Infostealer

View previous topic View next topic Go down

Re: Infostealer

Post by kakipc on 21st June 2009, 8:02 pm

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\coIEPlg.dll [2009-06-16 372592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\IPSBHO.DLL [2009-06-16 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\coIEPlg.dll [2009-06-16 372592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"=Alaunch []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-28 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-28 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-28 137752]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-16 16862720]
"AzMixerSel"=C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [2006-07-17 53248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-25 1044480]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-15 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-15 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-15 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-15 455168]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-05-14 821768]
"PLFSetL"=C:\WINDOWS\PLFSetL.exe [2007-07-05 94208]
"eRecoveryService"=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [2008-05-22 425984]
"Athan"=C:\Program Files\Athan\Athan.exe [2009-01-18 1081344]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\setup2.exe]
C:\WINDOWS\system32\setup2.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Register Mask Pro 3.0.lnk - C:\Program Files\onOne Software\Mask Pro 4.1\

C:\Documents and Settings\AMEER\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Games\Counter-Strike 1.6\hl.exe"="C:\Program Files\Games\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Games\Battlefield Vietnam\bfvietnam.exe"="C:\Program Files\Games\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infostealer

Post by kakipc on 21st June 2009, 8:02 pm

======List of files/folders created in the last 1 months======

2009-06-21 20:58:20 ----D---- C:\rsit
2009-06-21 16:39:11 ----D---- C:\Avenger
2009-06-21 16:39:10 ----A---- C:\avenger.txt
2009-06-20 07:06:05 ----D---- C:\Program Files\Trojan Remover
2009-06-20 07:06:05 ----D---- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2009-06-20 06:54:00 ----SHD---- C:\RECYCLER
2009-06-20 00:44:01 ----A---- C:\ComboFix.txt
2009-06-20 00:35:31 ----A---- C:\WINDOWS\zip.exe
2009-06-20 00:35:31 ----A---- C:\WINDOWS\SWREG.exe
2009-06-20 00:35:31 ----A---- C:\WINDOWS\sed.exe
2009-06-20 00:35:31 ----A---- C:\WINDOWS\PEV.exe
2009-06-20 00:35:31 ----A---- C:\WINDOWS\NIRCMD.exe
2009-06-20 00:35:31 ----A---- C:\WINDOWS\grep.exe
2009-06-20 00:35:30 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-06-20 00:35:30 ----A---- C:\WINDOWS\SWSC.exe
2009-06-20 00:35:19 ----SD---- C:\Combo--Fix
2009-06-20 00:02:15 ----D---- C:\Qoobox
2009-06-18 23:26:00 ----A---- C:\WINDOWS\system32\KDSInterface.txt
2009-06-18 15:48:33 ----D---- C:\Documents and Settings\AMEER\Application Data\Google
2009-06-18 04:19:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-18 04:15:46 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-06-18 04:12:52 ----D---- C:\Program Files\LimeWire
2009-06-18 03:39:37 ----D---- C:\Program Files\Pivot Stickfigure Animator
2009-06-17 23:56:21 ----SD---- C:\Combo-Fix
2009-06-17 19:47:49 ----A---- C:\Boot.bak
2009-06-17 19:47:43 ----RASHD---- C:\cmdcons
2009-06-17 19:46:18 ----D---- C:\WINDOWS\ERDNT
2009-06-17 17:59:08 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-06-17 17:53:05 ----D---- C:\Program Files\Trend Micro
2009-06-16 22:01:58 ----D---- C:\Documents and Settings\All Users\Application Data\WEBREG
2009-06-16 19:27:06 ----D---- C:\WINDOWS\system32\autorun
2009-06-16 18:11:26 ----RD---- C:\Program Files\Norton Support
2009-06-16 18:00:05 ----D---- C:\Program Files\Symantec
2009-06-16 18:00:05 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-06-16 17:59:17 ----D---- C:\Program Files\Windows Sidebar
2009-06-16 07:23:35 ----A---- C:\WINDOWS\game.ini
2009-06-16 07:07:39 ----SHD---- C:\WINDOWS\ftpcache
2009-06-16 07:03:23 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-06-16 06:55:01 ----D---- C:\Documents and Settings\AMEER\Application Data\DAEMON Tools Lite
2009-06-15 20:56:30 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-15 20:54:54 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-15 20:47:59 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-15 20:46:29 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-12 22:39:20 ----D---- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-06-12 22:38:44 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-06-12 22:37:30 ----D---- C:\Program Files\Norton 360
2009-06-12 22:37:30 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-06-12 22:37:28 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2009-06-12 22:10:12 ----D---- C:\Program Files\NortonInstaller
2009-06-12 22:10:12 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-06-12 21:55:16 ----D---- C:\Documents and Settings\AMEER\Application Data\GetRightToGo
2009-06-10 15:51:37 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-10 15:51:37 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-10 15:51:37 ----A---- C:\WINDOWS\system32\java.exe
2009-06-08 21:52:54 ----D---- C:\Documents and Settings\All Users\Application Data\Digital Film Tools
2009-06-07 23:57:40 ----D---- C:\WINDOWS\setup.pss
2009-06-07 23:55:46 ----D---- C:\Documents and Settings\AMEER\Application Data\Help
2009-05-27 22:57:40 ----D---- C:\Documents and Settings\AMEER\Application Data\Mask Pro 4.0
2009-05-27 16:56:24 ----D---- C:\Documents and Settings\AMEER\Application Data\onOne Software
2009-05-27 16:56:15 ----D---- C:\Documents and Settings\All Users\Application Data\onOne Software
2009-05-27 16:47:46 ----D---- C:\Program Files\onOne Software
2009-05-26 20:10:47 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2009-05-26 20:10:47 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2009-05-26 20:10:47 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2009-05-26 20:10:47 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2009-05-26 20:10:47 ----A---- C:\WINDOWS\system32\unacev2.dll
2009-05-26 19:28:01 ----D---- C:\Documents and Settings\All Users\Application Data\webcamXP 5
2009-05-26 19:26:28 ----HD---- C:\WINDOWS\PIF

======List of files/folders modified in the last 1 months======

2009-06-21 20:58:27 ----D---- C:\WINDOWS\Temp
2009-06-21 20:58:24 ----D---- C:\WINDOWS\Prefetch
2009-06-21 20:54:44 ----D---- C:\Program Files\Mozilla Firefox
2009-06-21 19:49:13 ----SHD---- C:\System Volume Information
2009-06-21 19:49:13 ----D---- C:\WINDOWS\system32\Restore
2009-06-21 19:48:27 ----D---- C:\WINDOWS
2009-06-21 19:45:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-21 16:39:10 ----AD---- C:\WINDOWS\system32\drivers
2009-06-21 16:38:22 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-20 07:28:14 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-20 07:06:05 ----RD---- C:\Program Files
2009-06-20 06:57:05 ----D---- C:\Documents and Settings\AMEER\Application Data\HPAppData
2009-06-20 00:44:05 ----AD---- C:\WINDOWS\system32
2009-06-20 00:41:30 ----A---- C:\WINDOWS\system.ini
2009-06-20 00:39:38 ----D---- C:\WINDOWS\AppPatch
2009-06-20 00:39:31 ----D---- C:\Program Files\Common Files
2009-06-19 15:50:50 ----D---- C:\Program Files\BitComet
2009-06-19 15:38:19 ----D---- C:\Program Files\Google
2009-06-18 15:53:03 ----SHD---- C:\WINDOWS\Installer
2009-06-18 15:53:03 ----HD---- C:\Config.Msi
2009-06-17 20:11:54 ----SD---- C:\WINDOWS\Tasks
2009-06-17 20:04:22 ----D---- C:\WINDOWS\system32\config
2009-06-17 19:47:49 ----RASH---- C:\boot.ini
2009-06-17 19:28:37 ----A---- C:\WINDOWS\win.ini
2009-06-17 18:07:50 ----SD---- C:\Documents and Settings\AMEER\Application Data\Microsoft
2009-06-17 16:23:31 ----D---- C:\Program Files\Games
2009-06-16 21:43:52 ----D---- C:\Documents and Settings
2009-06-16 21:39:42 ----D---- C:\WINDOWS\pss
2009-06-16 17:06:48 ----D---- C:\Downloads
2009-06-16 07:25:03 ----HD---- C:\WINDOWS\inf
2009-06-16 07:24:47 ----RSD---- C:\WINDOWS\assembly
2009-06-16 07:24:07 ----D---- C:\WINDOWS\system32\DirectX
2009-06-16 07:23:32 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-16 04:48:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-16 04:19:30 ----D---- C:\WINDOWS\Debug
2009-06-15 21:00:42 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-06-15 20:56:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-06-15 20:56:00 ----D---- C:\Program Files\Microsoft Works
2009-06-15 20:54:50 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-15 20:47:36 ----D---- C:\WINDOWS\system32\en-US
2009-06-15 20:47:36 ----D---- C:\Program Files\Internet Explorer
2009-06-15 20:47:20 ----D---- C:\WINDOWS\ie7updates
2009-06-12 21:48:50 ----D---- C:\Documents and Settings\AMEER\Application Data\LimeWire
2009-06-10 15:51:28 ----D---- C:\Program Files\Java
2009-06-07 23:55:46 ----AD---- C:\I386
2009-06-02 16:47:41 ----D---- C:\WINDOWS\system32\Adobe
2009-06-01 17:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-31 16:40:31 ----D---- C:\Program Files\GameHouse
2009-05-27 16:45:31 ----RSD---- C:\WINDOWS\Fonts

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infostealer

Post by kakipc on 21st June 2009, 8:03 pm

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; \??\C:\WINDOWS\system32\drivers\N360\0300000.087\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; \??\C:\WINDOWS\system32\drivers\N360\0300000.087\ccHPx86.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090618.002\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 36352]
R1 SRTSP;Symantec Real Time Storage Protection; \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SRTSP.SYS []
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SRTSPX.SYS []
R1 SYMTDI;Symantec Network Dispatch Driver; \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SYMTDI.SYS []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-05-21 1312576]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 int15.sys;int15.sys; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-20 4800000]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.006\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090621.006\NAVEX15.SYS []
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-07-01 108800]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SYMFW.SYS []
R3 SYMIDS;Symantec Network Filter Driver; \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SYMIDS.SYS []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-06-16 36400]
R3 SYMNDIS;Symantec Network Filter Driver; \??\C:\WINDOWS\system32\drivers\N360\0300000.087\SYMNDIS.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-04-25 225024]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 catchme;catchme; \??\C:\DOCUME~1\AMEER\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-01-15 23848]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-15 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-31 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-31 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-31 21568]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101376]
S3 JMCR;JMCR; C:\WINDOWS\system32\DRIVERS\jmcr.sys [2008-07-08 96856]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-15 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-15 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-06-16 36400]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-06 36864]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-15 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-15 26368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-05 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 N360;Norton 360; C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [2009-06-16 115560]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-15 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-15 14336]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
S2 EraserSvc10910;Symantec Eraser Service; C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [2009-06-12 115560]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-15 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-02-06 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-08 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-03-12 656168]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
S3 wxpSvc;webcamXP Service; C:\Program Files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infostealer

Post by kakipc on 21st June 2009, 8:04 pm

info.txt logfile of random's system information tool 1.06 2009-06-21 20:59:01

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Acer Crystal Eye webcam-->C:\Program Files\InstallShield Installation Information\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}\setup.exe -runfromtemp -l0x0009 -removeonly
Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly
Activation Assistant for the 2007 Microsoft Office suites-->"C:\Documents and Settings\All Users\Application Data\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Apple Mobile Device Support-->MsiExec.exe /I{162B71B8-8464-4680-A086-601D555B331D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Athan Basic 3.5-->C:\WINDOWS\iun6002.exe "C:\Program Files\Athan\irunin.ini"
Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\Setup.exe -runfromtemp -l0x0009 -removeonly
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Counter-Strike 1.6-->"C:\Program Files\Games\Counter-Strike 1.6\unins000.exe"
FaceOnBody Pro v 2.4-->C:\Program Files\FaceOnBody Pro\Uninstall.exe
Feeding Frenzy-->C:\PROGRA~1\GAMEHO~1\FEEDIN~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\FEEDIN~1\INSTALL.LOG
GEAR driver installer for x86 and x64-->MsiExec.exe /I{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}
GIF Construction Set Professional-->C:\WINDOWS\ALCHUNIN.EXE C:\Program Files\Alchemy Mindworks\GIF Construction Set Professional\INSTALLD.TXT
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3-->C:\Program Files\HP\Digital Imaging\{D77D43B5-ED55-426b-B67B-E21F804F6102}\setup\hpzscr01.exe -datfile hposcr27.dat -onestop
HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Huawei modem-->C:\WINDOWS\Huawei ModemsUninstall.exe
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{C26B06A9-27BB-45B0-9873-9C623EC2BA38}
Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
JMicron JMB38X Flash Media Controller-->"C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\setup.exe" delpkg
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Launch Manager-->C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mask Pro 4.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2DFAC810-6DD8-4E23-96A4-BEB118408203}\setup.exe" -l0x9 -uninst -removeonly
Media Player Codec Pack 3.2.0-->C:\WINDOWS\system32\C2MP\Uninst.exe

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infostealer

Post by kakipc on 21st June 2009, 8:04 pm

Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MySpace Toolbar-->C:\Program Files\MySpace\Toolbar\1.0.45.0\Uninstall.exe
Norton 360-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\562C4DD5\3.0.0.135\InstStub.exe /X
ObjectDock-->C:\PROGRA~1\Stardock\OBJECT~1\UNWISE.EXE C:\PROGRA~1\Stardock\OBJECT~1\INSTALL.LOG
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
f***-->C:\Program Files\PhotoFucket\Uninst0.exe
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
PhotoTools 1.0 Professional Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B01DD5B7-9862-43D7-BCA3-7882A17E4328}\setup.exe" -l0x9 -uninst -removeonly
PhotoTune 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C723788-585C-4537-92AC-CF616209197C}\setup.exe" -l0x9 -uninst -removeonly
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Pivot Stickfigure Animator-->MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe"
REALTEK GbE & FE Ethernet PCI-E NIC Driver-->C:\Program Files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
Sony Ericsson Themes Creator 4.01-->C:\Program Files\Sony Ericsson\Themes Creator\Uninstall.exe
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Universal Extractor 1.6-->"C:\Program Files\Universal Extractor\unins000.exe"
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.4a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Xpose Plugin v 1.0-->"C:\Program Files\Little Ink Pot\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: AVG Anti-Virus Free (disabled) (outdated)
AV: Norton 360
FW: Norton 360

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infostealer

Post by kakipc on 21st June 2009, 8:05 pm

======System event log======

Computer Name: ACER-61A4596BD3
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 13702
Source Name: Service Control Manager
Time Written: 20090610153736.000000+060
Event Type: error
User:

Computer Name: ACER-61A4596BD3
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 13670
Source Name: Service Control Manager
Time Written: 20090609154709.000000+060
Event Type: error
User:

Computer Name: ACER-61A4596BD3
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.

Record Number: 13637
Source Name: Service Control Manager
Time Written: 20090608154554.000000+060
Event Type: error
User:

Computer Name: ACER-61A4596BD3
Event Code: 1
Message: \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.

Record Number: 13635
Source Name: ACPIEC
Time Written: 20090608154414.000000+060
Event Type: error
User:

Computer Name: ACER-61A4596BD3
Event Code: 1003
Message: Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 002269191F62. The following
error occurred:
The operation was canceled by the user.
.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.

Record Number: 13634
Source Name: Dhcp
Time Written: 20090608154410.000000+060
Event Type: warning
User:

=====Application event log=====

Computer Name: ACER-61A4596BD3
Event Code: 32068
Message: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Record Number: 2802
Source Name: Microsoft Fax
Time Written: 20090316153716.000000+000
Event Type: warning
User:

Computer Name: ACER-61A4596BD3
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 2801
Source Name: Microsoft Fax
Time Written: 20090316153716.000000+000
Event Type: warning
User:

Computer Name: ACER-61A4596BD3
Event Code: 32068
Message: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly.
Country/region code: '*'
Area code: '*'

Record Number: 2797
Source Name: Microsoft Fax
Time Written: 20090315174232.000000+000
Event Type: warning
User:

Computer Name: ACER-61A4596BD3
Event Code: 32026
Message: Fax Service failed to initialize any assigned fax devices (virtual or TAPI).
No faxes can be sent or received until a fax device is installed.

Record Number: 2796
Source Name: Microsoft Fax
Time Written: 20090315174232.000000+000
Event Type: warning
User:

Computer Name: ACER-61A4596BD3
Event Code: 1002
Message: Hanging application Wilog.exe, version 2.6.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 2792
Source Name: Application Hang
Time Written: 20090315154038.000000+000
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Universal Extractor;C:\Program Files\Universal Extractor\bin
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=1c02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infostealer

Post by kakipc on 22nd June 2009, 5:58 pm

hello?

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infostealer

Post by Origin on 22nd June 2009, 6:50 pm

Please close all anti virus, anti malware and any other open programs/windows so they do not interfere with the running of RootRepeal.

  • Please download RootRepeal.zip from [You must be registered and logged in to see this link.].
  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe and go to the Report tab and click on the Scan button.


  • Select ALL of the checkboxes and then click OK and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infostealer

Post by kakipc on 22nd June 2009, 7:17 pm

i cant open the url
it says;

The bandwidth or page view limit for this site has been exceeded and the page cannot be viewed at this time. Once the site is below the limit, it will once again begin serving as normal.

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infostealer

Post by Origin on 22nd June 2009, 7:19 pm

Yes the site does that sometimes, no worries please download it from here:

[You must be registered and logged in to see this link.]


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infostealer

Post by kakipc on 22nd June 2009, 7:45 pm

owh thx(:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Time: 2009/06/22 20:24
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9C29000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79F1000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_PNP8514
Image Path: \Driver\PCI_PNP8514
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xF70EE000 Size: 49152 File Visible: No Signed: -
Status: -

Name: spex.sys
Image Path: spex.sys
Address: 0xF7385000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF7231000 Size: 323584 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "" at address 0x85b116a8

#: 013 Function Name: NtAlertThread
Status: Hooked by "" at address 0x822d5050

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "" at address 0x821bc680

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "" at address 0x821af050

#: 031 Function Name: NtConnectPort
Status: Hooked by "" at address 0x85d4b518

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa0aa040

#: 043 Function Name: NtCreateMutant
Status: Hooked by "" at address 0x8222c0c8

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "" at address 0x82225ca8

#: 053 Function Name: NtCreateThread
Status: Hooked by "" at address 0x821ddcb0

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "" at address 0x821b0050

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa0aa2c0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa0aa820

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "" at address 0x821bc748

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "spex.sys" at address 0xf73a4ca4

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "spex.sys" at address 0xf73a5032

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "" at address 0x821bc3e0

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "" at address 0x822c0050

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "" at address 0x822d5250

#: 097 Function Name: NtLoadDriver
Status: Hooked by "" at address 0x85d76fd0

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "" at address 0x821bc300

#: 114 Function Name: NtOpenEvent
Status: Hooked by "" at address 0x822aa050

#: 119 Function Name: NtOpenKey
Status: Hooked by "spex.sys" at address 0xf73860c0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "" at address 0x821bcbc8

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "" at address 0x82bd3050

#: 125 Function Name: NtOpenSection
Status: Hooked by "" at address 0x821f0050

#: 128 Function Name: NtOpenThread
Status: Hooked by "" at address 0x821bc968

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "" at address 0x82225d78

#: 160 Function Name: NtQueryKey
Status: Hooked by "spex.sys" at address 0xf73a510a

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "spex.sys" at address 0xf73a4f8a

#: 206 Function Name: NtResumeThread
Status: Hooked by "" at address 0x853775e8

#: 213 Function Name: NtSetContextThread
Status: Hooked by "" at address 0x822c4050

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "" at address 0x821bbf38

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "" at address 0x821df050

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xaa0aaa70

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "" at address 0x82219050

#: 254 Function Name: NtSuspendThread
Status: Hooked by "" at address 0x8225d4d8

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "" at address 0x822ce050

#: 258 Function Name: NtTerminateThread
Status: Hooked by "" at address 0x822c2050

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "" at address 0x82259050

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "" at address 0x821bc5b0

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x86b521f8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x82177500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x82177500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x82177500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x82177500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82177500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82177500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x82177500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x82177500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82177500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82177500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x82177500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82177500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82177500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82177500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82177500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x82177500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x82177500 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x82177500 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_CREATE]
Process: System Address: 0x86bd21f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_CLOSE]
Process: System Address: 0x86bd21f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86bd21f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86bd21f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_POWER]
Process: System Address: 0x86bd21f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86bd21f8 Size: 121

Object: Hidden Code [Driver: Ql10wnt, IRP_MJ_PNP]
Process: System Address: 0x86bd21f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_CREATE]
Process: System Address: 0x86b541f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_CLOSE]
Process: System Address: 0x86b541f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b541f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86b541f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_POWER]
Process: System Address: 0x86b541f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86b541f8 Size: 121

Object: Hidden Code [Driver: perc2, IRP_MJ_PNP]
Process: System Address: 0x86b541f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_CREATE]
Process: System Address: 0x86bc51f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_CLOSE]
Process: System Address: 0x86bc51f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86bc51f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86bc51f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_POWER]
Process: System Address: 0x86bc51f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86bc51f8 Size: 121

Object: Hidden Code [Driver: cbidf, IRP_MJ_PNP]
Process: System Address: 0x86bc51f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_CREATE]
Process: System Address: 0x86bcf1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_CLOSE]
Process: System Address: 0x86bcf1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86bcf1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86bcf1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_POWER]
Process: System Address: 0x86bcf1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86bcf1f8 Size: 121

Object: Hidden Code [Driver: ini910u, IRP_MJ_PNP]
Process: System Address: 0x86bcf1f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_CREATE]
Process: System Address: 0x86bd11f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_CLOSE]
Process: System Address: 0x86bd11f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86bd11f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86bd11f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_POWER]
Process: System Address: 0x86bd11f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86bd11f8 Size: 121

Object: Hidden Code [Driver: asc, IRP_MJ_PNP]
Process: System Address: 0x86bd11f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_CREATE]
Process: System Address: 0x86b551f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_CLOSE]
Process: System Address: 0x86b551f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b551f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86b551f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_POWER]
Process: System Address: 0x86b551f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86b551f8 Size: 121

Object: Hidden Code [Driver: ql1280, IRP_MJ_PNP]
Process: System Address: 0x86b551f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_CREATE]
Process: System Address: 0x86b581f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_CLOSE]
Process: System Address: 0x86b581f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b581f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86b581f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_POWER]
Process: System Address: 0x86b581f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86b581f8 Size: 121

Object: Hidden Code [Driver: asc3350p, IRP_MJ_PNP]
Process: System Address: 0x86b581f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_CREATE]
Process: System Address: 0x86bd01f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_CLOSE]
Process: System Address: 0x86bd01f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86bd01f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86bd01f8 Size: 121

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infostealer

Post by kakipc on 22nd June 2009, 7:46 pm

Object: Hidden Code [Driver: mraid35x, IRP_MJ_POWER]
Process: System Address: 0x86bd01f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86bd01f8 Size: 121

Object: Hidden Code [Driver: mraid35x, IRP_MJ_PNP]
Process: System Address: 0x86bd01f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_CREATE]
Process: System Address: 0x86bcb1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_CLOSE]
Process: System Address: 0x86bcb1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86bcb1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86bcb1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_POWER]
Process: System Address: 0x86bcb1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86bcb1f8 Size: 121

Object: Hidden Code [Driver: cd20xrnt, IRP_MJ_PNP]
Process: System Address: 0x86bcb1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_CREATE]
Process: System Address: 0x86b5a1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_CLOSE]
Process: System Address: 0x86b5a1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b5a1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86b5a1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_POWER]
Process: System Address: 0x86b5a1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86b5a1f8 Size: 121

Object: Hidden Code [Driver: symc8xx, IRP_MJ_PNP]
Process: System Address: 0x86b5a1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x86a3b1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x86a3b1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86a3b1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86a3b1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x86a3b1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86a3b1f8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x86a3b1f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_CREATE]
Process: System Address: 0x86b571f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_CLOSE]
Process: System Address: 0x86b571f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b571f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86b571f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_POWER]
Process: System Address: 0x86b571f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86b571f8 Size: 121

Object: Hidden Code [Driver: ultra, IRP_MJ_PNP]
Process: System Address: 0x86b571f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_CREATE]
Process: System Address: 0x86b5f1f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_CLOSE]
Process: System Address: 0x86b5f1f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b5f1f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86b5f1f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_POWER]
Process: System Address: 0x86b5f1f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86b5f1f8 Size: 121

Object: Hidden Code [Driver: dac960nt, IRP_MJ_PNP]
Process: System Address: 0x86b5f1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_CREATE]
Process: System Address: 0x86bce1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_CLOSE]
Process: System Address: 0x86bce1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86bce1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86bce1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_POWER]
Process: System Address: 0x86bce1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86bce1f8 Size: 121

Object: Hidden Code [Driver: aic78u2, IRP_MJ_PNP]
Process: System Address: 0x86bce1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x86bd61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x86bd61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x86bd61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86bd61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86bd61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86bd61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86bd61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x86bd61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x86bd61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86bd61f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x86bd61f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_CREATE]
Process: System Address: 0x86bca1f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_CLOSE]
Process: System Address: 0x86bca1f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86bca1f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86bca1f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_POWER]
Process: System Address: 0x86bca1f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86bca1f8 Size: 121

Object: Hidden Code [Driver: adpu160m, IRP_MJ_PNP]
Process: System Address: 0x86bca1f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_CREATE]
Process: System Address: 0x86b591f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_CLOSE]
Process: System Address: 0x86b591f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b591f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86b591f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_POWER]
Process: System Address: 0x86b591f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86b591f8 Size: 121

Object: Hidden Code [Driver: sym_u3, IRP_MJ_PNP]
Process: System Address: 0x86b591f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_CREATE]
Process: System Address: 0x86bcc1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_CLOSE]
Process: System Address: 0x86bcc1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86bcc1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86bcc1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_POWER]
Process: System Address: 0x86bcc1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86bcc1f8 Size: 121

Object: Hidden Code [Driver: abp480n5, IRP_MJ_PNP]
Process: System Address: 0x86bcc1f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_CREATE]
Process: System Address: 0x86bc91f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_CLOSE]
Process: System Address: 0x86bc91f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86bc91f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86bc91f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_POWER]
Process: System Address: 0x86bc91f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86bc91f8 Size: 121

Object: Hidden Code [Driver: ql1080, IRP_MJ_PNP]
Process: System Address: 0x86bc91f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_CREATE]
Process: System Address: 0x86b601f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_CLOSE]
Process: System Address: 0x86b601f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b601f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86b601f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_POWER]
Process: System Address: 0x86b601f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86b601f8 Size: 121

Object: Hidden Code [Driver: symc810, IRP_MJ_PNP]
Process: System Address: 0x86b601f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_CREATE]
Process: System Address: 0x86bc61f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_CLOSE]
Process: System Address: 0x86bc61f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86bc61f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86bc61f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_POWER]
Process: System Address: 0x86bc61f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86bc61f8 Size: 121

Object: Hidden Code [Driver: hpn, IRP_MJ_PNP]
Process: System Address: 0x86bc61f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_CREATE]
Process: System Address: 0x86bc81f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_CLOSE]
Process: System Address: 0x86bc81f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86bc81f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86bc81f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_POWER]
Process: System Address: 0x86bc81f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86bc81f8 Size: 121

Object: Hidden Code [Driver: ql12160, IRP_MJ_PNP]
Process: System Address: 0x86bc81f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x869ae1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x869ae1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x869ae1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x869ae1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x869ae1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x869ae1f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_CREATE]
Process: System Address: 0x86bd31f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_CLOSE]
Process: System Address: 0x86bd31f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86bd31f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86bd31f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_POWER]
Process: System Address: 0x86bd31f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86bd31f8 Size: 121

Object: Hidden Code [Driver: aic78xx, IRP_MJ_PNP]
Process: System Address: 0x86bd31f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_CREATE]
Process: System Address: 0x86b5e1f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_CLOSE]
Process: System Address: 0x86b5e1f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86b5e1f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86b5e1f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_POWER]
Process: System Address: 0x86b5e1f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86b5e1f8 Size: 121

Object: Hidden Code [Driver: amsint, IRP_MJ_PNP]
Process: System Address: 0x86b5e1f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_CREATE]
Process: System Address: 0x86bc41f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_CLOSE]
Process: System Address: 0x86bc41f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86bc41f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86bc41f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_POWER]
Process: System Address: 0x86bc41f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86bc41f8 Size: 121

Object: Hidden Code [Driver: dac2w2k, IRP_MJ_PNP]
Process: System Address: 0x86bc41f8 Size: 121

Object: Hidden Code [Driver: Sparrow, IRP_MJ_CREATE]
Process: System Address: 0x86bd41f8 Size: 121

Object: Hidden Code [Driver: Sparrow, IRP_MJ_CLOSE]
Process: System Address: 0x86bd41f8 Size: 121

Object: Hidden Code [Driver: Sparrow, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86bd41f8 Size: 121

Object: Hidden Code [Driver: Sparrow, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86bd41f8 Size: 121

Object: Hidden Code [Driver: Sparrow, IRP_MJ_POWER]
Process: System Address: 0x86bd41f8 Size: 121

Object: Hidden Code [Driver: Sparrow, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86bd41f8 Size: 121

Object: Hidden Code [Driver: Sparrow, IRP_MJ_PNP]
Process: System Address: 0x86bd41f8 Size: 121

Object: H==EOF==

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infostealer

Post by Origin on 22nd June 2009, 7:52 pm

What virus alert is Norton giving you?


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infostealer

Post by kakipc on 22nd June 2009, 8:03 pm

Infostealer
Norton shows it evrytime i start my laptop
[You must be registered and logged in to see this link.]

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infostealer

Post by Origin on 22nd June 2009, 8:15 pm

I see, I can't seem to find the infection, its hiding really well, please do the following:

I suggest you copy these instructions into a notepad file, because we need to use safe mode and you won't have internet access to read from here.

Download [You must be registered and logged in to see this link.] and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31513
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infostealer

Post by kakipc on 22nd June 2009, 10:09 pm

SDFix: Version 1.240
Run by AMEER on Mon 06/22/2009 at 09:43 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-06-22 22:37:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:7d,c4,59,0c,84,a0,ed,59,6d,79,50,b7,4c,8c,c5,f4,d6,2c,b3,9b,d4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000000
"hdf12"=hex:7d,c4,59,0c,84,a0,ed,59,6d,79,50,b7,4c,8c,c5,f4,d6,2c,b3,9b,d4,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Games\\Counter-Strike 1.6\\hl.exe"="C:\\Program Files\\Games\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"="C:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\\Program Files\\Games\\Battlefield Vietnam\\bfvietnam.exe"="C:\\Program Files\\Games\\Battlefield Vietnam\\bfvietnam.exe:*:Enabled:bfvietnam"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"="C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

Remaining Files :



Files with Hidden Attributes :

Wed 8 Apr 2009 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 10 May 2009 10,053,112 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Thu 22 Jan 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 24 Jan 2009 8,992,624 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e581c7502cc00d53b826f78957c0a08\BITBA.tmp"
Sun 4 Jun 2006 840,704 A..H. --- "C:\Documents and Settings\AMEER\Desktop\Games\Main-main Jer\dynastydsfas\dynastydsfas\d3dx10.dll"

Finished!

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infostealer

Post by kakipc on 22nd June 2009, 10:09 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:08:03 PM, on 6/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Athan\Athan.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\DOCUME~1\AMEER\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\MySpace\Toolbar\1.0.45.0\MSTBCoreContainer.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSetL] C:\WINDOWS\PLFSetL.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Register Mask Pro 3.0.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Eraser Service (EraserSvc10910) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
O23 - Service: webcamXP Service (wxpSvc) - Unknown owner - C:\Program Files\wLite\wService.exe (file missing)

--
End of file - 9661 bytes

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27367
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infostealer

Post by Belahzur on 22nd June 2009, 11:31 pm

Hello.
Not too sure what the issue is here, ALL of your logs are looking good. Whatever Norton is complaining about, it's nothing to worry about.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Infostealer

Post by kakipc on 22nd June 2009, 11:34 pm

Alright
i think it's nothing to worry about then
thanks for helping me you both
u're awesomeeee Right On!

kakipc
Novice
Novice

Posts Posts : 43
Joined Joined : 2009-06-17
Gender Gender : Male
OS OS : XP
Points Points : 27367
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum