Jump to content

don't know what's wrong multiple problems


ScottZ

Recommended Posts

sometimes every program I click becomes unresponsive(firefox,Mbytes,IE it just sits there and task manager doesn't work either and sometimes on startup it just sits there windows explorer doesn't load so I have to restart and hope I get lucky make take 2-3 times Malware bytes froze twice once it was done scanning and pressed the remove button it said not responding and sat there for 10 minutes til I restarted it and finally succeedded after 3 tries.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4845

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/16/2010 4:31:18 AM

mbam-log-2010-10-16 (04-31-18).txt

Scan type: Quick scan

Objects scanned: 144124

Time elapsed: 16 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\temp\1e084b1d.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\WINDOWS\temp\eb664b7e.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

GMER 1.0.15.15319 - http://www.gmer.net

Rootkit scan 2010-10-16 07:17:31

Windows 5.1.2600 Service Pack 3

Running: fmgduoeh.exe; Driver: C:\DOCUME~1\Ziehos\LOCALS~1\Temp\fxtdypow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xEBCB4CF0]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xEBCB4BAC]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xEBCB5160]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xEBCB508A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xEBCB4782]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xEBCB4C86]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xEBCB46C2]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xEBCB4726]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xEBCB4DA6]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEBCB522E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xEBCB4D66]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xEBCB4EE6]

SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess [0xEF776812]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEBCC1BAE]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xEBCC19D2]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xEBCC1B0C]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 805795FA 7 Bytes JMP EBCC1B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntkrnlpa.exe!NtCreateSection 805A075C 7 Bytes JMP EBCC19D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP EBCBD5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP EBCBEFFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73EA 7 Bytes JMP EBCC1BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF65CA360, 0x37388D, 0xE8000020]

.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xBA42D300, 0x3ACC8, 0xE8000020]

.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF88AD300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[556] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BE000A

.text C:\WINDOWS\Explorer.EXE[556] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BF000A

.text C:\WINDOWS\Explorer.EXE[556] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00BD000C

.text C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006E000A

.text C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 006F000A

.text C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006D000C

.text C:\WINDOWS\System32\svchost.exe[1184] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00E4000A

.text C:\WINDOWS\System32\svchost.exe[1184] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00B1000A

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1568] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2324] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 103FDDE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\firefox.exe[3964] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 013D000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[3964] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 013E000A

.text C:\Program Files\Mozilla Firefox\firefox.exe[3964] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 013C000C

.text C:\Program Files\Mozilla Firefox\firefox.exe[3964] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\viamraid -> DriverStartIo \Device\Scsi\viamraid1 830513B2

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEF 0x33 0x24 0x32 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDA 0x41 0x6F 0x03 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x42 0xED 0x2A 0xE3 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x11 0x8B 0x9A 0x51 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xCF 0x7C 0xA1 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2B 0xB7 0xAA 0xE1 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEF 0x33 0x24 0x32 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDA 0x41 0x6F 0x03 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x42 0xED 0x2A 0xE3 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x11 0x8B 0x9A 0x51 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x30 0xCF 0x7C 0xA1 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x2B 0xB7 0xAA 0xE1 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xEF 0x33 0x24 0x32 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xDA 0x41 0x6F 0x03 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x42 0xED 0x2A 0xE3 ...

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

---- Files - GMER 1.0.15 ----

File C:\Program Files\Alwil Software\Avast5\Setup\avast.setup 0 bytes

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Hi, ScottZ :lol:

:)

You may be infected with a backdoor trojan. I would suggest you backup your important documents before proceeding.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

Link to post
Share on other sites

2010/10/16 20:51:57.0921 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/16 20:51:57.0921 ================================================================================

2010/10/16 20:51:57.0921 SystemInfo:

2010/10/16 20:51:57.0921

2010/10/16 20:51:57.0921 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/16 20:51:57.0921 Product type: Workstation

2010/10/16 20:51:57.0921 ComputerName: SCOTT

2010/10/16 20:51:57.0921 UserName: Ziehos

2010/10/16 20:51:57.0921 Windows directory: C:\WINDOWS

2010/10/16 20:51:57.0921 System windows directory: C:\WINDOWS

2010/10/16 20:51:57.0921 Processor architecture: Intel x86

2010/10/16 20:51:57.0921 Number of processors: 1

2010/10/16 20:51:57.0921 Page size: 0x1000

2010/10/16 20:51:57.0921 Boot type: Normal boot

2010/10/16 20:51:57.0921 ================================================================================

2010/10/16 20:51:58.0812 Initialize success

2010/10/16 20:52:16.0203 ================================================================================

2010/10/16 20:52:16.0203 Scan started

2010/10/16 20:52:16.0203 Mode: Manual;

2010/10/16 20:52:16.0203 ================================================================================

2010/10/16 20:52:17.0671 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys

2010/10/16 20:52:18.0062 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/16 20:52:18.0171 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2010/10/16 20:52:18.0437 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/16 20:52:19.0140 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2010/10/16 20:52:19.0531 AmdK8 (61aa5cc421e74f2487b263066f79a006) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

2010/10/16 20:52:20.0078 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2010/10/16 20:52:20.0359 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys

2010/10/16 20:52:20.0453 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys

2010/10/16 20:52:20.0609 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys

2010/10/16 20:52:20.0703 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys

2010/10/16 20:52:20.0796 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/16 20:52:20.0921 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/16 20:52:21.0093 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\WINDOWS\system32\DRIVERS\atksgt.sys

2010/10/16 20:52:21.0218 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/16 20:52:21.0312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/16 20:52:21.0484 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/16 20:52:21.0609 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/16 20:52:21.0734 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/16 20:52:22.0218 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/16 20:52:22.0453 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/16 20:52:23.0234 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/16 20:52:23.0312 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/16 20:52:23.0390 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/16 20:52:23.0593 ewido anti-spyware 4.0 driver (9b6b54865bd0ec9ed2532dad89554969) C:\Program Files\ewido anti-spyware 4.0\guard.sys

2010/10/16 20:52:23.0718 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/16 20:52:23.0781 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2010/10/16 20:52:23.0875 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/16 20:52:23.0937 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2010/10/16 20:52:24.0031 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2010/10/16 20:52:24.0140 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/16 20:52:24.0250 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/16 20:52:24.0328 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys

2010/10/16 20:52:24.0406 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys

2010/10/16 20:52:24.0484 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/16 20:52:24.0546 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2010/10/16 20:52:24.0703 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2010/10/16 20:52:24.0859 Imagedrv (fccf4ae4ef72cbaba6d6befefd77e940) C:\WINDOWS\system32\DRIVERS\imagedrv.sys

2010/10/16 20:52:24.0984 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/16 20:52:25.0234 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/16 20:52:25.0484 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/16 20:52:25.0953 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/16 20:52:26.0140 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/16 20:52:26.0218 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2010/10/16 20:52:26.0296 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/16 20:52:26.0406 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/16 20:52:26.0500 L8042Kbd (0f5ae6805ef05dbbe205e5b196cadf31) C:\WINDOWS\system32\Drivers\L8042Kbd.sys

2010/10/16 20:52:26.0578 L8042mou (ee1c6c057a83f93ad9ae7cdf12f0baa0) C:\WINDOWS\system32\Drivers\L8042mou.sys

2010/10/16 20:52:26.0765 LBeepKE (17638894e150efee66d97bce8f037519) C:\WINDOWS\system32\Drivers\LBeepKE.sys

2010/10/16 20:52:26.0859 lbrtfdc (406598827a1b5f77954de11dde115ced) C:\WINDOWS\system32\drivers\lbrtfdc.sys

2010/10/16 20:52:27.0234 LHidKe (eaed22460dad9ccd9c9a58c78e717497) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys

2010/10/16 20:52:27.0375 LHidUsbK (f99fddb71da6a66ee2ebcc49f5bfadbb) C:\WINDOWS\system32\Drivers\LHidUsbK.Sys

2010/10/16 20:52:27.0859 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys

2010/10/16 20:52:27.0984 LMouKE (d1fd76ea56cd653d7b55a0fac96ee416) C:\WINDOWS\system32\Drivers\LMouKE.sys

2010/10/16 20:52:28.0093 LVPr2Mon (a6919138f29ae45e90e99fa94737e04c) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys

2010/10/16 20:52:28.0234 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\WINDOWS\system32\drivers\LVUSBSta.sys

2010/10/16 20:52:28.0312 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2010/10/16 20:52:28.0421 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/16 20:52:28.0500 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/16 20:52:28.0593 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2010/10/16 20:52:28.0687 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/16 20:52:28.0953 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/16 20:52:29.0156 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/16 20:52:29.0468 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/16 20:52:29.0546 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/16 20:52:29.0625 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/16 20:52:29.0750 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/16 20:52:29.0859 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/16 20:52:29.0906 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/16 20:52:29.0984 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/16 20:52:30.0062 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/16 20:52:30.0140 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/16 20:52:30.0281 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/16 20:52:30.0453 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/16 20:52:30.0546 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/16 20:52:30.0640 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/16 20:52:30.0953 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2010/10/16 20:52:31.0171 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/16 20:52:31.0250 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/16 20:52:31.0343 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys

2010/10/16 20:52:31.0406 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys

2010/10/16 20:52:31.0484 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys

2010/10/16 20:52:31.0593 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2010/10/16 20:52:31.0671 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/16 20:52:31.0734 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/16 20:52:31.0859 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/16 20:52:32.0062 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/16 20:52:32.0562 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/16 20:52:32.0640 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2010/10/16 20:52:32.0750 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/16 20:52:32.0828 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/16 20:52:32.0937 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2010/10/16 20:52:33.0531 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/16 20:52:33.0625 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/16 20:52:33.0703 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/16 20:52:33.0781 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/16 20:52:33.0890 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/16 20:52:33.0968 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/16 20:52:34.0062 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2010/10/16 20:52:34.0234 RecAgent (e9aaa0092d74a9d371659c4c38882e12) C:\WINDOWS\system32\DRIVERS\RecAgent.sys

2010/10/16 20:52:34.0328 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/16 20:52:34.0468 RSUSBSTOR (6b065c88a4c05cf44793ac2bfc331ac5) C:\WINDOWS\system32\Drivers\RtsUStor.sys

2010/10/16 20:52:34.0546 RTL8023xp (3529828ec571fb2f64f6b142f9109993) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

2010/10/16 20:52:34.0718 SCDEmu (e9bbd87afd80dc1212ecd762858b45c7) C:\WINDOWS\system32\drivers\SCDEmu.sys

2010/10/16 20:52:34.0812 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/16 20:52:34.0906 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2010/10/16 20:52:35.0031 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2010/10/16 20:52:35.0312 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys

2010/10/16 20:52:35.0468 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/16 20:52:35.0562 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/16 20:52:35.0859 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/16 20:52:36.0046 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/16 20:52:36.0203 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/16 20:52:36.0375 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys

2010/10/16 20:52:36.0468 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/16 20:52:36.0593 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/16 20:52:36.0734 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2010/10/16 20:52:36.0812 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/16 20:52:36.0875 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/16 20:52:36.0968 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/16 20:52:37.0062 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2010/10/16 20:52:37.0218 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/16 20:52:37.0265 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/16 20:52:37.0375 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/16 20:52:37.0453 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys

2010/10/16 20:52:37.0546 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2010/10/16 20:52:37.0656 viamraid (f199939205dccc7836ae5ab8b5dd5e83) C:\WINDOWS\system32\DRIVERS\viamraid.sys

2010/10/16 20:52:37.0750 viasraid (1493f351e5a4b915fb5bbb735c14004b) C:\WINDOWS\system32\drivers\viasraid.sys

2010/10/16 20:52:37.0859 VIAudio (fece79a9aef62ad5f11a3f4a14f1dead) C:\WINDOWS\system32\drivers\vinyl97.sys

2010/10/16 20:52:37.0984 videX32 (4cc623591204acd5fc89bd0dad70e838) C:\WINDOWS\system32\DRIVERS\videX32.sys

2010/10/16 20:52:38.0078 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/16 20:52:38.0203 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/16 20:52:38.0312 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/16 20:52:38.0531 ws2ifsl (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2010/10/16 20:52:38.0656 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/10/16 20:52:38.0656 ================================================================================

2010/10/16 20:52:38.0656 Scan finished

2010/10/16 20:52:38.0656 ================================================================================

2010/10/16 20:52:38.0687 Detected object count: 1

2010/10/16 20:52:56.0921 \HardDisk0\MBR - will be cured after reboot

2010/10/16 20:52:56.0921 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure

2010/10/16 20:53:31.MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000019d

Kernel Drivers (total 147):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806D0000 \WINDOWS\system32\hal.dll

0xF8AA5000 \WINDOWS\system32\KDCOM.DLL

0xF89B5000 \WINDOWS\system32\BOOTVID.dll

0xF8476000 ACPI.sys

0xF8AA7000 \WINDOWS\System32\DRIVERS\WMILIB.SYS

0xF8465000 pci.sys

0xF85A5000 isapnp.sys

0xF8AA9000 viaide.sys

0xF8825000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS

0xF85B5000 MountMgr.sys

0xF8446000 ftdisk.sys

0xF8AAB000 dmload.sys

0xF8420000 dmio.sys

0xF882D000 PartMgr.sys

0xF8835000 videX32.sys

0xF85C5000 VolSnap.sys

0xF840A000 imagedrv.sys

0xF83F2000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS

0xF83DA000 atapi.sys

0xF83C7000 viasraid.sys

0xF83B4000 viamraid.sys

0xF85D5000 disk.sys

0xF85E5000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

0xF8394000 fltmgr.sys

0xF8382000 sr.sys

0xF85F5000 PxHelp20.sys

0xF836B000 KSecDD.sys

0xF82DE000 Ntfs.sys

0xF82B1000 NDIS.sys

0xF883D000 viaagp1.sys

0xF89B9000 RecAgent.sys

0xF8297000 Mup.sys

0xF8605000 gagp30kx.sys

0xF8AA1000 \SystemRoot\system32\DRIVERS\tunmp.sys

0xF7909000 \SystemRoot\system32\DRIVERS\AmdK8.sys

0xF72C8000 \SystemRoot\System32\DRIVERS\nv4_mini.sys

0xF72B4000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS

0xF8695000 \SystemRoot\System32\DRIVERS\imapi.sys

0xF86A5000 \SystemRoot\System32\DRIVERS\cdrom.sys

0xF86B5000 \SystemRoot\System32\DRIVERS\redbook.sys

0xF7291000 \SystemRoot\System32\DRIVERS\ks.sys

0xF8945000 \SystemRoot\System32\DRIVERS\usbuhci.sys

0xF726D000 \SystemRoot\System32\DRIVERS\USBPORT.SYS

0xF894D000 \SystemRoot\System32\DRIVERS\usbehci.sys

0xF6E7E000 \SystemRoot\system32\drivers\ALCXWDM.SYS

0xF6E5A000 \SystemRoot\system32\drivers\portcls.sys

0xF86D5000 \SystemRoot\system32\drivers\drmk.sys

0xF6E40000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys

0xF8955000 \SystemRoot\System32\DRIVERS\fdc.sys

0xF8705000 \SystemRoot\System32\DRIVERS\serial.sys

0xF826F000 \SystemRoot\System32\DRIVERS\serenum.sys

0xF6E2C000 \SystemRoot\System32\DRIVERS\parport.sys

0xF826B000 \SystemRoot\System32\DRIVERS\gameenum.sys

0xF8BF9000 \SystemRoot\System32\DRIVERS\audstub.sys

0xF8715000 \SystemRoot\System32\DRIVERS\rasl2tp.sys

0xF8A49000 \SystemRoot\System32\DRIVERS\ndistapi.sys

0xF38A5000 \SystemRoot\System32\DRIVERS\ndiswan.sys

0xF61F6000 \SystemRoot\System32\DRIVERS\raspppoe.sys

0xF61E6000 \SystemRoot\System32\DRIVERS\raspptp.sys

0xF88ED000 \SystemRoot\System32\DRIVERS\TDI.SYS

0xF3894000 \SystemRoot\System32\DRIVERS\psched.sys

0xF61D6000 \SystemRoot\System32\DRIVERS\msgpc.sys

0xF8875000 \SystemRoot\System32\DRIVERS\ptilink.sys

0xF8895000 \SystemRoot\System32\DRIVERS\raspti.sys

0xEFB78000 \SystemRoot\System32\DRIVERS\rdpdr.sys

0xF12F5000 \SystemRoot\System32\DRIVERS\termdd.sys

0xF8885000 \SystemRoot\System32\DRIVERS\kbdclass.sys

0xF886D000 \SystemRoot\System32\DRIVERS\mouclass.sys

0xF8B11000 \SystemRoot\System32\DRIVERS\swenum.sys

0xEFB1A000 \SystemRoot\System32\DRIVERS\update.sys

0xEFC28000 \SystemRoot\System32\DRIVERS\mssmbios.sys

0xF06A9000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF0520000 \SystemRoot\System32\DRIVERS\usbhub.sys

0xF0955000 \SystemRoot\System32\DRIVERS\USBD.SYS

0xEBF54000 \SystemRoot\System32\DRIVERS\flpydisk.sys

0xEFC18000 \SystemRoot\System32\Drivers\i2omgmt.SYS

0xF8B0B000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF8B73000 \SystemRoot\System32\Drivers\Null.SYS

0xF8B13000 \SystemRoot\System32\Drivers\Beep.SYS

0xEBF4C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xEBF44000 \SystemRoot\System32\drivers\vga.sys

0xF8B23000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF8B25000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xEBF3C000 \SystemRoot\System32\Drivers\Msfs.SYS

0xEBF34000 \SystemRoot\System32\Drivers\Npfs.SYS

0xEFC08000 \SystemRoot\System32\DRIVERS\rasacd.sys

0xEB8DD000 \SystemRoot\System32\DRIVERS\ipsec.sys

0xEB884000 \SystemRoot\System32\DRIVERS\tcpip.sys

0xEBCE5000 \SystemRoot\System32\Drivers\aswTdi.SYS

0xEB85C000 \SystemRoot\System32\DRIVERS\netbt.sys

0xEFBF4000 \SystemRoot\System32\drivers\ws2ifsl.sys

0xEB83A000 \SystemRoot\System32\drivers\afd.sys

0xEBCD5000 \SystemRoot\System32\DRIVERS\netbios.sys

0xEBCB5000 \SystemRoot\System32\Drivers\SCDEmu.SYS

0xEBAD0000 \SystemRoot\System32\DRIVERS\rdbss.sys

0xEBA60000 \SystemRoot\System32\DRIVERS\mrxsmb.sys

0xEBCA5000 \SystemRoot\System32\Drivers\Fips.SYS

0xEBA3A000 \SystemRoot\System32\DRIVERS\ipnat.sys

0xEBC95000 \SystemRoot\System32\DRIVERS\wanarp.sys

0xF8CEF000 \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys

0xEBA13000 \SystemRoot\System32\Drivers\aswSP.SYS

0xEBF1C000 \SystemRoot\System32\Drivers\Aavmker4.SYS

0xEBC75000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xF3436000 \SystemRoot\System32\DRIVERS\hidusb.sys

0xEB823000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS

0xEB813000 \SystemRoot\System32\Drivers\LHidUsbK.Sys

0xEDE28000 \SystemRoot\system32\DRIVERS\LHidKE.Sys

0xF343A000 \SystemRoot\System32\DRIVERS\mouhid.sys

0xEBA01000 \SystemRoot\System32\Drivers\LMouKE.sys

0xEDE20000 \SystemRoot\System32\DRIVERS\usbccgp.sys

0xEDE10000 \SystemRoot\system32\DRIVERS\usbprint.sys

0xEDEC6000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS

0xEB803000 \SystemRoot\system32\drivers\LVUSBSta.sys

0xEDDEE000 \SystemRoot\system32\drivers\usbaudio.sys

0xF626A000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xF1898000 \SystemRoot\System32\Drivers\dump_diskdump.sys

0xEB9EE000 \SystemRoot\System32\Drivers\dump_viamraid.sys

0xBF800000 \SystemRoot\System32\win32k.sys

0xF1878000 \SystemRoot\System32\drivers\Dxapi.sys

0xF8915000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF8C7A000 \SystemRoot\System32\drivers\dxgthk.sys

0xBF012000 \SystemRoot\System32\nv4_disp.dll

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xEFD3C000 \SystemRoot\System32\Drivers\aswFsBlk.SYS

0xBA7EA000 \SystemRoot\System32\DRIVERS\nwlnkipx.sys

0xF3824000 \SystemRoot\System32\DRIVERS\nwlnknb.sys

0xF825B000 \SystemRoot\System32\DRIVERS\ndisuio.sys

0xBA75B000 \SystemRoot\System32\Drivers\aswMon2.SYS

0xBA70F000 \SystemRoot\System32\Drivers\Fastfat.SYS

0xF12D5000 \SystemRoot\System32\DRIVERS\nwlnkspx.sys

0xBA60A000 \SystemRoot\system32\drivers\wdmaud.sys

0xF8635000 \SystemRoot\system32\drivers\sysaudio.sys

0xBA470000 \SystemRoot\System32\DRIVERS\mrxdav.sys

0xEBF14000 \SystemRoot\System32\Drivers\ParVdm.SYS

0xBA42D000 \SystemRoot\system32\DRIVERS\atksgt.sys

0xF8C82000 \SystemRoot\System32\Drivers\LBeepKE.sys

0xF6236000 \SystemRoot\system32\DRIVERS\lirsgt.sys

0xBA33D000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys

0xBA26B000 \SystemRoot\System32\DRIVERS\secdrv.sys

0xF88AD000 \SystemRoot\system32\Drivers\LVPr2Mon.sys

0xF0761000 \SystemRoot\System32\DRIVERS\nwlnkfwd.sys

0xBA053000 \SystemRoot\System32\DRIVERS\nwlnkflt.sys

0xF88D5000 \SystemRoot\System32\Drivers\aswRdr.SYS

0xB9932000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 41):

0 System Idle Process

4 System

668 C:\WINDOWS\system32\smss.exe

752 csrss.exe

776 C:\WINDOWS\system32\winlogon.exe

820 C:\WINDOWS\system32\services.exe

832 C:\WINDOWS\system32\lsass.exe

996 C:\WINDOWS\system32\svchost.exe

1072 svchost.exe

1168 C:\WINDOWS\system32\svchost.exe

1228 svchost.exe

1348 svchost.exe

1564 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

228 C:\WINDOWS\system32\spoolsv.exe

248 C:\WINDOWS\explorer.exe

1260 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe

1296 C:\Program Files\Common Files\Java\Java Update\jusched.exe

1316 C:\WINDOWS\system32\rundll32.exe

1336 C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe

1644 svchost.exe

1780 C:\Program Files\ewido anti-spyware 4.0\guard.exe

1804 C:\WINDOWS\soundman.exe

324 C:\Program Files\Java\jre6\bin\jqs.exe

1672 C:\Program Files\Logitech\SetPoint\SetPoint.exe

524 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

552 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

612 C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

684 C:\WINDOWS\system32\nvsvc32.exe

856 C:\WINDOWS\system32\slserv.exe

836 C:\WINDOWS\system32\svchost.exe

1056 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

1788 C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe

2116 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2152 C:\WINDOWS\system32\wuauclt.exe

2504 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

2768 alg.exe

3544 C:\Program Files\Mozilla Firefox\firefox.exe

3556 C:\Program Files\Mozilla Firefox\plugin-container.exe

3032 C:\WINDOWS\system32\notepad.exe

3764 C:\WINDOWS\system32\wuauclt.exe

1344 C:\Documents and Settings\Ziehos\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: Maxtor 6B100M0, Rev: BANC

Size Device Name MBR Status

--------------------------------------------

93 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: 31D100779DE502702C374F7C15687B56FCFD5528

Done!0187 Deinitialize success

Link to post
Share on other sites

Any improvement so far?

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------


    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combofix.exe & follow the prompts.

[*]Install the Recovery Console if prompted.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\ComboFix.txt" .

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Link to post
Share on other sites

alright that c:\windows\TEMP\logishrd\LVPrcInj01.dll is impossible to get rid of I had it 4 months ago or when I was here last it says it deletes it, but it actually doesn't.

ComboFix 10-10-16.04 - Ziehos 10/17/2010 16:47:13.20.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.191 [GMT -5:00]

Running from: c:\documents and settings\Ziehos\Desktop\ComboFix1.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.

((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))

.

2010-10-17 21:13 . 2010-09-29 18:11 1251944 ----a-w- c:\windows\RtlExUpd.dll

2010-10-17 02:07 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-17 02:07 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-17 02:07 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-10-15 01:44 . 2010-10-15 01:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2010-10-12 19:40 . 2010-10-12 19:40 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-10-07 19:33 . 2010-10-07 19:33 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\documents and settings\Ziehos\Application Data\mjusbsp\cdloader2.exe" [2010-08-15 50592]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="nwiz.exe" [2008-05-16 1630208]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-06-12 200704]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

"AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 94208]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 94208]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"AgataSoft ShutDown Pro"="c:\program files\AgataSoft\AgataSoft ShutDown Pro\AgataSoft_ShutDown_Pro.exe" [2010-04-21 2335744]

"Emocubohoja"="c:\windows\apayapev.dll" [bU]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-8-7 671744]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi3"=vmcmidiport.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hawking Wireless Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Hawking Wireless Utility.lnk

backup=c:\windows\pss\Hawking Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk

backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]

1998-12-01 00:04 497376 ----a-w- c:\windows\p_981116.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2006-10-30 15:36 256576 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2008-08-14 22:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2008-08-14 22:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

2003-07-13 08:49 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2008-03-14 23:50 233472 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2008-08-12 23:19 21741864 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2007-04-16 20:28 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-01-26 21:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2007-01-27 21:42 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

2007-08-30 22:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Neuro-Programmer 2 Professional\\Neuro-Programmer 2.exe"=

"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=

"c:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\nestc042\\NESTCL95.EXE"=

"c:\\Documents and Settings\\Ziehos\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5060:UDP"= 5060:UDP:magicjack

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [8/9/2005 6:52 PM 75904]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/12/2010 9:50 PM 165584]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/12/2010 9:50 PM 17744]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [8/7/2010 11:11 AM 3712]

R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [7/17/2009 8:32 AM 3576320]

S0 pjyvmj;pjyvmj;c:\windows\system32\drivers\flacy.sys --> c:\windows\system32\drivers\flacy.sys [?]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [8/7/2010 11:22 AM 181792]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/7/2007 7:16 PM 691696]

.

Contents of the 'Scheduled Tasks' folder

2010-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-10-17 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 03:18]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm

IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML

IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

IE: Download web site with Free Download Manager - file://c:\program files\Free Download Manager\dlpage.htm

IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - hxxp://www.riffinteractive.com/setup/RiffLick.cab

FF - ProfilePath - c:\documents and settings\Ziehos\Application Data\Mozilla\Firefox\Profiles\z1c93oeu.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\documents and settings\Ziehos\Application Data\Move Networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\Ziehos\Application Data\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Google

FF - user.js: browser.search.order.1 - Google

FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

.

------- File Associations -------

.

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

.

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)

c:\windows\system32\vmcmidiport.dll

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\System32\NavLogon.dll

- - - - - - - > 'lsass.exe'(828)

c:\windows\system32\vmcmidiport.dll

- - - - - - - > 'explorer.exe'(7460)

c:\windows\system32\WININET.dll

c:\windows\system32\vmcmidiport.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\ewido anti-spyware 4.0\guard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\system32\RUNDLL32.EXE

.

**************************************************************************

.

Completion time: 2010-10-17 17:06:30 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-17 22:06

ComboFix2.txt 2010-10-16 10:53

Pre-Run: 5,204,258,816 bytes free

Post-Run: 5,195,313,152 bytes free

Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4

- - End Of File - - 4275FDAC705821B044C903040818A42B

Link to post
Share on other sites

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop

Driver::

pjyvmj

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Emocubohoja"=-

File::

c:\windows\apayapev.dll

CFScriptB-4.gif

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report.

Link to post
Share on other sites

ComboFix 10-10-16.04 - Ziehos 10/17/2010 20:04:58.21.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.175 [GMT -5:00]

Running from: c:\documents and settings\Ziehos\Desktop\ComboFix1.exe

Command switches used :: c:\documents and settings\Ziehos\Desktop\CFScript.txt

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::

"c:\windows\apayapev.dll"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_pjyvmj

((((((((((((((((((((((((( Files Created from 2010-09-18 to 2010-10-18 )))))))))))))))))))))))))))))))

.

2010-10-17 21:13 . 2010-09-29 18:11 1251944 ----a-w- c:\windows\RtlExUpd.dll

2010-10-17 02:07 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll

2010-10-17 02:07 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll

2010-10-17 02:07 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

2010-10-15 01:44 . 2010-10-15 01:44 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2010-10-12 19:40 . 2010-10-12 19:40 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-10-07 19:33 . 2010-10-07 19:33 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"cdloader"="c:\documents and settings\Ziehos\Application Data\mjusbsp\cdloader2.exe" [2010-08-15 50592]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"nwiz"="nwiz.exe" [2008-05-16 1630208]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-06-12 200704]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]

"AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-08-09 528384]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2006-07-19 94208]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-07-19 94208]

"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

"AgataSoft ShutDown Pro"="c:\program files\AgataSoft\AgataSoft ShutDown Pro\AgataSoft_ShutDown_Pro.exe" [2010-04-21 2335744]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-8-7 671744]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi3"=vmcmidiport.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Hawking Wireless Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Hawking Wireless Utility.lnk

backup=c:\windows\pss\Hawking Wireless Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VIA RAID TOOL.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk

backup=c:\windows\pss\VIA RAID TOOL.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]

1998-12-01 00:04 497376 ----a-w- c:\windows\p_981116.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2006-10-30 15:36 256576 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]

2008-08-14 22:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]

2008-08-14 22:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

2003-07-13 08:49 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2008-03-14 23:50 233472 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 02:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2008-08-12 23:19 21741864 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

2007-04-16 20:28 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-01-26 21:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2007-01-27 21:42 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

2007-08-30 22:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

"c:\\Program Files\\Neuro-Programmer 2 Professional\\Neuro-Programmer 2.exe"=

"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=

"c:\\Program Files\\Common Files\\LogiShrd\\LVCOMSER\\LVComSer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\nestc042\\NESTCL95.EXE"=

"c:\\Documents and Settings\\Ziehos\\Application Data\\mjusbsp\\magicJack.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5060:UDP"= 5060:UDP:magicjack

"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015

"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016

"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [8/9/2005 6:52 PM 75904]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/12/2010 9:50 PM 165584]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/12/2010 9:50 PM 17744]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [8/7/2010 11:11 AM 3712]

R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [7/17/2009 8:32 AM 3576320]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [8/7/2010 11:22 AM 181792]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/7/2007 7:16 PM 691696]

.

Contents of the 'Scheduled Tasks' folder

2010-10-07 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-10-18 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-29 03:18]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm

IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML

IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm

IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm

IE: Download web site with Free Download Manager - file://c:\program files\Free Download Manager\dlpage.htm

IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - hxxp://www.riffinteractive.com/setup/RiffLick.cab

FF - ProfilePath - c:\documents and settings\Ziehos\Application Data\Mozilla\Firefox\Profiles\z1c93oeu.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=

FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\documents and settings\Ziehos\Application Data\Move Networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\Ziehos\Application Data\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: browser.search.selectedEngine - Google

FF - user.js: browser.search.order.1 - Google

FF - user.js: keyword.URL - hxxp://search.search-star.net/?sid=10101038100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)

c:\windows\system32\vmcmidiport.dll

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\System32\NavLogon.dll

- - - - - - - > 'lsass.exe'(828)

c:\windows\system32\vmcmidiport.dll

- - - - - - - > 'explorer.exe'(6960)

c:\windows\system32\WININET.dll

c:\windows\system32\vmcmidiport.dll

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\ewido anti-spyware 4.0\guard.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\system32\RUNDLL32.EXE

.

**************************************************************************

.

Completion time: 2010-10-17 20:22:58 - machine was rebooted

ComboFix-quarantined-files.txt 2010-10-18 01:22

ComboFix2.txt 2010-10-17 22:06

ComboFix3.txt 2010-10-16 10:53

Pre-Run: 4,424,433,664 bytes free

Post-Run: 4,359,475,200 bytes free

Current=4 Default=4 Failed=1 LastKnownGood=3 Sets=1,2,3,4

- - End Of File - - 8CDE625E2EB3E637D56F9105BCFBDFC4

Link to post
Share on other sites

That looks much better.

Lets scan for remnants:

bf_new.gif Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instructions below under Upgrading Java, to download and install the latest version.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure the following are checked
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

[*]Please post this log in your next reply.

Attention! Kaspersky Online Scanner 7.0 may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate the anti-virus software installed on your computer prior to starting Kaspersky Online Scanner 7.0.

Upgrading Java :

  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 21 .
  • Click the JDK 6 Update 21 (JDK or JRE) "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation ( jre-6u21-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586.exe and select "Run as an Administrator.")

Link to post
Share on other sites

I'm not gonna use kaspersky so if there's another one it runs way too slow I let it run for an hour and a half and it was only 11% done at that rate it would take 10 hours. ran Malware bytes updated and didn't find anything.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4879

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

10/19/2010 6:13:54 AM

mbam-log-2010-10-19 (06-13-54).txt

Scan type: Quick scan

Objects scanned: 140221

Time elapsed: 11 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

alright that didn't take as long 2 hours about no full report that I saw I could copy,but it did find 2 things.

C:\Documents and Settings\Ziehos\My Documents\Downloads\Amplitube\IK Multimedia AmpliTube v2.1.exe probably a variant of Win32/Agent.NSVUHFW trojan cleaned by deleting - quarantined

C:\Program Files\Neuro-Programmer 2 Professional\BASSSYNC.0LL probably a variant of Win32/Agent.DJRLWZD trojan cleaned by deleting - quarantined

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.