[Closed] my video files on my pc is all changed to .exe files, please
#1
Posted 28 September 2009 - 12:44 AM
Register to Remove
#2
Posted 01 October 2009 - 11:58 AM
My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
- I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
- The fixes are specific to your problem and should only be used for the issues on this machine.
- Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
- It's often worth reading through these instructions and printing them for ease of reference.
- If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
- Please reply to this thread. Do not start a new topic.
I don't understand everything you are telling me.
Let's start of with some logs so I can try to see what is going on.
- Download DDS and save it to your desktop from
- Here
- here or
- here.
- Disable any script blocking protection (How to Disable your Security Programs)
- Double click DDS icon to run the tool (may take up to 3 minutes to run)
- When done, DDS.txt will open.
- After a few moments, attach.txt will open in a second window.
- Save both reports to your desktop.
- We Need to check for Rootkits with RootRepeal
- Download RootRepeal from one of the following locations and save it to your desktop.
- Open on your desktop.
- Click the tab.
- Click the button.
- In the Select Scan dialog, check
- Push Ok
- Check the box for your main system drive (Usually C:), and press Ok.
- Allow RootRepeal to run a scan of your system. This may take some time.
- Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt.
- Download RootRepeal from one of the following locations and save it to your desktop.
- Copy/paste the log (that you've previously saved to your desktop) from RootRepeal onto your post.
- Copy/paste the DDS.txt log (that you've previously saved to your desktop) onto your post.
- Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
------------------------------------------------------------
Microsoft MVP 2010-2014
#3
Posted 01 October 2009 - 08:00 PM
Attached Files
#4
Posted 01 October 2009 - 08:49 PM
Neither log appears to be complete. Did you do any editing of the logs?
Let's try a different ARK scanner.
Please download gmer.zip from Gmer and save it to your desktop.
- Right click on gmer.zip and select Extract All....
- Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
- Click on the Browse button. Click on Desktop. Then click OK.
- Click Next. It will start extracting.
- Once done, check (tick) the Show extracted files box and click Finish.
- Double click on gmer.exe to run it.
- Select the Rootkit tab.
- On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
- Select all drives that are connected to your system to be scanned.
- Click on the Scan button.
- When the scan is finished, click Copy to save the scan log to the Windows clipboard.
- Open Notepad or a similar text editor.
- Paste the clipboard contents into the text editor.
- Save the Gmer scan log and post it in your next reply.
Note: Do not run any programs while Gmer is running.
------------------------------------------------------------
Microsoft MVP 2010-2014
#5
Posted 02 October 2009 - 02:26 AM
these are the reports
GMER 1.0.15.15087 - http://www.gmer.net
Rootkit scan 2009-10-02 16:21:52
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\ufliqpow.sys
---- System - GMER 1.0.15 ----
SSDT BA7F2156 ZwCreateKey
SSDT BA7F214C ZwCreateThread
SSDT BA7F215B ZwDeleteKey
SSDT BA7F2165 ZwDeleteValueKey
SSDT spot.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spot.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT BA7F216A ZwLoadKey
SSDT spot.sys ZwOpenKey [0xB9EA80C0]
SSDT BA7F2138 ZwOpenProcess
SSDT BA7F213D ZwOpenThread
SSDT spot.sys ZwQueryKey [0xB9EC7108]
SSDT spot.sys ZwQueryValueKey [0xB9EC6F88]
SSDT BA7F2174 ZwReplaceKey
SSDT BA7F216F ZwRestoreKey
SSDT BA7F2160 ZwSetValueKey
SSDT BA7F2147 ZwTerminateProcess
SSDT BA7F2142 ZwWriteVirtualMemory
INT 0x62 ? 8A74FBF8
INT 0x63 ? 8A623F00
INT 0x82 ? 8A74FBF8
INT 0x84 ? 8A623F00
INT 0x94 ? 8A623F00
INT 0xA4 ? 8A623F00
---- Kernel code sections - GMER 1.0.15 ----
? spot.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B95FA62C 5 Bytes JMP 8A6234E0
.text a9bxftac.SYS B955A384 1 Byte [20]
.text a9bxftac.SYS B955A384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text a9bxftac.SYS B955A3AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text a9bxftac.SYS B955A3C4 3 Bytes [00, 00, 00]
.text a9bxftac.SYS B955A3C9 1 Byte [00]
.text ...
? C:\WINDOWS\system32\drivers\rootrepeal_2.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1916] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2668] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3260] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtCreateFile + 6 7C90D688 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenFile + 6 7C90DD03 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcess + 6 7C90DD81 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4016] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2]
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spot.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spot.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spot.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spot.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spot.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB9048] spot.sys
IAT \SystemRoot\System32\Drivers\a9bxftac.SYS[HAL.dll!KfAcquireSpinLock] 0A64D90F
IAT \SystemRoot\System32\Drivers\a9bxftac.SYS[HAL.dll!READ_PORT_UCHAR] 046FD406
IAT \SystemRoot\System32\Drivers\a9bxftac.SYS[HAL.dll!KeGetCurrentIrql] 1672C31D
IAT \SystemRoot\System32\Drivers\a9bxftac.SYS[HAL.dll!KfRaiseIrql] 1879CE14
IAT \SystemRoot\System32\Drivers\a9bxftac.SYS[HAL.dll!KfLowerIrql] 3248ED2B
IAT \SystemRoot\System32\Drivers\a9bxftac.SYS[HAL.dll!HalGetInterruptVector] 3C43E022
IAT \SystemRoot\System32\Drivers\a9bxftac.SYS[HAL.dll!HalTranslateBusAddress] 2E5EF739
IAT \SystemRoot\System32\Drivers\a9bxftac.SYS[HAL.dll!KeStallExecutionProcessor] 2055FA30
IAT \SystemRoot\System32\Drivers\a9bxftac.SYS[HAL.dll!KfReleaseSpinLock] EC01B79A
IAT \SystemRoot\System32\Drivers\a9bxftac.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] E20ABA93
IAT \SystemRoot\System32\Drivers\a9bxftac.SYS[HAL.dll!READ_PORT_USHORT] F017AD88
IAT \SystemRoot\System32\Drivers\a9bxftac.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] FE1CA081
IAT \SystemRoot\System32\Drivers\a9bxftac.SYS[HAL.dll!WRITE_PORT_UCHAR] D42D83BE
IAT \SystemRoot\System32\Drivers\a9bxftac.SYS[WMILIB.SYS!WmiSystemControl] C83B99AC
IAT \SystemRoot\System32\Drivers\a9bxftac.SYS[WMILIB.SYS!WmiCompleteRequest] C63094A5
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A74E1F8
AttachedDevice \Driver\Tcpip \Device\Ip avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 eabfiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
Device \Driver\sptd \Device\1504449836 spot.sys
Device \Driver\usbehci \Device\USBPDO-0 8A3EE500
Device \Driver\usbuhci \Device\USBPDO-1 8A3B9500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A7BE1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A7BE1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A7BE1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A7BE1F8
Device \Driver\usbuhci \Device\USBPDO-2 8A3B9500
Device \Driver\usbuhci \Device\USBPDO-3 8A3B9500
AttachedDevice \Driver\Tcpip \Device\Tcp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8A7501F8
Device \Driver\PCI_PNP6086 \Device\00000058 spot.sys
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A7501F8
Device \Driver\Cdrom \Device\CdRom0 8A436500
Device \Driver\Cdrom \Device\CdRom1 8A436500
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A7501F8
Device \Driver\atapi \Device\Ide\IdePort0 8A74F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A74F1F8
Device \Driver\atapi \Device\Ide\IdePort1 8A74F1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e 8A74F1F8
Device \Driver\USBSTOR \Device\00000081 8A389500
Device \Driver\USBSTOR \Device\00000083 8A389500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A38B500
Device \Driver\NetBT \Device\NetbiosSmb 8A38B500
Device \Driver\NetBT \Device\NetBT_Tcpip_{24E6495E-9563-42FD-860B-FABAA7485528} 8A38B500
AttachedDevice \Driver\Tcpip \Device\Udp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\Tcpip \Device\RawIp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
Device \Driver\usbuhci \Device\USBFDO-0 8A3B9500
Device \Driver\usbuhci \Device\USBFDO-1 8A3B9500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A3CF3F8
Device \Driver\usbuhci \Device\USBFDO-2 8A3B9500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A3CF3F8
Device \Driver\usbehci \Device\USBFDO-3 8A3EE500
Device \Driver\Ftdisk \Device\FtControl 8A7501F8
Device \Driver\USBSTOR \Device\0000008b 8A389500
Device \Driver\USBSTOR \Device\0000008c 8A389500
Device \Driver\a9bxftac \Device\Scsi\a9bxftac1Port2Path0Target0Lun0 8A3A3500
Device \Driver\a9bxftac \Device\Scsi\a9bxftac1 8A3A3500
Device \FileSystem\Cdfs \Cdfs 8A3F3500
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x54 0xFB 0x01 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6A 0x31 0x25 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x07 0x39 0x5B 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x54 0xFB 0x01 0x7D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x6A 0x31 0x25 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x07 0x39 0x5B 0x0E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x45 0x82 0xC2 0x2E ...
#6
Posted 02 October 2009 - 08:23 AM
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
------------------------------------------------------------
Microsoft MVP 2010-2014
#7
Posted 08 October 2009 - 09:43 AM
------------------------------------------------------------
Microsoft MVP 2010-2014
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users