Jump to content

Infected in System32/drivers/


Recommended Posts

I recently plugged an infected ipod in my computer and avast has warned me of it. The location of the infection is WINDOWS/System32/drivers folder and after scanning i learned that their filenames are

avgqyqzs.sys

&

furxctpj.sys

i tried removing it via avast but it says it cant, also tried MBAM no luck.-after rebooting,avast just detects it again.

what should i do to remove this infection without reformatting my laptop?

WINDOWS XP HOME SP3

PS. I downloaded OTL but dont have any FIX for it

PLEASE! HELP!!!!!

Link to post
Share on other sites

Hi syxtproductions and Wecome to Malwarebytes Forum!

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

========

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Please include the TDSSKiller and C:\ComboFix.txt in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

Here is the report that i got from TDSS.

2010/09/10 11:17:52.0531 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44

2010/09/10 11:17:52.0531 ================================================================================

2010/09/10 11:17:52.0531 SystemInfo:

2010/09/10 11:17:52.0531

2010/09/10 11:17:52.0531 OS Version: 5.1.2600 ServicePack: 3.0

2010/09/10 11:17:52.0531 Product type: Workstation

2010/09/10 11:17:52.0531 ComputerName: WINDOWS-65C89FB

2010/09/10 11:17:52.0531 UserName: acer

2010/09/10 11:17:52.0531 Windows directory: C:\WINDOWS

2010/09/10 11:17:52.0531 System windows directory: C:\WINDOWS

2010/09/10 11:17:52.0531 Processor architecture: Intel x86

2010/09/10 11:17:52.0531 Number of processors: 2

2010/09/10 11:17:52.0531 Page size: 0x1000

2010/09/10 11:17:52.0531 Boot type: Normal boot

2010/09/10 11:17:52.0531 ================================================================================

2010/09/10 11:17:53.0312 Initialize success

2010/09/10 11:17:56.0734 ================================================================================

2010/09/10 11:17:56.0734 Scan started

2010/09/10 11:17:56.0734 Mode: Manual;

2010/09/10 11:17:56.0734 ================================================================================

2010/09/10 11:17:58.0656 Aavmker4 (2073f856019a2bb1f774f73b34dc2944) C:\WINDOWS\system32\drivers\Aavmker4.sys

2010/09/10 11:17:58.0875 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/09/10 11:17:58.0921 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/09/10 11:17:58.0984 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/09/10 11:17:59.0031 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys

2010/09/10 11:17:59.0171 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2010/09/10 11:17:59.0265 aswFsBlk (922c09ed986c31d6d4445dc937465103) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys

2010/09/10 11:17:59.0343 aswMon2 (5ca5502142ef80d799eb407b4ed47bc6) C:\WINDOWS\system32\drivers\aswMon2.sys

2010/09/10 11:17:59.0375 aswRdr (52e2059219aadf5c896ff2364b88b4bd) C:\WINDOWS\system32\drivers\aswRdr.sys

2010/09/10 11:17:59.0406 aswSP (96b9eaca31846be3b780b19024dcebcf) C:\WINDOWS\system32\drivers\aswSP.sys

2010/09/10 11:17:59.0437 aswTdi (37edfcce12c2b46e11c9f98f36564981) C:\WINDOWS\system32\drivers\aswTdi.sys

2010/09/10 11:17:59.0468 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/09/10 11:17:59.0500 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/09/10 11:17:59.0671 ati2mtag (fd6d77a3070a57308d87a7d57144aae0) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2010/09/10 11:17:59.0812 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/09/10 11:17:59.0843 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/09/10 11:17:59.0921 b57w2k (58911390115465bf6d8048f21f48655a) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2010/09/10 11:17:59.0968 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/09/10 11:18:00.0046 btaudio (f73d41fd3653fe64cc79610f7b240472) C:\WINDOWS\system32\drivers\btaudio.sys

2010/09/10 11:18:00.0109 BTDriver (4854ed2ee57769b9527680978a9dd5b4) C:\WINDOWS\system32\DRIVERS\btport.sys

2010/09/10 11:18:00.0187 BTKRNL (4ebd4ebff01617fbda6ce7963f150918) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

2010/09/10 11:18:00.0296 BTSERIAL (6d9f1d03d4eba886e1626d856762b4f0) C:\WINDOWS\system32\drivers\btserial.sys

2010/09/10 11:18:00.0390 BTWDNDIS (96708d343264abaf8ad93c464b2fc9ca) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

2010/09/10 11:18:00.0421 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/09/10 11:18:00.0484 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/09/10 11:18:00.0546 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/09/10 11:18:00.0609 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/09/10 11:18:00.0671 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/09/10 11:18:00.0812 CLEDX (b53f9635457b56dcffef750e18aec6cb) C:\WINDOWS\system32\DRIVERS\cledx.sys

2010/09/10 11:18:00.0875 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/09/10 11:18:00.0921 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/09/10 11:18:01.0031 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/09/10 11:18:01.0125 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/09/10 11:18:01.0187 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/09/10 11:18:01.0203 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/09/10 11:18:01.0250 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/09/10 11:18:01.0343 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/09/10 11:18:01.0390 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/09/10 11:18:01.0421 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/09/10 11:18:01.0484 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/09/10 11:18:01.0515 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/09/10 11:18:01.0578 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/09/10 11:18:01.0625 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/09/10 11:18:01.0671 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/09/10 11:18:01.0687 Suspicious service (NoAccess): furxctpj

2010/09/10 11:18:01.0765 furxctpj (efa8b525c99ae6d5a69b56b86a2c30fb) C:\WINDOWS\system32\drivers\furxctpj.sys

2010/09/10 11:18:01.0765 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\furxctpj.sys. md5: efa8b525c99ae6d5a69b56b86a2c30fb

2010/09/10 11:18:01.0765 furxctpj - detected Locked service (1)

2010/09/10 11:18:01.0859 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2010/09/10 11:18:01.0921 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/09/10 11:18:01.0968 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/09/10 11:18:02.0031 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/09/10 11:18:02.0109 HSFHWAZL (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys

2010/09/10 11:18:02.0203 HSF_DPV (3f53b4af98f8fd83b7f0b8b65d2d90a7) C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys

2010/09/10 11:18:02.0312 HSXHWAZL (194bc52fc0f53e540faf9de8a9c05255) C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys

2010/09/10 11:18:02.0375 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/09/10 11:18:02.0484 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/09/10 11:18:02.0546 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/09/10 11:18:02.0859 IntcAzAudAddService (b2957d6c1226f029230dac2c46d34286) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/09/10 11:18:03.0203 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/09/10 11:18:03.0234 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/09/10 11:18:03.0281 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/09/10 11:18:03.0296 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/09/10 11:18:03.0343 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/09/10 11:18:03.0406 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/09/10 11:18:03.0453 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys

2010/09/10 11:18:03.0500 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/09/10 11:18:03.0625 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/09/10 11:18:03.0687 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/09/10 11:18:03.0765 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/09/10 11:18:03.0812 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/09/10 11:18:03.0953 lv321av (9919e66d8e7b0c77b07a0852e1b38834) C:\WINDOWS\system32\DRIVERS\lv321av.sys

2010/09/10 11:18:04.0093 LVUSBSta (dcc4677c583fb9563e31b565fc28eaa2) C:\WINDOWS\system32\DRIVERS\LVUSBSta.sys

2010/09/10 11:18:04.0140 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/09/10 11:18:04.0203 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/09/10 11:18:04.0234 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/09/10 11:18:04.0281 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/09/10 11:18:04.0328 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/09/10 11:18:04.0375 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/09/10 11:18:04.0421 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/09/10 11:18:04.0468 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/09/10 11:18:04.0609 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/09/10 11:18:04.0687 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/09/10 11:18:04.0734 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/09/10 11:18:04.0750 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/09/10 11:18:04.0828 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/09/10 11:18:04.0875 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/09/10 11:18:04.0921 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/09/10 11:18:04.0968 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/09/10 11:18:05.0031 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/09/10 11:18:05.0125 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/09/10 11:18:05.0156 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/09/10 11:18:05.0218 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/09/10 11:18:05.0250 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/09/10 11:18:05.0265 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/09/10 11:18:05.0296 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/09/10 11:18:05.0328 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/09/10 11:18:05.0531 NETw4x32 (d57258165aba8162de8e29d71487fc4b) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys

2010/09/10 11:18:05.0781 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2010/09/10 11:18:05.0843 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/09/10 11:18:05.0875 NSCIRDA (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys

2010/09/10 11:18:05.0937 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/09/10 11:18:06.0015 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/09/10 11:18:06.0062 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/09/10 11:18:06.0140 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/09/10 11:18:06.0187 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2010/09/10 11:18:06.0250 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2010/09/10 11:18:06.0265 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/09/10 11:18:06.0296 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/09/10 11:18:06.0328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/09/10 11:18:06.0390 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/09/10 11:18:06.0437 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys

2010/09/10 11:18:06.0625 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/09/10 11:18:06.0718 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/09/10 11:18:06.0781 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/09/10 11:18:06.0828 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/09/10 11:18:06.0953 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/09/10 11:18:07.0015 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys

2010/09/10 11:18:07.0031 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/09/10 11:18:07.0062 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/09/10 11:18:07.0078 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/09/10 11:18:07.0125 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/09/10 11:18:07.0156 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/09/10 11:18:07.0234 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/09/10 11:18:07.0312 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/09/10 11:18:07.0406 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys

2010/09/10 11:18:07.0437 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/09/10 11:18:07.0515 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2010/09/10 11:18:07.0546 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/09/10 11:18:07.0625 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/09/10 11:18:07.0703 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/09/10 11:18:07.0796 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys

2010/09/10 11:18:07.0796 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505

2010/09/10 11:18:07.0812 sptd - detected Locked file (1)

2010/09/10 11:18:07.0921 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/09/10 11:18:07.0984 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/09/10 11:18:08.0046 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/09/10 11:18:08.0093 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/09/10 11:18:08.0156 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/09/10 11:18:08.0296 SynTP (e295fffff3aaf9a6a40b29497901908f) C:\WINDOWS\system32\DRIVERS\SynTP.sys

2010/09/10 11:18:08.0328 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/09/10 11:18:08.0453 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys

2010/09/10 11:18:08.0515 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/09/10 11:18:08.0578 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/09/10 11:18:08.0640 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/09/10 11:18:08.0687 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/09/10 11:18:08.0781 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\WINDOWS\system32\drivers\tifm21.sys

2010/09/10 11:18:08.0937 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/09/10 11:18:09.0031 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/09/10 11:18:09.0093 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys

2010/09/10 11:18:09.0156 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/09/10 11:18:09.0203 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/09/10 11:18:09.0234 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/09/10 11:18:09.0359 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/09/10 11:18:09.0375 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/09/10 11:18:09.0421 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/09/10 11:18:09.0484 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/09/10 11:18:09.0515 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/09/10 11:18:09.0640 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/09/10 11:18:09.0734 winachsf (c9c63410d8cf98f621b9cc62243fb877) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys

2010/09/10 11:18:09.0828 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2010/09/10 11:18:09.0968 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/09/10 11:18:10.0031 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/09/10 11:18:10.0062 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/09/10 11:18:10.0109 XAudio (2e579520e114a9ca309f13bf40ad8292) C:\WINDOWS\system32\DRIVERS\xaudio.sys

2010/09/10 11:18:10.0187 ================================================================================

2010/09/10 11:18:10.0187 Scan finished

2010/09/10 11:18:10.0187 ================================================================================

2010/09/10 11:18:10.0203 Detected object count: 2

2010/09/10 11:18:32.0796 Locked service(furxctpj) - User select action: Skip

2010/09/10 11:18:32.0812 Locked file(sptd) - User select action: Skip

Link to post
Share on other sites

COMBO FIX LOG

ComboFix 10-09-09.03 - acer 09/10/2010 13:08:22.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.524 [GMT 8:00]

Running from: c:\documents and settings\acer\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1201 [VPS 090726-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\data

c:\data\Lp_setup.exe

C:\FLVDirect.exe

c:\windows\system32\drivers\furxctpj.sys

c:\windows\system32\fjhdyfhsn.bat

c:\windows\system32\msvcsv60.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_furxctpj

-------\Service_furxctpj

((((((((((((((((((((((((( Files Created from 2010-08-10 to 2010-09-10 )))))))))))))))))))))))))))))))

.

2010-09-10 01:31 . 2010-09-10 01:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-09-10 01:31 . 2010-09-10 01:31 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE

2010-09-09 14:46 . 2010-09-09 14:46 -------- d-----w- c:\windows\system32\wbem\Repository

2010-09-09 11:19 . 2010-09-09 11:19 -------- d-----w- c:\documents and settings\acer\Application Data\Malwarebytes

2010-09-09 11:19 . 2010-09-09 14:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-09-09 11:19 . 2010-09-09 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-09-07 00:41 . 2010-09-07 00:41 534 ----a-w- c:\windows\eReg.dat

2010-09-07 00:41 . 2010-09-07 00:41 -------- d-----w- c:\program files\Maxis

2010-09-06 13:08 . 2010-09-06 13:43 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-08-30 02:44 . 2010-08-30 02:44 -------- d-----w- C:\Scenario

2010-08-29 07:03 . 2010-08-29 07:03 -------- d-----w- c:\documents and settings\acer\Application Data\Microsoft Games

2010-08-29 06:36 . 2010-08-29 06:36 -------- d-----w- c:\program files\Microsoft Games

2010-08-24 05:32 . 2010-08-24 05:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E7D4E1BB-A8A8-4E3B-BEA6-38DD8E4522DF}

2010-08-23 16:00 . 2010-08-24 06:30 -------- d-----w- c:\program files\Native Instruments

2010-08-23 15:57 . 2006-06-09 04:12 61440 ----a-w- c:\windows\system32\NI_DFD_1_5.dll

2010-08-23 15:57 . 2006-06-09 04:12 393216 ----a-w- c:\windows\system32\NI_IRC_1_2.dll

2010-08-23 14:59 . 2005-03-24 00:26 491520 ----a-w- c:\windows\system32\msvcr80.dll

2010-08-23 14:59 . 2010-08-23 14:59 -------- d-----w- c:\program files\LUXONIX

2010-08-20 10:05 . 2010-08-20 10:05 -------- d-----w- c:\documents and settings\acer\Local Settings\Application Data\Identities

2010-08-20 05:23 . 2010-09-08 14:50 -------- d-----w- c:\documents and settings\acer\Application Data\vlc

2010-08-19 15:56 . 2010-08-19 15:57 -------- d-----w- c:\program files\Logitech Touch Mouse Server

2010-08-18 09:19 . 2010-08-18 09:19 -------- d-----w- c:\documents and settings\acer\Application Data\SynthMaker

2010-08-15 15:46 . 2010-08-15 15:51 -------- d-----w- c:\documents and settings\acer\Application Data\FabFilter

2010-08-15 15:45 . 2010-08-16 01:28 -------- d-----w- c:\program files\FabFilter

2010-08-15 15:43 . 2003-06-20 04:28 1777664 ----a-w- c:\windows\system32\gdiplus.dll

2010-08-11 16:05 . 2010-08-11 16:05 -------- d-----w- c:\program files\OpenVPN

2010-08-11 14:44 . 2010-08-11 16:03 -------- d-----w- C:\Hotspot Shield

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-09 17:28 . 2010-06-15 09:42 -------- d-----w- c:\documents and settings\acer\Application Data\uTorrent

2010-09-08 16:19 . 2010-09-08 16:19 16 ----a-w- c:\documents and settings\NetworkService\Application Data\hngmfc.dat

2010-08-31 16:19 . 2010-06-15 09:57 69624 ----a-w- c:\documents and settings\acer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-08-28 16:34 . 2010-06-21 11:00 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-08-28 16:32 . 2010-08-28 16:32 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-08-28 16:32 . 2010-06-21 10:25 -------- d-----w- c:\program files\DivX

2010-08-28 16:32 . 2010-06-21 10:23 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2010-08-28 16:32 . 2010-08-28 16:32 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe

2010-08-28 16:32 . 2010-08-28 16:32 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-08-28 16:32 . 2010-08-28 16:32 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe

2010-08-28 16:32 . 2010-08-28 16:32 84063 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe

2010-08-28 16:32 . 2010-08-28 16:32 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe

2010-08-28 16:29 . 2010-08-28 16:32 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll

2010-08-28 16:29 . 2010-08-28 16:29 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-08-28 16:29 . 2010-06-21 10:40 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-08-28 16:29 . 2010-06-21 10:40 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-08-28 13:17 . 2010-06-15 18:34 16 ----a-w- c:\windows\msocreg32.dat

2010-08-28 06:29 . 2010-06-15 09:42 -------- d-----w- c:\program files\uTorrent

2010-08-27 03:18 . 2010-06-15 05:39 -------- d-----w- c:\program files\Common Files\Adobe

2010-08-24 05:07 . 2010-06-15 16:58 -------- d-----w- c:\program files\Common Files\Native Instruments

2010-08-23 16:09 . 2010-06-15 09:43 -------- d-----w- c:\program files\VstPlugins

2010-08-09 12:29 . 2010-06-26 03:54 -------- d-----w- c:\program files\Bonjour

2010-08-09 12:28 . 2010-08-09 12:28 -------- d-----w- c:\program files\Stanza

2010-08-05 07:25 . 2010-08-05 07:23 -------- d-----w- c:\documents and settings\acer\Application Data\dvdcss

2010-07-05 11:28 . 2010-07-05 11:28 56136 ---ha-w- c:\windows\system32\mlfcache.dat

2010-06-26 03:37 . 2010-06-26 03:37 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

2010-06-21 10:39 . 2010-06-21 10:39 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe

2010-06-21 10:39 . 2010-06-21 10:39 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe

2010-06-21 10:39 . 2010-06-21 10:39 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe

2010-06-21 10:39 . 2010-06-21 10:39 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe

2010-06-21 10:39 . 2010-06-21 10:39 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe

2010-06-21 10:39 . 2010-06-21 10:39 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe

2010-06-21 10:39 . 2010-06-21 10:39 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe

2010-06-21 10:39 . 2010-06-21 10:39 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe

2010-06-21 10:39 . 2010-06-21 10:39 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe

2010-06-21 10:39 . 2010-06-21 10:39 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe

2010-06-21 10:38 . 2010-06-21 10:38 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe

2010-06-21 10:38 . 2010-06-21 10:38 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe

2010-06-16 20:33 . 2010-06-16 20:33 32768 ----a-w- c:\windows\system32\drivers\taphss.sys

2010-06-16 10:27 . 2010-06-15 05:22 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-06-15 10:10 . 2010-06-15 10:10 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2010-06-15 06:23 . 2010-06-15 06:23 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe

2010-06-15 06:23 . 2010-06-15 06:23 36864 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe

2010-06-15 06:22 . 2010-06-15 06:22 29480 ----a-w- c:\windows\system32\msxml3a.dll

2010-06-15 06:22 . 2010-06-15 06:22 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe

2010-06-15 06:22 . 2010-06-15 05:39 505128 ----a-w- c:\windows\system32\msvcp71.dll

2010-06-15 06:21 . 2010-06-15 06:21 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe

2010-06-15 06:16 . 2010-06-15 06:16 410984 ----a-w- c:\windows\system32\deploytk.dll

2010-06-15 06:15 . 2010-06-15 06:15 152576 ----a-w- c:\documents and settings\acer\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

2010-06-15 05:40 . 2010-06-15 05:40 0 ----a-w- c:\windows\nsreg.dat

2010-06-15 05:19 . 2010-06-15 05:19 21640 ----a-w- c:\windows\system32\emptyregdb.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

"Google Update"="c:\documents and settings\acer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-15 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2009-12-14 819200]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 79224]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-06-23 210216]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-16 761945]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]

"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2005-12-18 307200]

"RTHDCPL"="RTHDCPL.EXE" [2009-10-24 16861184]

"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-05-25 37888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]

c:\documents and settings\acer\Start Menu\Programs\Startup\

Logitech Touch Mouse Server.lnk - c:\program files\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-24 228352]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk

backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 10:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]

2006-05-04 08:26 2808832 ----a-w- c:\windows\alcwzrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]

2006-03-09 05:43 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

2009-06-03 12:59 103720 ------w- c:\program files\CyberLink\Power2Go\CLMLSvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2006-10-26 16:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2010-04-29 08:59 5248312 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]

2009-04-15 15:54 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]

2009-06-03 11:44 2676008 ------w- c:\program files\CyberLink\Power2Go\Power2GoExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]

2009-04-15 15:52 91432 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2009-10-24 07:52 16861184 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

2009-10-24 07:52 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2007-04-16 07:28 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-06-15 06:16 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\acer\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\Stanza.exe"=

"c:\\Program Files\\Logitech Touch Mouse Server\\iTouch-Server-Win.exe"=

"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/15/2010 2:19 PM 78416]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/15/2010 2:19 PM 20560]

R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [6/15/2010 6:45 PM 33792]

R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [6/15/2010 2:01 PM 1097728]

S0 avgyqzs;avgyqzs; [x]

S4 Ierptikorcss;Ierptikorcss;c:\windows\system32\rexec.exe [4/14/2008 8:00 PM 13824]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/15/2010 6:10 PM 691696]

.

Contents of the 'Scheduled Tasks' folder

2010-08-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 03:50]

2010-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-2025429265-1644491937-1004Core.job

- c:\documents and settings\acer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-15 10:11]

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-2025429265-1644491937-1004UA.job

- c:\documents and settings\acer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-15 10:11]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.hotspotshield.com/g/?c=h

uInternet Connection Wizard,ShellNext = hxxp://www.tools4arab.com/start

uInternet Settings,ProxyOverride = local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

FF - ProfilePath - c:\documents and settings\acer\Application Data\Mozilla\Firefox\Profiles\jl79fxh4.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2604146&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - HotSpot International Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2604146&SearchSource=13

FF - component: c:\documents and settings\acer\Application Data\Mozilla\Firefox\Profiles\jl79fxh4.default\extensions\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\components\FFExternalAlert.dll

FF - component: c:\documents and settings\acer\Application Data\Mozilla\Firefox\Profiles\jl79fxh4.default\extensions\{0002ee26-8c11-49eb-9cdf-56eeffef664f}\components\RadioWMPCore.dll

FF - plugin: c:\documents and settings\acer\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll

.

- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe

MSConfigStartUp-LaunchAp - c:\program files\Launch Manager\LaunchAp.exe

MSConfigStartUp-LManager - c:\program files\Launch Manager\HotkeyApp.exe

MSConfigStartUp-LMgrOSD - c:\program files\Launch Manager\OSDCtrl.exe

MSConfigStartUp-Wbutton - c:\program files\Launch Manager\Wbutton.exe

AddRemove-Tone2 Filterbank2_is1 - c:\program files\Image-Line\FL Studio 9\Plugins\VST\VstPlugins\Uninstall Filterbank2\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-09-10 13:15

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h

Link to post
Share on other sites

Sorry for the delay.

  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

KILLALL::

File::
c:\documents and settings\All Users\Application Data\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Temp\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\PostBuild.exe
c:\documents and settings\All Users\Application Data\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe

Driver::
Ierptikorcss

DDS::
uInternet Connection Wizard,ShellNext = hxxp://www.tools4arab.com/start
uInternet Settings,ProxyOverride = local

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.

cfscriptb4.gif

This will start ComboFix again. It may ask to reboot. This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.