Device \FileSystem\Cdfs \Cdfs 854AB430

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAB 0xCA 0xF6 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8A 0x8C 0x57 0xDA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2E 0x9A 0xAD 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x88 0xA5 0x2C 0x26 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8A 0x8C 0x57 0xDA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2E 0x9A 0xAD 0x9C ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Ghali\Application Data\Macromedia\Flash Player\#SharedObjects\TE798RBT\simply-land.com.\main.swf 0 bytes
File C:\Documents and Settings\Ghali\Application Data\Macromedia\Flash Player\#SharedObjects\TE798RBT\simply-land.com.\main.swf\gael.sound.Engine.root.volume.sol 65 bytes
File C:\Documents and Settings\Ghali\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#simply-land.com.\settings.sol 86 bytes

---- EOF - GMER 1.0.15 ----

#4 NoodleTech

NoodleTech

    Malware Eradicator

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,380 posts

Posted 13 July 2012 - 12:33 PM

Hi Daniel,

You are very welcome :). Feel free to ask questions if you have any.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications

====================================================


Double click on ComboFix.exe & follow the prompts.


  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Posted Image
Proud Graduate of the WTT Malware Classroom.
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#5 Daniel14

Daniel14

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 13 July 2012 - 01:54 PM

I can't open installation .exe's, that's the problem. The malware thingy blocks them and identifies them as invalid win32 app

#6 Daniel14

Daniel14

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 13 July 2012 - 01:55 PM

Maybe if you could find me/personally upload Combofix installation .exe inside a .zip folder, that'll work because I tried it on another malware. :)

#7 NoodleTech

NoodleTech

    Malware Eradicator

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,380 posts

Posted 13 July 2012 - 02:40 PM

Hi Daniel,

Okay, let's try something else before we run ComboFix.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions.  If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
Do not reboot your computer after running rkill as the malware programs will start again.

===================================================

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)

===================================================

Please run Malwarebytes' Anti-Malware.
  • Click the Update tab, then click Check for Updates.
  • If an update is found, download and install the latest version.
  • Next, click Scanner, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

Posted Image
Proud Graduate of the WTT Malware Classroom.
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#8 Daniel14

Daniel14

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 14 July 2012 - 05:45 AM

One question: Does RKill gives options after the scan? If yes, which one should i choose? Also, do you mind if I skip step 2? I have already tried exefix.scr but eventually the error still pops up..

#9 Daniel14

Daniel14

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 14 July 2012 - 08:30 AM

I will provide the RKill log first, the MBAM later since it usually: stuck or bugged in a place. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 07/14/2012 at 15:29:08. Operating System: Microsoft Windows XP Processes terminated by Rkill or while it was running: C:\Documents and Settings\too\Local Settings\Application Data\Akamai\netsession_win.exe C:\Documents and Settings\too\Local Settings\Application Data\Akamai\netsession_win.exe C:\Documents and Settings\too\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\too\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Rkill completed on 07/14/2012 at 15:29:16.

Edited by Daniel14, 14 July 2012 - 08:34 AM.

#10 Daniel14

Daniel14

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 14 July 2012 - 08:33 AM

Besides, what do you mean that i should not re-boot after the scan? Does that include turning off the computer hours after the scan was finished in purpose to go do something outside computing? Will the malware processes return? Sorry for many questions.


EDIT: VOID THIS..

Edited by Daniel14, 14 July 2012 - 09:29 AM.

    Advertisements

Register to Remove

#11 Daniel14

Daniel14

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 14 July 2012 - 09:28 AM

Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.14.04 Windows XP Service Pack 2 x86 NTFS Internet Explorer 6.0.2900.2180 too :: FSC [administrator] 7/14/2012 3:41:05 PM mbam-log-2012-07-14 (15-41-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 281301 Time elapsed: 48 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

#12 NoodleTech

NoodleTech

    Malware Eradicator

  • Visiting Fellow
  • PipPipPipPipPip
  • 2,380 posts

Posted 14 July 2012 - 09:46 AM

Hi Daniel,

No, I do not believe rkill gives you options after a scan. Seeing that you were able to successfully run MBAM, there is no need to run exeHelper. We ask you not to reboot after rkill or exeHelper have done their work because they only temporarily kill rogue processes. If you reboot your computer, the malicious processes shall return and you will have trouble launching .exe's once again.

Next, Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications

====================================================


Double click on ComboFix.exe & follow the prompts.


  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Posted Image
Proud Graduate of the WTT Malware Classroom.
If you feel I have helped you, please consider a donation. Posted Image
Topics will be closed after three days if there is no response.
Please do not PM me for malware removal assistance.

#13 Daniel14

Daniel14

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 14 July 2012 - 10:11 AM

I will try Combofix. Thank you.

#14 Daniel14

Daniel14

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 14 July 2012 - 10:12 AM

I was able to run MBAM because I had it already.

#15 Daniel14

Daniel14

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 14 July 2012 - 12:17 PM

Noodle, one Important notice: RKill had no effect on my current issue.. I was able to run MBAM because it was ALREADY INSTALLED in my PC.. My issue is that I cannot run setup .exe Example: remix_ce_setup.exe

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·