Jump to content

ScottZ

Honorary Members
  • Posts

    90
  • Joined

  • Last visited

Reputation

0 Neutral
  1. was not able to get into safe mode ran a different program then ran combofix regularly here's the report and no more redirects so problem fixed i think. ComboFix 11-05-16.01 - Owner 05/16/2011 17:01:03.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.559 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\explorer.exe.exe AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Owner\Desktop\Windows Restore.lnk C:\explorer.exe c:\explorer.exe\firefox.exe c:\explorer.exe\iexplore.exe c:\explorer.exe\PEV.cfxxe c:\windows\system32\Thumbs.db . Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2011-04-16 to 2011-05-16 ))))))))))))))))))))))))))))))) . . 2011-05-16 21:46 . 2011-05-16 21:48 -------- d-----w- c:\documents and settings\Administrator 2011-05-16 08:03 . 2011-05-16 08:03 -------- d-----w- C:\Downloads 2011-05-01 14:18 . 2011-05-01 14:18 -------- d-----w- c:\windows\Sun 2011-04-28 02:54 . 2011-04-30 13:38 -------- d-----w- c:\documents and settings\Owner\.jbidwatcher 2011-04-28 02:53 . 2011-04-28 02:53 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-04-28 02:53 . 2011-04-28 02:53 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-04-28 02:51 . 2011-04-28 02:51 -------- d-----w- c:\program files\CyberFOX Software 2011-04-27 11:08 . 2011-04-27 11:08 -------- d-----w- c:\windows\system32\wbem\Repository 2011-04-27 00:59 . 2011-04-27 11:08 -------- d-----w- C:\f0a9b168a9f0da260b 2011-04-26 14:48 . 2011-04-26 14:48 0 ----a-w- c:\windows\system32\ConduitEngine.tmp 2011-04-26 14:07 . 2011-04-27 11:08 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Conduit 2011-04-26 14:03 . 2011-04-26 14:03 -------- d-----w- c:\documents and settings\Owner\Application Data\VitySoft 2011-04-26 14:03 . 2011-04-26 14:03 -------- d-----w- c:\program files\Common Files\Java 2011-04-26 14:02 . 2011-04-26 14:02 -------- d-----w- c:\program files\Java 2011-04-26 10:23 . 2011-04-26 10:23 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-04-26 09:13 . 2011-04-26 09:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla 2011-04-25 06:06 . 2011-04-25 06:10 -------- d-----w- C:\Doomsday 2011-04-25 03:43 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll 2011-04-25 03:43 . 2011-04-25 03:44 -------- d-----w- c:\program files\K-Lite Codec Pack 2011-04-18 07:09 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-04-18 07:09 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-04-18 07:09 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-04-18 07:09 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-04-18 07:09 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-04-18 07:09 . 2011-02-23 13:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-04-18 07:09 . 2011-02-23 13:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-04-18 07:09 . 2011-02-23 13:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-04-18 07:08 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr 2011-04-18 07:08 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe 2011-04-18 07:07 . 2011-04-18 07:07 -------- d-----w- c:\program files\AVAST Software 2011-04-18 07:07 . 2011-04-18 07:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2011-04-18 07:01 . 2011-04-18 07:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira 2011-04-17 08:25 . 2011-05-16 08:32 -------- d-----w- c:\documents and settings\All Users\Application Data\kEf06509kFcGk06509 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-07 05:33 . 2009-08-11 13:14 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37 . 2009-08-11 13:03 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:21 . 2009-08-11 13:03 1857920 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06 . 2009-08-11 13:03 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06 . 2009-08-11 13:03 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06 . 2009-08-11 13:03 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41 . 2009-08-11 13:03 385024 ----a-w- c:\windows\system32\html.iec 2011-02-17 13:18 . 2009-08-11 13:03 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-17 13:18 . 2009-08-11 13:03 357888 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-17 12:32 . 2009-08-11 19:30 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-04-30 11:24 . 2011-04-26 09:13 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-16 2423752] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2010-10-01 1286960] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672] "FileServe Manager Task"="c:\program files\FileServe Manager\FSStarter.exe" [2011-05-13 954648] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-8-11 376832] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-18 14:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2009-02-07 01:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=. R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4/18/2011 2:09 AM 371544] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/18/2011 2:09 AM 301528] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/18/2011 2:09 AM 19544] R2 ssfmonm;ssfmonm;c:\windows\system32\drivers\ssfmonm.sys [10/20/2010 10:48 AM 45072] R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [10/1/2010 10:01 AM 3066528] R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [4/28/2009 12:47 AM 39040] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/11/2009 2:00 PM 1684736] S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS --> c:\windows\system32\drivers\AmUStor.SYS [?] S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/27/2009 8:59 PM 38912] S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [8/20/2009 7:24 AM 1015424] . Contents of the 'Scheduled Tasks' folder . 2011-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3221072836-2948345497-2512659957-1003Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-20 15:35] . 2011-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3221072836-2948345497-2512659957-1003UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-20 15:35] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: wisconsin.gov\access DPF: {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} - hxxps://access.wisconsin.gov/access/DynamicWebTWAIN.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\yc8cil3u.default\ FF - prefs.js: network.proxy.type - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-16 17:17 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(596) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . Completion time: 2011-05-16 17:23:08 ComboFix-quarantined-files.txt 2011-05-16 22:23 . Pre-Run: 120,336,302,080 bytes free Post-Run: 120,680,370,176 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 453D98FD47161AD8B6AE0BFB1421CCA7
  2. ok tried multiple times to run combofix pc either freezes or I get a blue screen saying memory is being dumped tried renaming and that didnt work either.
  3. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6455 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 4/27/2011 2:00:40 AM mbam-log-2011-04-27 (02-00-40).txt Scan type: Quick scan Objects scanned: 140716 Time elapsed: 11 minute(s), 16 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS.txt
  4. ok thanks I think that took care of everything can see all my hard drive and programs and was able to install malware bytes successfully. edit:still get lotof redirects though how do i fix that?
  5. ok what am I looking for did a memory diagnostic and everything was fine?
  6. on my laptop eeepc and I think I might have something else though too I get redirects for lot of websitesand programs are missing in my hard drive.. I followed the guide for removing msremovaltool and I cannot run setup for mbam.exe after naming it explorer.exe I cannot run any programs pretty much including hijack this or even online scanners like eset. edit:got rid of ms reoval tool with different program cannot install malwarebytes though and don't see it had it previously installed and cannot see the rest of my hard drive just my desktop programs.
  7. well kinda custom built processor is a sempron 2800 plus, and I dont see that the F12 key does anything on startup? All I see is F9 xpress recovery del is bios and F8 to choose safe mode and how I want to start with networking and stuff but none of these work anyway just recovery console and bios. I dont see anything that says diagnostics.
  8. have windows xp service pack 3 windows froze one day so I reset and it gets to the screen where the blue bars show it's loading then it stops. I can't get into safe mode,last good configuration or anything either even with xp boot disc only the bios and the recovery console which I have tried fixmbr and chkdsk neither work what can I do?
  9. have windows xp service pack 3 windows froze one day so I reset and it gets to the screen where the blue bars show it's loading then it stops. I can't get into safe mode,last good configuration or anything either only the bios and the recovery console as far as I can tell what can I do?
  10. alright that didn't take as long 2 hours about no full report that I saw I could copy,but it did find 2 things. C:\Documents and Settings\Ziehos\My Documents\Downloads\Amplitube\IK Multimedia AmpliTube v2.1.exe probably a variant of Win32/Agent.NSVUHFW trojan cleaned by deleting - quarantined C:\Program Files\Neuro-Programmer 2 Professional\BASSSYNC.0LL probably a variant of Win32/Agent.DJRLWZD trojan cleaned by deleting - quarantined
  11. I'm not gonna use kaspersky so if there's another one it runs way too slow I let it run for an hour and a half and it was only 11% done at that rate it would take 10 hours. ran Malware bytes updated and didn't find anything. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4879 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/19/2010 6:13:54 AM mbam-log-2010-10-19 (06-13-54).txt Scan type: Quick scan Objects scanned: 140221 Time elapsed: 11 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  12. ComboFix 10-10-16.04 - Ziehos 10/17/2010 20:04:58.21.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.175 [GMT -5:00] Running from: c:\documents and settings\Ziehos\Desktop\ComboFix1.exe Command switches used :: c:\documents and settings\Ziehos\Desktop\CFScript.txt AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\windows\apayapev.dll" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_pjyvmj ((((((((((((((((((((((((( Files Created from 2010-09-18 to 2010-10-18 ))))))))))))))))))))))))))))))) . 2010-10-17 21:13 . 2010-09-29 18:11 1251944 ----a-w- c:\windows\RtlExUpd.dll 2010-10-17 02:07 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2010-10-17 02:07 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll 2010-10-17 02:07 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2010-10-15 01:44 . 2010-10-15 01:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2010-10-12 19:40 . 2010-10-12 19:40 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-10-07 19:33 . 2010-10-07 19:33 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdloader"="c:\documents and settings\Ziehos\Application Data\mjusbsp\cdloader2.exe" [2010-08-15 50592] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="nwiz.exe" [2008-05-16 1630208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-06-12 200704] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 94208] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 94208] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536] "AgataSoft ShutDown Pro"="c:\program files\AgataSoft\AgataSoft ShutDown Pro\AgataSoft_ShutDown_Pro.exe" [2010-04-21 2335744] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-8-7 671744] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi3"=vmcmidiport.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hawking Wireless Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Hawking Wireless Utility.lnk backup=c:\windows\pss\Hawking Wireless Utility.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116] 1998-12-01 00:04 497376 ----a-w- c:\windows\p_981116.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2006-10-30 15:36 256576 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] 2008-08-14 22:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2008-08-14 22:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 2003-07-13 08:49 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2008-03-14 23:50 233472 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2008-08-12 23:19 21741864 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2007-04-16 20:28 577536 ----a-w- c:\windows\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-01-26 21:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2007-01-27 21:42 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] 2007-08-30 22:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Neuro-Programmer 2 Professional\\Neuro-Programmer 2.exe"= "c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"= "c:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\nestc042\\NESTCL95.EXE"= "c:\\Documents and Settings\\Ziehos\\Application Data\\mjusbsp\\magicJack.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5060:UDP"= 5060:UDP:magicjack "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [8/9/2005 6:52 PM 75904] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/12/2010 9:50 PM 165584] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/12/2010 9:50 PM 17744] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [8/7/2010 11:11 AM 3712] R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [7/17/2009 8:32 AM 3576320] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [8/7/2010 11:22 AM 181792] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/7/2007 7:16 PM 691696] . Contents of the 'Scheduled Tasks' folder 2010-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-10-18 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 03:18] . . ------- Supplementary Scan ------- . uStart Page = about:blank uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download web site with Free Download Manager - file://c:\program files\Free Download Manager\dlpage.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - hxxp://www.riffinteractive.com/setup/RiffLick.cab FF - ProfilePath - c:\documents and settings\Ziehos\Application Data\Mozilla\Firefox\Profiles\z1c93oeu.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s= FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Ziehos\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\Ziehos\Application Data\Move Networks\plugins\npqmp071701000002.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Google FF - user.js: browser.search.order.1 - Google FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(772) c:\windows\system32\vmcmidiport.dll c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\System32\NavLogon.dll - - - - - - - > 'lsass.exe'(828) c:\windows\system32\vmcmidiport.dll - - - - - - - > 'explorer.exe'(6960) c:\windows\system32\WININET.dll c:\windows\system32\vmcmidiport.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\ewido anti-spyware 4.0\guard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\RUNDLL32.EXE . ************************************************************************** . Completion time: 2010-10-17 20:22:58 - machine was rebooted ComboFix-quarantined-files.txt 2010-10-18 01:22 ComboFix2.txt 2010-10-17 22:06 ComboFix3.txt 2010-10-16 10:53 Pre-Run: 4,424,433,664 bytes free Post-Run: 4,359,475,200 bytes free Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4 - - End Of File - - 8CDE625E2EB3E637D56F9105BCFBDFC4
  13. alright that c:\windows\TEMP\logishrd\LVPrcInj01.dll is impossible to get rid of I had it 4 months ago or when I was here last it says it deletes it, but it actually doesn't. ComboFix 10-10-16.04 - Ziehos 10/17/2010 16:47:13.20.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.191 [GMT -5:00] Running from: c:\documents and settings\Ziehos\Desktop\ComboFix1.exe AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\TEMP\logishrd\LVPrcInj01.dll . ((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 ))))))))))))))))))))))))))))))) . 2010-10-17 21:13 . 2010-09-29 18:11 1251944 ----a-w- c:\windows\RtlExUpd.dll 2010-10-17 02:07 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2010-10-17 02:07 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll 2010-10-17 02:07 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2010-10-15 01:44 . 2010-10-15 01:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe 2010-10-12 19:40 . 2010-10-12 19:40 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2010-10-07 19:33 . 2010-10-07 19:33 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "cdloader"="c:\documents and settings\Ziehos\Application Data\mjusbsp\cdloader2.exe" [2010-08-15 50592] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nwiz"="nwiz.exe" [2008-05-16 1630208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-06-12 200704] "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 94208] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 94208] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536] "AgataSoft ShutDown Pro"="c:\program files\AgataSoft\AgataSoft ShutDown Pro\AgataSoft_ShutDown_Pro.exe" [2010-04-21 2335744] "Emocubohoja"="c:\windows\apayapev.dll" [bU] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-8-7 671744] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi3"=vmcmidiport.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hawking Wireless Utility.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Hawking Wireless Utility.lnk backup=c:\windows\pss\Hawking Wireless Utility.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116] 1998-12-01 00:04 497376 ----a-w- c:\windows\p_981116.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2006-10-30 15:36 256576 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] 2008-08-14 22:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon] 2008-08-14 22:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 2003-07-13 08:49 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2008-03-14 23:50 233472 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2008-08-12 23:19 21741864 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] 2007-04-16 20:28 577536 ----a-w- c:\windows\soundman.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-01-26 21:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2007-01-27 21:42 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] 2007-08-30 22:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Neuro-Programmer 2 Professional\\Neuro-Programmer 2.exe"= "c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"= "c:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\nestc042\\NESTCL95.EXE"= "c:\\Documents and Settings\\Ziehos\\Application Data\\mjusbsp\\magicJack.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5060:UDP"= 5060:UDP:magicjack "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [8/9/2005 6:52 PM 75904] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/12/2010 9:50 PM 165584] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/12/2010 9:50 PM 17744] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [8/7/2010 11:11 AM 3712] R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [7/17/2009 8:32 AM 3576320] S0 pjyvmj;pjyvmj;c:\windows\system32\drivers\flacy.sys --> c:\windows\system32\drivers\flacy.sys [?] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [8/7/2010 11:22 AM 181792] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/7/2007 7:16 PM 691696] . Contents of the 'Scheduled Tasks' folder 2010-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-10-17 c:\windows\Tasks\WGASetup.job - c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 03:18] . . ------- Supplementary Scan ------- . uStart Page = about:blank uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm IE: Download web site with Free Download Manager - file://c:\program files\Free Download Manager\dlpage.htm IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - hxxp://www.riffinteractive.com/setup/RiffLick.cab FF - ProfilePath - c:\documents and settings\Ziehos\Application Data\Mozilla\Firefox\Profiles\z1c93oeu.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s= FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Ziehos\Application Data\Move Networks\plugins\npqmp071503000010.dll FF - plugin: c:\documents and settings\Ziehos\Application Data\Move Networks\plugins\npqmp071701000002.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: browser.search.selectedEngine - Google FF - user.js: browser.search.order.1 - Google FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . ------- File Associations ------- . regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1 . . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(772) c:\windows\system32\vmcmidiport.dll c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\System32\NavLogon.dll - - - - - - - > 'lsass.exe'(828) c:\windows\system32\vmcmidiport.dll - - - - - - - > 'explorer.exe'(7460) c:\windows\system32\WININET.dll c:\windows\system32\vmcmidiport.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\ewido anti-spyware 4.0\guard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\windows\system32\RUNDLL32.EXE . ************************************************************************** . Completion time: 2010-10-17 17:06:30 - machine was rebooted ComboFix-quarantined-files.txt 2010-10-17 22:06 ComboFix2.txt 2010-10-16 10:53 Pre-Run: 5,204,258,816 bytes free Post-Run: 5,195,313,152 bytes free Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4 - - End Of File - - 4275FDAC705821B044C903040818A42B
  14. I think that solved everything do you still want me to run combofix? I have none of the problems I had before so far.
  15. 2010/10/16 20:51:57.0921 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59 2010/10/16 20:51:57.0921 ================================================================================ 2010/10/16 20:51:57.0921 SystemInfo: 2010/10/16 20:51:57.0921 2010/10/16 20:51:57.0921 OS Version: 5.1.2600 ServicePack: 3.0 2010/10/16 20:51:57.0921 Product type: Workstation 2010/10/16 20:51:57.0921 ComputerName: SCOTT 2010/10/16 20:51:57.0921 UserName: Ziehos 2010/10/16 20:51:57.0921 Windows directory: C:\WINDOWS 2010/10/16 20:51:57.0921 System windows directory: C:\WINDOWS 2010/10/16 20:51:57.0921 Processor architecture: Intel x86 2010/10/16 20:51:57.0921 Number of processors: 1 2010/10/16 20:51:57.0921 Page size: 0x1000 2010/10/16 20:51:57.0921 Boot type: Normal boot 2010/10/16 20:51:57.0921 ================================================================================ 2010/10/16 20:51:58.0812 Initialize success 2010/10/16 20:52:16.0203 ================================================================================ 2010/10/16 20:52:16.0203 Scan started 2010/10/16 20:52:16.0203 Mode: Manual; 2010/10/16 20:52:16.0203 ================================================================================ 2010/10/16 20:52:17.0671 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys 2010/10/16 20:52:18.0062 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/10/16 20:52:18.0171 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/10/16 20:52:18.0437 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2010/10/16 20:52:19.0140 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 2010/10/16 20:52:19.0531 AmdK8 (61aa5cc421e74f2487b263066f79a006) C:\WINDOWS\system32\DRIVERS\AmdK8.sys 2010/10/16 20:52:20.0078 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys 2010/10/16 20:52:20.0359 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys 2010/10/16 20:52:20.0453 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys 2010/10/16 20:52:20.0609 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys 2010/10/16 20:52:20.0703 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys 2010/10/16 20:52:20.0796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/10/16 20:52:20.0921 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/10/16 20:52:21.0093 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\WINDOWS\system32\DRIVERS\atksgt.sys 2010/10/16 20:52:21.0218 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/10/16 20:52:21.0312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/10/16 20:52:21.0484 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/10/16 20:52:21.0609 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/10/16 20:52:21.0734 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/10/16 20:52:22.0218 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/10/16 20:52:22.0453 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2010/10/16 20:52:23.0234 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2010/10/16 20:52:23.0312 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/10/16 20:52:23.0390 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2010/10/16 20:52:23.0593 ewido anti-spyware 4.0 driver (9b6b54865bd0ec9ed2532dad89554969) C:\Program Files\ewido anti-spyware 4.0\guard.sys 2010/10/16 20:52:23.0718 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/10/16 20:52:23.0781 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/10/16 20:52:23.0875 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2010/10/16 20:52:23.0937 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/10/16 20:52:24.0031 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2010/10/16 20:52:24.0140 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/10/16 20:52:24.0250 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/10/16 20:52:24.0328 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys 2010/10/16 20:52:24.0406 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 2010/10/16 20:52:24.0484 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/10/16 20:52:24.0546 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/10/16 20:52:24.0703 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2010/10/16 20:52:24.0859 Imagedrv (fccf4ae4ef72cbaba6d6befefd77e940) C:\WINDOWS\system32\DRIVERS\imagedrv.sys 2010/10/16 20:52:24.0984 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/10/16 20:52:25.0234 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/10/16 20:52:25.0484 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/10/16 20:52:25.0953 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/10/16 20:52:26.0140 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/10/16 20:52:26.0218 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/10/16 20:52:26.0296 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2010/10/16 20:52:26.0406 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/10/16 20:52:26.0500 L8042Kbd (0f5ae6805ef05dbbe205e5b196cadf31) C:\WINDOWS\system32\Drivers\L8042Kbd.sys 2010/10/16 20:52:26.0578 L8042mou (ee1c6c057a83f93ad9ae7cdf12f0baa0) C:\WINDOWS\system32\Drivers\L8042mou.sys 2010/10/16 20:52:26.0765 LBeepKE (17638894e150efee66d97bce8f037519) C:\WINDOWS\system32\Drivers\LBeepKE.sys 2010/10/16 20:52:26.0859 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys 2010/10/16 20:52:27.0234 LHidKe (eaed22460dad9ccd9c9a58c78e717497) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys 2010/10/16 20:52:27.0375 LHidUsbK (f99fddb71da6a66ee2ebcc49f5bfadbb) C:\WINDOWS\system32\Drivers\LHidUsbK.Sys 2010/10/16 20:52:27.0859 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys 2010/10/16 20:52:27.0984 LMouKE (d1fd76ea56cd653d7b55a0fac96ee416) C:\WINDOWS\system32\Drivers\LMouKE.sys 2010/10/16 20:52:28.0093 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys 2010/10/16 20:52:28.0234 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys 2010/10/16 20:52:28.0312 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2010/10/16 20:52:28.0421 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/10/16 20:52:28.0500 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/10/16 20:52:28.0593 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/10/16 20:52:28.0687 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/10/16 20:52:28.0953 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/10/16 20:52:29.0156 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/10/16 20:52:29.0468 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2010/10/16 20:52:29.0546 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/10/16 20:52:29.0625 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2010/10/16 20:52:29.0750 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2010/10/16 20:52:29.0859 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/10/16 20:52:29.0906 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/10/16 20:52:29.0984 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/10/16 20:52:30.0062 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/10/16 20:52:30.0140 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/10/16 20:52:30.0281 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/10/16 20:52:30.0453 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2010/10/16 20:52:30.0546 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/10/16 20:52:30.0640 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/10/16 20:52:30.0953 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2010/10/16 20:52:31.0171 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/10/16 20:52:31.0250 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/10/16 20:52:31.0343 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 2010/10/16 20:52:31.0406 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 2010/10/16 20:52:31.0484 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 2010/10/16 20:52:31.0593 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/10/16 20:52:31.0671 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/10/16 20:52:31.0734 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/10/16 20:52:31.0859 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/10/16 20:52:32.0062 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/10/16 20:52:32.0562 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/10/16 20:52:32.0640 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2010/10/16 20:52:32.0750 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/10/16 20:52:32.0828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/10/16 20:52:32.0937 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2010/10/16 20:52:33.0531 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/10/16 20:52:33.0625 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/10/16 20:52:33.0703 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/10/16 20:52:33.0781 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/10/16 20:52:33.0890 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/10/16 20:52:33.0968 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/10/16 20:52:34.0062 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/10/16 20:52:34.0234 RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\system32\DRIVERS\RecAgent.sys 2010/10/16 20:52:34.0328 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/10/16 20:52:34.0468 RSUSBSTOR (6b065c88a4c05cf44793ac2bfc331ac5) C:\WINDOWS\system32\Drivers\RtsUStor.sys 2010/10/16 20:52:34.0546 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys 2010/10/16 20:52:34.0718 SCDEmu (e9bbd87afd80dc1212ecd762858b45c7) C:\WINDOWS\system32\drivers\SCDEmu.sys 2010/10/16 20:52:34.0812 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/10/16 20:52:34.0906 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/10/16 20:52:35.0031 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/10/16 20:52:35.0312 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 2010/10/16 20:52:35.0468 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/10/16 20:52:35.0562 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/10/16 20:52:35.0859 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/10/16 20:52:36.0046 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/10/16 20:52:36.0203 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/10/16 20:52:36.0375 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 2010/10/16 20:52:36.0468 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2010/10/16 20:52:36.0593 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2010/10/16 20:52:36.0734 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 2010/10/16 20:52:36.0812 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/10/16 20:52:36.0875 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/10/16 20:52:36.0968 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/10/16 20:52:37.0062 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/10/16 20:52:37.0218 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/10/16 20:52:37.0265 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/10/16 20:52:37.0375 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2010/10/16 20:52:37.0453 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys 2010/10/16 20:52:37.0546 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2010/10/16 20:52:37.0656 viamraid (f199939205dccc7836ae5ab8b5dd5e83) C:\WINDOWS\system32\DRIVERS\viamraid.sys 2010/10/16 20:52:37.0750 viasraid (1493f351e5a4b915fb5bbb735c14004b) C:\WINDOWS\system32\drivers\viasraid.sys 2010/10/16 20:52:37.0859 VIAudio (fece79a9aef62ad5f11a3f4a14f1dead) C:\WINDOWS\system32\drivers\vinyl97.sys 2010/10/16 20:52:37.0984 videX32 (4cc623591204acd5fc89bd0dad70e838) C:\WINDOWS\system32\DRIVERS\videX32.sys 2010/10/16 20:52:38.0078 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/10/16 20:52:38.0203 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/10/16 20:52:38.0312 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/10/16 20:52:38.0531 ws2ifsl (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2010/10/16 20:52:38.0656 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0) 2010/10/16 20:52:38.0656 ================================================================================ 2010/10/16 20:52:38.0656 Scan finished 2010/10/16 20:52:38.0656 ================================================================================ 2010/10/16 20:52:38.0687 Detected object count: 1 2010/10/16 20:52:56.0921 \HardDisk0\MBR - will be cured after reboot 2010/10/16 20:52:56.0921 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure 2010/10/16 20:53:31.MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000019d Kernel Drivers (total 147): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806D0000 \WINDOWS\system32\hal.dll 0xF8AA5000 \WINDOWS\system32\KDCOM.DLL 0xF89B5000 \WINDOWS\system32\BOOTVID.dll 0xF8476000 ACPI.sys 0xF8AA7000 \WINDOWS\System32\DRIVERS\WMILIB.SYS 0xF8465000 pci.sys 0xF85A5000 isapnp.sys 0xF8AA9000 viaide.sys 0xF8825000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS 0xF85B5000 MountMgr.sys 0xF8446000 ftdisk.sys 0xF8AAB000 dmload.sys 0xF8420000 dmio.sys 0xF882D000 PartMgr.sys 0xF8835000 videX32.sys 0xF85C5000 VolSnap.sys 0xF840A000 imagedrv.sys 0xF83F2000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS 0xF83DA000 atapi.sys 0xF83C7000 viasraid.sys 0xF83B4000 viamraid.sys 0xF85D5000 disk.sys 0xF85E5000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS 0xF8394000 fltmgr.sys 0xF8382000 sr.sys 0xF85F5000 PxHelp20.sys 0xF836B000 KSecDD.sys 0xF82DE000 Ntfs.sys 0xF82B1000 NDIS.sys 0xF883D000 viaagp1.sys 0xF89B9000 RecAgent.sys 0xF8297000 Mup.sys 0xF8605000 gagp30kx.sys 0xF8AA1000 \SystemRoot\system32\DRIVERS\tunmp.sys 0xF7909000 \SystemRoot\system32\DRIVERS\AmdK8.sys 0xF72C8000 \SystemRoot\System32\DRIVERS\nv4_mini.sys 0xF72B4000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS 0xF8695000 \SystemRoot\System32\DRIVERS\imapi.sys 0xF86A5000 \SystemRoot\System32\DRIVERS\cdrom.sys 0xF86B5000 \SystemRoot\System32\DRIVERS\redbook.sys 0xF7291000 \SystemRoot\System32\DRIVERS\ks.sys 0xF8945000 \SystemRoot\System32\DRIVERS\usbuhci.sys 0xF726D000 \SystemRoot\System32\DRIVERS\USBPORT.SYS 0xF894D000 \SystemRoot\System32\DRIVERS\usbehci.sys 0xF6E7E000 \SystemRoot\system32\drivers\ALCXWDM.SYS 0xF6E5A000 \SystemRoot\system32\drivers\portcls.sys 0xF86D5000 \SystemRoot\system32\drivers\drmk.sys 0xF6E40000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys 0xF8955000 \SystemRoot\System32\DRIVERS\fdc.sys 0xF8705000 \SystemRoot\System32\DRIVERS\serial.sys 0xF826F000 \SystemRoot\System32\DRIVERS\serenum.sys 0xF6E2C000 \SystemRoot\System32\DRIVERS\parport.sys 0xF826B000 \SystemRoot\System32\DRIVERS\gameenum.sys 0xF8BF9000 \SystemRoot\System32\DRIVERS\audstub.sys 0xF8715000 \SystemRoot\System32\DRIVERS\rasl2tp.sys 0xF8A49000 \SystemRoot\System32\DRIVERS\ndistapi.sys 0xF38A5000 \SystemRoot\System32\DRIVERS\ndiswan.sys 0xF61F6000 \SystemRoot\System32\DRIVERS\raspppoe.sys 0xF61E6000 \SystemRoot\System32\DRIVERS\raspptp.sys 0xF88ED000 \SystemRoot\System32\DRIVERS\TDI.SYS 0xF3894000 \SystemRoot\System32\DRIVERS\psched.sys 0xF61D6000 \SystemRoot\System32\DRIVERS\msgpc.sys 0xF8875000 \SystemRoot\System32\DRIVERS\ptilink.sys 0xF8895000 \SystemRoot\System32\DRIVERS\raspti.sys 0xEFB78000 \SystemRoot\System32\DRIVERS\rdpdr.sys 0xF12F5000 \SystemRoot\System32\DRIVERS\termdd.sys 0xF8885000 \SystemRoot\System32\DRIVERS\kbdclass.sys 0xF886D000 \SystemRoot\System32\DRIVERS\mouclass.sys 0xF8B11000 \SystemRoot\System32\DRIVERS\swenum.sys 0xEFB1A000 \SystemRoot\System32\DRIVERS\update.sys 0xEFC28000 \SystemRoot\System32\DRIVERS\mssmbios.sys 0xF06A9000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF0520000 \SystemRoot\System32\DRIVERS\usbhub.sys 0xF0955000 \SystemRoot\System32\DRIVERS\USBD.SYS 0xEBF54000 \SystemRoot\System32\DRIVERS\flpydisk.sys 0xEFC18000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xF8B0B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF8B73000 \SystemRoot\System32\Drivers\Null.SYS 0xF8B13000 \SystemRoot\System32\Drivers\Beep.SYS 0xEBF4C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xEBF44000 \SystemRoot\System32\drivers\vga.sys 0xF8B23000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF8B25000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xEBF3C000 \SystemRoot\System32\Drivers\Msfs.SYS 0xEBF34000 \SystemRoot\System32\Drivers\Npfs.SYS 0xEFC08000 \SystemRoot\System32\DRIVERS\rasacd.sys 0xEB8DD000 \SystemRoot\System32\DRIVERS\ipsec.sys 0xEB884000 \SystemRoot\System32\DRIVERS\tcpip.sys 0xEBCE5000 \SystemRoot\System32\Drivers\aswTdi.SYS 0xEB85C000 \SystemRoot\System32\DRIVERS\netbt.sys 0xEFBF4000 \SystemRoot\System32\drivers\ws2ifsl.sys 0xEB83A000 \SystemRoot\System32\drivers\afd.sys 0xEBCD5000 \SystemRoot\System32\DRIVERS\netbios.sys 0xEBCB5000 \SystemRoot\System32\Drivers\SCDEmu.SYS 0xEBAD0000 \SystemRoot\System32\DRIVERS\rdbss.sys 0xEBA60000 \SystemRoot\System32\DRIVERS\mrxsmb.sys 0xEBCA5000 \SystemRoot\System32\Drivers\Fips.SYS 0xEBA3A000 \SystemRoot\System32\DRIVERS\ipnat.sys 0xEBC95000 \SystemRoot\System32\DRIVERS\wanarp.sys 0xF8CEF000 \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys 0xEBA13000 \SystemRoot\System32\Drivers\aswSP.SYS 0xEBF1C000 \SystemRoot\System32\Drivers\Aavmker4.SYS 0xEBC75000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xF3436000 \SystemRoot\System32\DRIVERS\hidusb.sys 0xEB823000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS 0xEB813000 \SystemRoot\System32\Drivers\LHidUsbK.Sys 0xEDE28000 \SystemRoot\system32\DRIVERS\LHidKE.Sys 0xF343A000 \SystemRoot\System32\DRIVERS\mouhid.sys 0xEBA01000 \SystemRoot\System32\Drivers\LMouKE.sys 0xEDE20000 \SystemRoot\System32\DRIVERS\usbccgp.sys 0xEDE10000 \SystemRoot\system32\DRIVERS\usbprint.sys 0xEDEC6000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS 0xEB803000 \SystemRoot\system32\drivers\LVUSBSta.sys 0xEDDEE000 \SystemRoot\system32\drivers\usbaudio.sys 0xF626A000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xF1898000 \SystemRoot\System32\Drivers\dump_diskdump.sys 0xEB9EE000 \SystemRoot\System32\Drivers\dump_viamraid.sys 0xBF800000 \SystemRoot\System32\win32k.sys 0xF1878000 \SystemRoot\System32\drivers\Dxapi.sys 0xF8915000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xF8C7A000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\nv4_disp.dll 0xBFFA0000 \SystemRoot\System32\ATMFD.DLL 0xEFD3C000 \SystemRoot\System32\Drivers\aswFsBlk.SYS 0xBA7EA000 \SystemRoot\System32\DRIVERS\nwlnkipx.sys 0xF3824000 \SystemRoot\System32\DRIVERS\nwlnknb.sys 0xF825B000 \SystemRoot\System32\DRIVERS\ndisuio.sys 0xBA75B000 \SystemRoot\System32\Drivers\aswMon2.SYS 0xBA70F000 \SystemRoot\System32\Drivers\Fastfat.SYS 0xF12D5000 \SystemRoot\System32\DRIVERS\nwlnkspx.sys 0xBA60A000 \SystemRoot\system32\drivers\wdmaud.sys 0xF8635000 \SystemRoot\system32\drivers\sysaudio.sys 0xBA470000 \SystemRoot\System32\DRIVERS\mrxdav.sys 0xEBF14000 \SystemRoot\System32\Drivers\ParVdm.SYS 0xBA42D000 \SystemRoot\system32\DRIVERS\atksgt.sys 0xF8C82000 \SystemRoot\System32\Drivers\LBeepKE.sys 0xF6236000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0xBA33D000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys 0xBA26B000 \SystemRoot\System32\DRIVERS\secdrv.sys 0xF88AD000 \SystemRoot\system32\Drivers\LVPr2Mon.sys 0xF0761000 \SystemRoot\System32\DRIVERS\nwlnkfwd.sys 0xBA053000 \SystemRoot\System32\DRIVERS\nwlnkflt.sys 0xF88D5000 \SystemRoot\System32\Drivers\aswRdr.SYS 0xB9932000 \SystemRoot\system32\drivers\kmixer.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 41): 0 System Idle Process 4 System 668 C:\WINDOWS\system32\smss.exe 752 csrss.exe 776 C:\WINDOWS\system32\winlogon.exe 820 C:\WINDOWS\system32\services.exe 832 C:\WINDOWS\system32\lsass.exe 996 C:\WINDOWS\system32\svchost.exe 1072 svchost.exe 1168 C:\WINDOWS\system32\svchost.exe 1228 svchost.exe 1348 svchost.exe 1564 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe 228 C:\WINDOWS\system32\spoolsv.exe 248 C:\WINDOWS\explorer.exe 1260 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe 1296 C:\Program Files\Common Files\Java\Java Update\jusched.exe 1316 C:\WINDOWS\system32\rundll32.exe 1336 C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1644 svchost.exe 1780 C:\Program Files\ewido anti-spyware 4.0\guard.exe 1804 C:\WINDOWS\soundman.exe 324 C:\Program Files\Java\jre6\bin\jqs.exe 1672 C:\Program Files\Logitech\SetPoint\SetPoint.exe 524 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe 552 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe 612 C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe 684 C:\WINDOWS\system32\nvsvc32.exe 856 C:\WINDOWS\system32\slserv.exe 836 C:\WINDOWS\system32\svchost.exe 1056 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 1788 C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe 2116 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 2152 C:\WINDOWS\system32\wuauclt.exe 2504 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe 2768 alg.exe 3544 C:\Program Files\Mozilla Firefox\firefox.exe 3556 C:\Program Files\Mozilla Firefox\plugin-container.exe 3032 C:\WINDOWS\system32\notepad.exe 3764 C:\WINDOWS\system32\wuauclt.exe 1344 C:\Documents and Settings\Ziehos\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS) PhysicalDrive0 Model Number: Maxtor 6B100M0, Rev: BANC Size Device Name MBR Status -------------------------------------------- 93 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: 31D100779DE502702C374F7C15687B56FCFD5528 Done!0187 Deinitialize success
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.