1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive AMRT File

Discussion in 'Malware and Virus Removal Archive' started by TampaCERTDude, 2012/09/01.

Thread Status:
Not open for further replies.
  1. 2012/09/01
    TampaCERTDude

    TampaCERTDude Inactive Thread Starter

    Joined:
    2012/09/01
    Messages:
    3
    Likes Received:
    0
    [Inactive] AMRT File

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-09-01 14:19:19
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925032 rev.DE05
    Running: 5fehnoqs[1].exe; Driver: C:\DOCUME~1\Mark\LOCALS~1\Temp\fxtdypow.sys

    ---- System - GMER 1.0.15 ----
    SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateKey [0x9F415FFE]
    SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateSymbolicLinkObject [0x9F416ECB]
    SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwMakeTemporaryObject [0x9F41721C]
    SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenKey [0x9F415F62]
    SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenSection [0x9F416BF0]
    SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwSetInformationProcess [0xB7CDEB6F]
    SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwSetSystemInformation [0x9F416FF8]
    ---- Kernel code sections - GMER 1.0.15 ----
    init C:\WINDOWS\system32\Drivers\OEM02Afx.sys entry point in "init" section [0xA342E310]
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Program Files\Internet Explorer\iexplore.exe[488] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[488] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[488] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7217 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[488] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7149 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[488] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[488] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E701A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[488] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E707C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[488] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E727A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[488] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70DE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3500] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3500] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3500] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3500] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3500] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3500] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7217 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3500] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7149 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3500] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3500] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E701A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3500] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E707C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3500] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E727A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3500] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70DE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3500] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3500] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E757F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E7217 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E7149 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E71B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E701A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E707C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E727A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3648] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E70DE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3648] ole32.dll!CoCreateInstance 774FF1BC 5 Bytes JMP 3E2EDB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3648] ole32.dll!OleLoadFromStream 7752983B 5 Bytes JMP 3E3E757F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\nic1394.sys[NDIS.SYS!NdisMSetAttributesEx] [B9CB32A0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\nic1394.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [B9CB0F90] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\nic1394.sys[NDIS.SYS!NdisMCoSendComplete] [B9CB1400] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\nic1394.sys[NDIS.SYS!NdisTerminateWrapper] [B9CB34B0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\nic1394.sys[NDIS.SYS!NdisMRegisterMiniport] [B9CB38D0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\nic1394.sys[NDIS.SYS!NdisInitializeWrapper] [B9CB2E60] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMCoSendComplete] [B9CB1400] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMSetAttributesEx] [B9CB32A0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisInitializeWrapper] [B9CB2E60] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMRegisterMiniport] [B9CB38D0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisTerminateWrapper] [B9CB34B0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [B9CB0F90] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisClOpenAddressFamily] [B9CB0E50] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9CB2D60] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9CB27E0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMCoSendComplete] [B9CB1400] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMSetAttributesEx] [B9CB32A0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [B9CB0F90] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisReturnPackets] [B9CB1EB0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisInitializeWrapper] [B9CB2E60] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisTerminateWrapper] [B9CB34B0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9CB2F10] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMRegisterMiniport] [B9CB38D0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9CB2F10] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9CB27E0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisReturnPackets] [B9CB1EB0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9CB2D60] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMSetAttributesEx] [B9CB32A0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisTerminateWrapper] [B9CB34B0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMRegisterMiniport] [B9CB38D0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisInitializeWrapper] [B9CB2E60] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMSetAttributesEx] [B9CB32A0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisInitializeWrapper] [B9CB2E60] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMRegisterMiniport] [B9CB38D0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\raspptp.sys[NDIS.SYS!NdisTerminateWrapper] [B9CB34B0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\TDI.SYS[NDIS.SYS!NdisReturnPackets] [B9CB1EB0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisReturnPackets] [B9CB1EB0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisTerminateWrapper] [B9CB34B0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisIMAssociateMiniport] [B9CB31C0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisIMRegisterLayeredMiniport] [B9CB3990] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9CB2F10] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisInitializeWrapper] [B9CB2E60] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9CB27E0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisClOpenAddressFamily] [B9CB0E50] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisMSetAttributesEx] [B9CB32A0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9CB2D60] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisInitializeWrapper] [B9CB2E60] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMCoSendComplete] [B9CB1400] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMSetAttributesEx] [B9CB32A0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [B9CB0F90] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisMRegisterMiniport] [B9CB38D0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\raspti.sys[NDIS.SYS!NdisTerminateWrapper] [B9CB34B0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9CB2F10] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9CB2D60] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9CB27E0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCmRegisterAddressFamily] [B9CB0EF0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisClOpenAddressFamily] [B9CB0E50] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9CB2D60] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9CB27E0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9CB2F10] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisReturnPackets] [B9CB1EB0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisReturnPackets] [B9CB1EB0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9CB2F10] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9CB27E0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9CB2D60] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B9CB2D60] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B9CB27E0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClOpenAddressFamily] [B9CB0E50] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B9CB2F10] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [B9CB2D60] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [B9CB27E0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [B9CB2F10] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisReturnPackets] [B9CB1EB0] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B9CB2F10] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B9CB2D60] kmxstart.sys (HIPS Core Driver/CA)
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9CB27E0] kmxstart.sys (HIPS Core Driver/CA)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Internet Explorer\iexplore.exe[3500] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3648] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\Tcpip \Device\Ip kmxfw.sys (HIPS Firewall Driver/CA)
    Device \Driver\Tcpip \Device\Tcp kmxfw.sys (HIPS Firewall Driver/CA)
    Device \Driver\Modem \Device\00000084 kmxfw.sys (HIPS Firewall Driver/CA)
    Device \Driver\Tcpip \Device\Udp kmxfw.sys (HIPS Firewall Driver/CA)
    Device \Driver\Tcpip \Device\RawIp kmxfw.sys (HIPS Firewall Driver/CA)
    Device \Driver\Tcpip \Device\IPMULTICAST kmxfw.sys (HIPS Firewall Driver/CA)
    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
    Device \Driver\AFD \Device\Afd KmxCF.sys (HIPS Content Filter Driver/CA)
    Device 9E19FD20

    AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs UmxSbxExw.dll

    ---- EOF - GMER 1.0.15 ----
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Mark at 14:38:43 on 2012-09-01
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1263 [GMT -4:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\WINDOWS\system32\STacSV.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\MsiExec.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    svchost.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://www.facebook.com/
    uSearch Page =
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6081213
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60452
    mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60452
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No File
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    mRun: [Apoint] c:\program files\delltpad\Apoint.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    uPolicies-explorer: NoInstrumentation = 1
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Trusted Zone: facebook.com\apps
    Trusted Zone: facebook.com\www
    Trusted Zone: hernandosheriff.org\webmail
    Trusted Zone: skillport.com
    Trusted Zone: skilwsa.com
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {994C20D3-4F63-11D0-8173-00A024D4E499} - hxxps://login.coderedweb.com/exec/cptxmap.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
    TCP: Interfaces\{FF62337D-7B8C-4130-843C-2825BD8B8A06} : DhcpNameServer = 65.32.5.111 65.32.5.112
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    Notify: PFW - UmxWnp.Dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Authentication Packages = msv1_0 nwprovau
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2010-9-17 135248]
    R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2010-5-3 108112]
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
    R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2010-3-22 79864]
    R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2010-9-24 61008]
    R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2010-9-24 115792]
    R1 MpKsl738e7792;MpKsl738e7792;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1621010b-4476-49d2-a4b6-a2a3ee8b566e}\MpKsl738e7792.sys [2012-9-1 29904]
    R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2010-9-24 146000]
    R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2010-9-24 61008]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-5-30 3048136]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-13 105984]
    R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2010-6-9 244304]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 135664]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856]
    S2 UmxAgent;HIPS Event Manager; "c:\program files\ca\sharedcomponents\hipsengine\umxagent.exe" --> c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [?]
    S2 UmxCfg;HIPS Configuration Interpreter; "c:\program files\ca\sharedcomponents\hipsengine\umxcfg.exe" --> c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [?]
    S2 UmxPol;HIPS Policy Manager; "c:\program files\ca\sharedcomponents\hipsengine\umxpol.exe" --> c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [?]
    S3 3840;3840;c:\windows\system32\drivers\3840 [2011-8-17 9072]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-18 250056]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-12-24 135664]
    S3 KmxAMVet;KmxAMVet;c:\windows\system32\drivers\KmxAMVet.sys [2009-3-27 598656]
    S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2009-5-21 57600]
    S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-09-01 17:25:20 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-09-01 17:25:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-09-01 16:45:47 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1621010b-4476-49d2-a4b6-a2a3ee8b566e}\offreg.dll
    2012-09-01 16:37:09 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1621010b-4476-49d2-a4b6-a2a3ee8b566e}\MpKsl738e7792.sys
    2012-09-01 15:19:48 -------- d--h--w- c:\windows\msdownld.tmp
    2012-09-01 15:08:49 7022536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1621010b-4476-49d2-a4b6-a2a3ee8b566e}\mpengine.dll
    2012-09-01 15:06:29 -------- d-----w- c:\program files\Microsoft Security Client
    2012-08-30 12:18:37 -------- d-----w- c:\documents and settings\mark\application data\wincoreimband
    2012-08-30 12:17:51 -------- d-----w- c:\program files\iMesh Applications
    2012-08-20 20:57:30 -------- d-----w- C:\WINSSLog
    2012-08-20 19:27:32 -------- d-----w- c:\documents and settings\mark\application data\ElevatedDiagnostics
    2012-08-19 03:45:50 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-19 03:45:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    .
    ==================== Find3M ====================
    .
    2012-07-06 13:58:51 78336 -c--a-w- c:\windows\system32\browser.dll
    2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
    2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
    2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
    2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-04 21:35:26 222448 -c--a-w- c:\windows\system32\muweb.dll
    2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
    2011-07-23 18:10:03 1030024 -c--a-w- c:\program files\SkypeSetup.exe
    2009-12-19 20:52:23 1699936 -c--a-w- c:\program files\shoutcast_toolbar.exe
    2009-04-19 22:48:15 5154304 -c--a-w- c:\program files\WindowsDefender.msi
    .
    ============= FINISH: 14:39:36.92 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/20/2008 6:16:15 PM
    System Uptime: 9/1/2012 12:36:30 PM (2 hours ago)
    .
    Motherboard: Dell Inc. | | 0U990C
    Processor: Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz | Microprocessor | 1995/166mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 221 GiB total, 201.579 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe ConnectNow Add-in
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader X (10.1.4)
    Advanced Audio FX Engine
    Advanced Video FX Engine
    AMRT
    CA Personal Firewall
    CCScore
    Compatibility Pack for the 2007 Office system
    Conexant HDA D330 MDC V.92 Modem
    Critical Update for Windows Media Player 11 (KB959772)
    Dell System Restore
    Dell Touchpad
    Dell Webcam Center
    Dell Webcam Manager
    Dell Wireless WLAN Card Utility
    Digital Line Detect
    ESSBrwr
    ESSCDBK
    ESScore
    ESSgui
    ESSini
    ESSPCD
    ESSPDock
    ESSTOOLS
    essvatgt
    fflink
    Games, Music, & Photos Launcher
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB932716-v2)
    Hotfix for Windows XP (KB945060-v3)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB953955)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel(R) Graphics Media Accelerator Driver
    Internet Service Offers Launcher
    Java Auto Updater
    Java(TM) 6 Update 23
    kgcbaby
    kgchday
    kgchlwn
    kgcinvt
    kgckids
    kgcmove
    kgcvday
    Laptop Integrated Webcam Driver (1.04.01.1011)
    Malwarebytes Anti-Malware version 1.62.0.1300
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office XP Professional
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C Runtime
    Modem Diagnostic Tool
    MSXML 6.0 Parser (KB927977)
    netbrdg
    NetWaiting
    OfotoXMI
    OGA Notifier 2.0.0048.0
    QuickSet
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    SearchAssist
    Security Update for Windows XP (KB982802)
    SFR
    SHASTA
    skin0001
    SKINXSDK
    Skype Click to Call
    Skypeâ„¢ 5.8
    SLOSH Display 1.65e
    staticcr
    tooltips
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB969497)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB2718704)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VPRINTOL
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows Presentation Foundation
    WIRELESS
    XML Paper Specification Shared Components Pack 1.0
    .
    8/25/2012 9:44:57 PM, error: Service Control Manager [7001] - The HIPS Event Manager service depends on the HIPS Policy Manager service which failed to start because of the following error: The dependency service or group failed to start.
    8/25/2012 9:44:57 PM, error: Service Control Manager [7000] - The HIPS Firewall Helper service failed to start due to the following error: The system cannot find the file specified.
    8/25/2012 9:44:57 PM, error: Service Control Manager [7000] - The HIPS Configuration Interpreter service failed to start due to the following error: The system cannot find the file specified.
    8/25/2012 9:43:07 PM, error: DCOM [10005] - DCOM got error "%1068" attempting to start the service UmxPol with arguments "-Service" in order to run the server: {4C89C3FD-5F94-4678-BBB5-F64759C3C54A}
    .
    ==== End Of File ===========================

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-01 14:22:11
    -----------------------------
    14:22:11.859 OS Version: Windows 5.1.2600 Service Pack 3
    14:22:11.859 Number of processors: 2 586 0xF0D
    14:22:11.859 ComputerName: MARK UserName: Mark
    14:22:14.234 Initialize success
    14:25:36.515 AVAST engine defs: 12090100
    14:26:02.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    14:26:02.953 Disk 0 Vendor: ST925032 DE05 Size: 238475MB BusType: 3
    14:26:03.140 Disk 0 MBR read successfully
    14:26:03.140 Disk 0 MBR scan
    14:26:03.187 Disk 0 unknown MBR code
    14:26:03.203 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
    14:26:03.234 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 225874 MB offset 80325
    14:26:03.250 Disk 0 Partition - 00 0F Extended LBA 2549 MB offset 462688065
    14:26:03.296 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 10001 MB offset 467909190
    14:26:03.359 Disk 0 Partition 4 00 DD MSDOS5.0 2541 MB offset 462704130
    14:26:03.515 Disk 0 scanning sectors +488392065
    14:26:03.687 Disk 0 scanning C:\WINDOWS\system32\drivers
    14:26:37.890 Service scanning
    14:26:51.640 Service MpKsl738e7792 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1621010B-4476-49D2-A4B6-A2A3EE8B566E}\MpKsl738e7792.sys **LOCKED** 32
    14:27:09.125 Modules scanning
    14:27:32.765 Disk 0 trace - called modules:
    14:27:32.796 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    14:27:32.796 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a61bab8]
    14:27:32.812 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8a672030]
    14:27:33.656 AVAST engine scan C:\WINDOWS
    14:28:11.750 AVAST engine scan C:\WINDOWS\system32
    14:33:02.109 AVAST engine scan C:\WINDOWS\system32\drivers
    14:33:29.531 AVAST engine scan C:\Documents and Settings\Mark
    14:37:50.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Mark\Desktop\MBR.dat "
    14:37:50.015 The log file has been saved successfully to "C:\Documents and Settings\Mark\Desktop\aswMBR.txt "
     
    TampaCERTDude,
    #1
  2. 2012/09/01
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    As reflected in our instructions:

     
    Admin.,
    #2


  3. to hide this advert.

  4. 2012/09/01
    TampaCERTDude

    TampaCERTDude Inactive Thread Starter

    Joined:
    2012/09/01
    Messages:
    3
    Likes Received:
    0
    This AMRT File keeps trying to start when I boot or re-boot my computer
     
    TampaCERTDude,
    #3
  5. 2012/09/01
    TampaCERTDude

    TampaCERTDude Inactive Thread Starter

    Joined:
    2012/09/01
    Messages:
    3
    Likes Received:
    0
    Here is where the file is located is located C:\WINDOWS\system32\drivers\KmxAMRT.sys

    It refers to a CA Anti Virus Program, that I no longer have installed. I can't remove it.
     
    TampaCERTDude,
    #4
  6. 2012/09/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard [​IMG]

    It doesn't look like we're dealing here with any infection but with some CA leftover.

    Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
    No installation required.
    Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
    Go File>Save, and save it as AutoRuns.txt file to know location.
    You must select Text from drop-down menu as a file type:

    [​IMG]

    Attach the file to your next reply.
     
    broni,
    #5
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...