Jump to content

Recommended Posts

Here you can find my first post: http://forums.malwarebytes.org/index.php?showtopic=68045

-----------------------------------------------------------------------------------------------------------

malwarebytes install/execute --> unable to execute because of 0 and 440 errors at the startup of the program (see my first post)

defogger disable --> ok

DDS --> i needed to to this 3 times because of system crashes (somtimes the system simply freeze, and i'm not able to do anything... just an hard reset)

(the system became instable: sometime all the icons on the desktop disappear, sometime I get unknown error message, ... )

GMER -- > after abour 40minutes of scan it finisher it work, but i'm not able to save the log. I click -save-, but nothing happen.

Than the pc freeze, beep, and i have to hard reset it

note taht i'm doing everything offline, downloading the files from another pc, then transfering thos files via a usb key

help!!! thanx

---

never made a scan with Malwarebytes' Anti-Malware. so, no log.

DDS:

DDS (Ver_10-11-10.01) - NTFSx86

Run by TRH at 9:58:55,48 on 19/11/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3326.2240 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000010-0000-0000-0000-0000D8023D00}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000010-0000-0000-0000-0000D8023C00}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-0000-000000000000}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0012EF40-0002-0000-8843-927C00F0FF7F}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000ECFD7F}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-6C25-9E7C08000A00}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000FCFD7F}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {006E0069-0053-0078-5300-5C0000004100}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000002-0002-0000-7C25-9E7C08000A00}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000040-0000-0000-0000-0000E8013D00}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {0012EE84-FFFC-FFFF-0200-00004FBCC4F1}

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {00000000-0000-0000-1200-140000DCFD7F}

AV: Emsisoft Anti-Malware *On-access scanning enabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {003F0060-0000-0000-88F9-130000000000}

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {00000000-0000-0100-B4F2-120000000043}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:ProgrammiEmsisoft Anti-Malwarea2service.exe

C:WINDOWSsystem32svchost -k DcomLaunch

svchost.exe

E:SicurezzaComodoCOMODOCOMODO Internet Securitycmdagent.exe

C:WINDOWSsystem32svchost.exe -k netsvcs

C:WINDOWSsystem32svchost.exe -k WudfServiceGroup

C:ProgrammiIntelWiFibinS24EvMon.exe

svchost.exe

svchost.exe

C:WINDOWSsystem32spoolsv.exe

E:SicurezzaAviraAntiVir Desktopsched.exe

svchost.exe

C:Programmi3d-io pluginslicensing_v2ActiveLockServerV2.exe

E:ScannerabbyyNetworkLicenseServer.exe

E:SicurezzaAviraAntiVir Desktopavguard.exe

C:ProgrammiFile comuniAppleMobile Device SupportAppleMobileDeviceService.exe

C:PROGRA~1ESRILicensearcgis9xlmgrd.exe

E:SicurezzaAviraAntiVir Desktopavshadow.exe

C:ProgrammiArchVisionArchVision Content ManagerrpcACMapp.exe

C:WINDOWSsystem32astsrv.exe

C:PROGRA~1ESRILicensearcgis9xlmgrd.exe

C:ProgrammiBonjourmDNSResponder.exe

svchost.exe

C:WINDOWSSystem32svchost.exe -k eapsvcs

C:ProgrammiIntelWiFibinEvtEng.exe

C:WINDOWSsystem32hasplms.exe

C:ProgrammiGoogleUpdateGoogleUpdate.exe

C:Programmicebasip-clampipclamp.exe

C:ProgrammiFile comuniOptical Research AssociatesLightToolsltService.exe

E:Architettura3dMax2010Designmentalraysatelliteraysat_3dsmax2010_32server.e

xe

E:Architettura3dMax2011mentalimagessatelliteraysat_3dsmax2011_32server.exe

C:WINDOWSsystem32MNSFramework.exe

C:ProgrammiFile comuniNeroNero BackItUp 4NBService.exe

C:ProgrammiDellQuickSetNICCONFIGSVC.exe

C:WINDOWSsystem32nlssrv32.exe

C:ProgrammiNVIDIA CorporationPerformance DriversnvPDsvc.exe

C:WINDOWSsystem32nvsvc32.exe

E:ManutenzionePerfectDiskPDAgent.exe

C:ProgrammiFile comuniIntelWirelessCommonRegSrvc.exe

C:ProgrammiCyberLinkShared FilesRichVideo.exe

C:ProgrammiMicrosoft SQL Server90Sharedsqlwriter.exe

C:WINDOWSsystem32svchost.exe -k imgsvc

C:ProgrammiWestern DigitalWD SmartWareWD Drive ManagerWDDMService.exe

C:ProgrammiIntelWiFibinWLKeeper.exe

C:WINDOWSExplorer.EXE

C:ProgrammiSynapticsSynTPSynTPEnh.exe

C:ProgrammiSigmaTelC-Major AudioWDMstsystra.exe

C:ProgrammiDellQuickSetQuickset.exe

C:ProgrammiFile comuniLogitechQCDriver3LVCOMS.EXE

C:ProgrammiIntelWiFibinZCfgSvc.exe

C:ProgrammiFile comuniIntelWirelessCommoniFrmewrk.exe

C:ProgrammiLogitechSetPointPSetPoint.exe

C:ProgrammiFile comuniLogiShrdKHAL3KHALMNPR.EXE

E:SicurezzaComodoCOMODOCOMODO Internet Securitycfp.exe

C:WINDOWSsystem32wbemunsecapp.exe

C:PROGRAMMIEMSISOFT ANTI-MALWAREa2guard.exe

E:SicurezzaAviraAntiVir Desktopavgnt.exe

C:ProgrammiI8kfanGUII8kfanGUI.exe

C:ProgrammiGadwin SystemsPrintScreenProPrintScreenPro.exe

C:WINDOWSsystem32ctfmon.exe

C:ProgrammiSUPERAntiSpywareSUPERAntiSpyware.exe

C:ProgrammiWidget vodafone.itWidget vodafone.it.exe

E:InternetFirefoxfirefox.exe

E:downloadDefogger.exe

C:WINDOWSexplorer.exe

C:Documents and SettingsTRHDesktopdds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.it/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:programmifile comuniadobeacrobatactivexAcroIEHelperShim.dll

BHO: DIALux 3.1 ULDBrowserHelper Class: {69ab812a-8ce4-4bf3-b49b-3b60a9f31fb2} - e:architetturadialuxDLXShellExtension.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - e:sistemaofficeoffice12GrooveShellExtensions.dll

BHO: Guida per l'accesso a Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:programmifile comunimicrosoft sharedwindows liveWindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:programmifile comuniadobeacrobatactivexAcroIEFavClient.dll

BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:programmiidmquickfindpluginsIEHelp.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:programmifile comuniadobeacrobatactivexAcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:programmifile comuniadobeacrobatactivexAcroIEFavClient.dll

uRun: [i8kfangui] c:programmii8kfanguiI8kfanGUI.exe /startup

uRun: [Gadwin PrintScreen Pro] c:programmigadwin systemsprintscreenproPrintScreenPro.exe /nosplash

uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe

uRun: [sUPERAntiSpyware] c:programmisuperantispywareSUPERAntiSpyware.exe

mRun: [synTPEnh] c:programmisynapticssyntpSynTPEnh.exe

mRun: [sigmatelSysTrayApp] %ProgramFiles%SigmaTelC-Major AudioWDMstsystra.exe

mRun: [Dell QuickSet] c:programmidellquicksetQuickset.exe

mRun: [LVCOMS] c:programmifile comunilogitechqcdriver3LVCOMS.EXE

mRun: [intelZeroConfig] "c:programmiintelwifibinZCfgSvc.exe"

mRun: [intelWireless] "c:programmifile comuniintelwirelesscommoniFrmewrk.exe" /tf Intel Wireless Tray

mRun: [EvtMgr6] c:programmilogitechsetpointpSetPoint.exe /launchGaming

mRun: [NvCplDaemon] RUNDLL32.EXE c:windowssystem32NvCpl.dll,NvStartup

mRun: [COMODO Internet Security] "e:sicurezzacomodocomodocomodo internet securitycfp.exe" -h

mRun: [KernelFaultCheck] %systemroot%system32dumprep 0 -k

mRun: [a-squared] "c:programmiemsisoft anti-malwarea2guard.exe" /d=60

mRun: [avgnt] "e:sicurezzaaviraantivir desktopavgnt.exe" /min

dRun: [CTFMON.EXE] c:windowssystem32CTFMON.EXE

StartupFolder: c:docume~1trhmenuav~1progra~1esecuz~1setup_~1.lnk - c:documents and settingstrhdesktopvirus removal toolsetup_9.0.0.722_17.11.2010_22-14startup.exe

StartupFolder: c:docume~1trhmenuav~1progra~1esecuz~1widget~1.lnk - c:programmiwidget vodafone.itWidget vodafone.it.exe

StartupFolder: c:docume~1trhmenuav~1progra~1esecuz~1setup_~1.lnk - c:documents and settingstrhdesktopvirus removal toolsetup_9.0.0.722_17.11.2010_22-14startup.exe

StartupFolder: c:docume~1trhmenuav~1progra~1esecuz~1widget~1.lnk - c:programmiwidget vodafone.itWidget vodafone.it.exe

IE: Append Link Target to Existing PDF - c:programmifile comuniadobeacrobatactivexAcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:programmifile comuniadobeacrobatactivexAcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:programmifile comuniadobeacrobatactivexAcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:programmifile comuniadobeacrobatactivexAcroIEFavClient.dll/AcroIECapture.html

IE: Download with - c:programmixilisoftdownload youtube videoupod_link.HTM

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:programmimessengermsmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:sistemaofficeoffice12ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:sistemaofficeoffice12REFIEBAR.DLL

TCP: {B3E33D71-5AA5-40FE-9E7D-22BEC5D6A25C} = 208.67.222.222,208.67.220.220

Handler: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - e:architetturadialuxDLXToolBox.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:sistemaofficeoffice12GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:progra~1fileco~1skypeSKYPE4~1.DLL

Notify: !SASWinLogon - c:programmisuperantispywareSASWINLO.DLL

Notify: LBTWlgn - c:programmifile comunilogishrdbluetoothLBTWlgn.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:sistemaofficeoffice12GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:programmisuperantispywareSASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:docume~1trhdatiap~1mozillafirefoxprofileswyk38ngl.default

FF - prefs.js: browser.search.selectedEngine - De Mauro - Sinonimi e contrari

FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1396957&SearchSource=2&q=

FF - plugin: c:documents and settingstrhimpostazioni localidati applicazionigoogleupdate1.2.183.39npGoogleOneClick8.dll

FF - plugin: c:programmiearth resource mappingimage web serverfirefox plug-inNP_NCS6.dll

FF - plugin: c:programmiearth resource mappingimage web serverfirefox plug-inNP_NCSPB6.dll

FF - plugin: c:programmiearth resource mappingimage web serverfirefox plug-inNP_NCSTB6.dll

FF - plugin: c:programmigooglegoogle earthpluginnpgeplugin.dll

FF - plugin: c:programmigoogleupdate1.2.183.39npGoogleOneClick8.dll

FF - plugin: c:programmijavajre6binnew_pluginnpdeployJava1.dll

FF - plugin: c:programmitvuplayernpTVUAx.dll

FF - plugin: e:audioitunesmozilla pluginsnpitunes.dll

FF - plugin: e:playersquicktimepluginsnpqtplugin.dll

FF - plugin: e:playersquicktimepluginsnpqtplugin2.dll

FF - plugin: e:playersquicktimepluginsnpqtplugin3.dll

FF - plugin: e:playersquicktimepluginsnpqtplugin4.dll

FF - plugin: e:playersquicktimepluginsnpqtplugin5.dll

FF - plugin: e:playersquicktimepluginsnpqtplugin6.dll

FF - plugin: e:playersquicktimepluginsnpqtplugin7.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsmicrosoft.netframeworkv3.5windows presentation foundationdotnetassistantextension

FF - HiddenExtension: Java Console: No Registry Reference - e:internetfirefoxextensions{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

e:internetfirefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

e:internetfirefoxgreprefsall.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

e:internetfirefoxgreprefsall.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

e:internetfirefoxgreprefsall.js - pref("network.IDN.whitelist.xn--j6w193g", true);

e:internetfirefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

e:internetfirefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

e:internetfirefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

e:internetfirefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

e:internetfirefoxgreprefsall.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

e:internetfirefoxgreprefsall.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 10145712;10145712 Boot Guard Driver;c:windowssystem32drivers10145712.sys [2010-11-12 37392]

R0 42142092;42142092 Boot Guard Driver;c:windowssystem32drivers42142092.sys [2010-11-12 37392]

R0 58084562;58084562 Boot Guard Driver;c:windowssystem32drivers58084562.sys [2010-11-17 37392]

R0 hotcore3;hc3ServiceName;c:windowssystem32drivershotcore3.sys [2010-10-27 40560]

R1 42142091;42142091;c:windowssystem32drivers42142091.sys [2010-11-12 128016]

R1 58084561;58084561;c:windowssystem32drivers58084561.sys [2010-11-17 128016]

R1 a2injectiondriver;a2injectiondriver;c:programmiemsisoft anti-malwarea2dix86.sys [2010-11-15 41928]

R1 a2util;a-squared Malware-IDS utility driver;c:programmiemsisoft anti-malwarea2util32.sys [2010-11-15 11776]

R1 avgio;avgio;e:sicurezzaaviraantivir desktopavgio.sys [2010-11-17 11608]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:windowssystem32driverscmdGuard.sys [2010-9-10 239240]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:windowssystem32driverscmdhlp.sys [2010-9-10 25240]

R1 fanio;FanIO driver;c:windowssystem32driversfanio.sys [2009-6-16 14464]

R1 SASDIFSV;SASDIFSV;c:programmisuperantispywaresasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:programmisuperantispywareSASKUTIL.SYS [2010-5-10 67656]

R1 setup_9.0.0.722_12.11.2010_10-13drv;setup_9.0.0.722_12.11.2010_10-13drv;c:windowssystem32drivers1014571.sys [2010-11-12 315408]

R2 3d-io License Server v2.0;3d-io License Server v2.0;c:programmi3d-io pluginslicensing_v2ActiveLockServerV2.exe [2009-1-28 45056]

R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:programmiemsisoft anti-malwarea2service.exe [2010-11-15 2953808]

R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 - Servizio Gestione licenze;e:scannerabbyynetworklicenseserver.exe -service --> e:scannerabbyyNetworkLicenseServer.exe -service [?]

R2 AntiVirScheduler;Avira AntiVir Scheduler;e:sicurezzaaviraantivir desktopsched.exe [2010-11-17 135336]

R2 AntiVirService;Avira AntiVir Guard;e:sicurezzaaviraantivir desktopavguard.exe [2010-11-17 267944]

R2 ArcGIS License Manager;ArcGIS License Manager;c:progra~1esrilicensearcgis9xlmgrd.exe [2010-2-4 1431440]

R2 ArchVision Content Manager Service;ArchVision Content Manager Service;c:programmiarchvisionarchvision content managerrpcacmapp.exe --service --path "c:programmiarchvisionarchvision content manager" --> c:programmiarchvisionarchvision content managerrpcacmapp.exe --service --path c:programmiarchvisionArchVision Content Manager [?]

R2 avgntflt;avgntflt;c:windowssystem32driversavgntflt.sys [2010-11-17 60936]

R2 CAMTHWDM;CAMTHWDM;c:windowssystem32driversCAMTHWDM.sys [2007-10-6 941784]

R2 cmdAgent;COMODO Internet Security Helper Service;e:sicurezzacomodocomodocomodo internet securitycmdagent.exe [2010-9-10 1901056]

R2 hasplms;HASP License Manager;c:windowssystem32hasplms.exe -run --> c:windowssystem32hasplms.exe -run [?]

R2 IPClampService;IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc.;c:programmicebasip-clampipclamp.exe [2007-11-20 45700]

R2 LBeepKE;Logitech Beep Suppression Driver;c:windowssystem32driversLBeepKE.sys [2010-11-1 10448]

R2 LTService;LTService 7.0.0.1;c:programmifile comunioptical research associateslighttoolsltService.exe [2010-2-8 761856]

R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit;e:architettura3dmax2010designmentalraysatelliteraysat_3dsmax2010_32serv

er.exe [2009-3-12 86016]

R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;e:architettura3dmax2011mentalimagessatelliteraysat_3dsmax2011_32server.

exe [2010-3-10 86016]

R2 nlsX86cc;Nalpeiron Licensing Service;c:windowssystem32nlssrv32.exe [2010-10-4 64512]

R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:programminvidia corporationperformance driversnvPDsvc.exe [2008-12-11 3575808]

R2 WDDMService;WD SmartWare Drive Manager;c:programmiwestern digitalwd smartwarewd drive managerWDDMService.exe [2009-11-5 110592]

R3 a2acc;a2acc;c:programmiemsisoft anti-malwarea2accx86.sys [2010-11-15 72808]

S0 CFRMD;CFRMD;c:windowssystem32driverscfrmd.sys --> c:windowssystem32driversCFRMD.sys [?]

S1 10145711;10145711;c:windowssystem32drivers10145711.sys --> c:windowssystem32drivers10145711.sys [?]

S1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;??c:docume~1trhimpost~1tempvspe.sys --> c:docume~1trhimpost~1tempVSPE.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:windowsmicrosoft.netframeworkv4.0.30319mscorsvw.exe [2010-3-18 130384]

S2 cpwnt;cpwnt;c:windowssystem32driverscpwnt.sys [2009-1-16 21824]

S2 gupdate;Google Update Service (gupdate);c:programmigoogleupdateGoogleUpdate.exe [2009-10-5 133104]

S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:programmiwestern digitalwd smartwarefront parlorWDSmartWareBackgroundService.exe [2009-6-16 20480]

S3 camfilt2;camfilt2;c:windowssystem32driverscamfilt2.sys [2009-7-29 94720]

S3 HPx9G+;HPx9G+ Device USB Driver;c:windowssystem32drivershpx9g2k.sys [2009-1-6 12658]

S3 hxctlflt;hxctlflt;c:windowssystem32drivershxctlflt.sys [2010-5-4 99968]

S3 ivusb;Initio Driver for USB Default Controller;c:windowssystem32driversivusb.sys --> c:windowssystem32driversivusb.sys [?]

S3 MEMSWEEP2;MEMSWEEP2;??c:windowssystem3211.tmp --> c:windowssystem3211.tmp [?]

S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:windowssystem32driversnmwcdnsu.sys [2010-8-20 137344]

S3 nmwcdnsuc;Nokia USB Flashing Generic;c:windowssystem32driversnmwcdnsuc.sys [2010-8-20 8320]

S3 rk_remover-boot;rk_remover-boot;c:windowssystem32driversrk_remover.sys [2010-11-14 53248]

S3 SwitchBoard;SwitchBoard;c:programmifile comuniadobeswitchboardSwitchBoard.exe [2010-2-19 517096]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:windowssystem32driverswdcsam.sys [2010-3-11 11520]

S3 WinRM;Windows Remote Management (WS-Management);c:windowssystem32svchost.exe -k WINRM [2004-8-19 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:windowsmicrosoft.netframeworkv4.0.30319wpfWPFFontCache_v0400.exe [2010-3-18 753504]

S4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;c:programmimicrosoft sql server100sharedsqladhlp.exe [2008-7-11 47128]

S4 RsFx0103;RsFx0103 Driver;c:windowssystem32driversRsFx0103.sys [2009-3-30 239336]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:programmimicrosoft sql servermssql10.sqlexpressmssqlbinnSQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2010-11-18 23:24:59 -------- d-----w- C:Rar$DR01.156

2010-11-18 22:36:14 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys

2010-11-18 22:36:10 20952 ----a-w- c:windowssystem32driversmbam.sys

2010-11-18 22:36:09 -------- d-----w- c:programmiMalwarebytes' Anti-Malware

2010-11-17 20:34:36 37392 ----a-w- c:windowssystem32drivers58084562.sys

2010-11-17 20:34:36 128016 ----a-w- c:windowssystem32drivers58084561.sys

2010-11-17 20:08:35 -------- d-----w- C:VundoFix Backups

2010-11-17 18:47:08 6272 -c--a-w- c:windowssystem32dllcacheapmbatt.sys

2010-11-17 18:47:08 36224 -c--a-w- c:windowssystem32dllcachean983.sys

2010-11-17 18:47:07 16969 -c--a-w- c:windowssystem32dllcacheamb8002.sys

2010-11-17 18:47:07 12032 -c--a-w- c:windowssystem32dllcacheamsint.sys

2010-11-17 18:47:06 5248 -c--a-w- c:windowssystem32dllcachealiide.sys

2010-11-17 18:47:06 26624 -c--a-w- c:windowssystem32dllcachealifir.sys

2010-11-17 18:47:05 56960 -c--a-w- c:windowssystem32dllcacheaic78xx.sys

2010-11-17 18:47:05 55168 -c--a-w- c:windowssystem32dllcacheaic78u2.sys

2010-11-17 18:47:05 27678 -c--a-w- c:windowssystem32dllcacheali5261.sys

2010-11-17 18:47:04 12800 -c--a-w- c:windowssystem32dllcacheaha154x.sys

2010-11-17 18:44:59 66048 -c--a-w- c:windowssystem32dllcaches3legacy.dll

2010-11-17 14:07:43 -------- d-----w- c:programmiGlary Utilities

2010-11-17 12:07:51 -------- d-----w- c:docume~1trhdatiap~1Avira

2010-11-17 12:03:17 60936 ----a-w- c:windowssystem32driversavgntflt.sys

2010-11-17 12:03:15 -------- d-----w- c:docume~1alluse~1datiap~1Avira

2010-11-16 13:17:24 -------- d-----w- c:docume~1trhdatiap~1SUPERAntiSpyware.com

2010-11-16 13:17:24 -------- d-----w- c:docume~1alluse~1datiap~1SUPERAntiSpyware.com

2010-11-16 13:17:12 -------- d-----w- c:programmiSUPERAntiSpyware

2010-11-16 12:03:38 -------- d-----w- c:programmiMalwarebytes

2010-11-15 15:35:08 -------- d-----w- c:programmiEmsisoft Anti-Malware

2010-11-14 20:43:10 53248 ----a-w- c:windowssystem32driversrk_remover.sys

2010-11-14 16:36:01 -------- d-----w- c:programmiCOMODO

2010-11-12 20:22:24 12872 ----a-w- c:windowssystem32bootdelete.exe

2010-11-12 20:12:43 -------- d-----w- c:programmiHitman Pro 3.5

2010-11-12 18:25:44 -------- d-----w- c:programmiNoVirusThanks

2010-11-12 12:08:12 37392 ----a-w- c:windowssystem32drivers10145712.sys

2010-11-12 12:08:12 315408 ----a-w- c:windowssystem32drivers1014571.sys

2010-11-12 09:40:30 37392 ----a-w- c:windowssystem32drivers42142092.sys

2010-11-12 09:40:30 315408 ----a-w- c:windowssystem32drivers4214209.sys

2010-11-12 09:40:30 128016 ----a-w- c:windowssystem32drivers42142091.sys

2010-11-11 21:41:13 -------- d-----w- c:docume~1trhimpost~1datiap~1Spotify

2010-11-11 21:41:13 -------- d-----w- c:docume~1trhdatiap~1Spotify

2010-11-11 21:41:09 -------- d-----w- c:programmiSpotify

2010-11-11 20:59:50 -------- d-----w- c:programmiPrevx

2010-11-11 20:59:38 -------- d-----w- c:docume~1alluse~1datiap~1PrevxCSI

2010-11-11 20:42:57 16968 ----a-w- c:windowssystem32drivershitmanpro35.sys

2010-11-11 20:41:13 -------- d-----w- c:docume~1alluse~1datiap~1Hitman Pro

2010-11-11 09:32:04 98816 ----a-w- c:windowssed.exe

2010-11-11 09:32:04 161792 ----a-w- c:windowsSWREG.exe

2010-11-10 15:01:20 -------- d-----w- c:windowssystem32winrm

2010-11-10 15:01:15 -------- dc-h--w- c:windows$968930Uinstall_KB968930$

2010-11-10 14:59:30 92184 ----a-w- c:windowssystem32SQSRVRES.DLL

2010-11-10 11:08:50 -------- d-----w- c:docume~1trhdatiap~1MumboJumbo

2010-11-10 11:08:50 -------- d-----w- c:docume~1alluse~1datiap~1MumboJumbo

2010-11-10 11:08:45 -------- d-----w- c:docume~1alluse~1datiap~1Trymedia

2010-11-10 10:29:45 -------- d-----w- c:programmiGames

2010-11-10 09:53:01 299520 ----a-w- c:windowsuninst.exe

2010-11-10 07:46:15 369152 ----a-w- c:windowssystem32avisynth.dll

2010-11-10 07:46:13 70656 ----a-w- c:windowssystem32yv12vfw.dll

2010-11-10 07:46:13 70656 ----a-w- c:windowssystem32i420vfw.dll

2010-11-10 07:46:13 -------- d-----w- c:programmiAviSynth 2.5

2010-11-09 23:22:06 -------- d-----w- c:docume~1trhdatiap~1VideoCharge Studio

2010-11-09 23:21:47 -------- d-----w- c:programmiVideoCharge Software

2010-11-09 21:30:20 -------- d-----w- C:video_output

2010-11-09 19:15:32 -------- d-----w- c:docume~1trhimpost~1datiap~1Xilisoft

2010-11-09 19:15:19 -------- d-----w- c:docume~1trhdatiap~1Xilisoft

2010-11-09 19:14:20 -------- d-----w- c:programmiXilisoft

2010-11-09 19:14:20 -------- d-----w- c:docume~1alluse~1datiap~1Xilisoft

2010-11-05 23:53:24 -------- d-----w- c:docume~1alluse~1datiap~1Nik Software

2010-11-05 23:50:51 -------- d-----w- c:programmiNik Software

2010-11-05 20:54:18 -------- d-----w- c:docume~1trhdatiap~1Athentech

2010-11-05 20:51:58 -------- d-----w- c:programmiAthentech

2010-11-04 17:30:09 -------- d-----w- c:programmiNikon

2010-11-04 16:22:42 -------- d-----w- c:programmiHard Disk Sentinel

2010-11-03 23:27:59 -------- d-----w- c:programmiHDD Regenerator

2010-11-02 15:31:25 -------- d-----w- c:programmitamasoftware

2010-11-02 11:05:36 -------- d-----w- c:docume~1alluse~1datiap~1SafeNet Sentinel

2010-11-02 11:04:33 -------- d-----w- c:programmifile comuniOptical Research Associates

2010-11-02 10:59:58 -------- d-----w- c:docume~1alluse~1datiap~1LightTools

2010-11-01 13:04:40 -------- d-----w- c:docume~1trhimpost~1datiap~1Logishrd

2010-11-01 13:04:32 16400 ----a-w- c:windowssystem32driversLNonPnP.sys

2010-11-01 13:04:03 10448 ----a-w- c:windowssystem32driversLBeepKE.sys

2010-11-01 12:47:19 -------- d-----w- c:docume~1trhdatiap~1Logishrd

2010-10-30 14:55:54 947472 ----a-w- c:windowssystem32msjava.dll

2010-10-30 14:55:54 73728 ----a-w- c:windowssystem32BurnerApLib.dll

2010-10-30 14:55:54 681256 ----a-w- c:windowssystem32WebCamPropertyWindow.dll

2010-10-30 14:55:54 42280 ----a-w- c:windowssystem32WebCamKSProxyPlugin.ax

2010-10-30 14:55:54 23848 ----a-w- c:windowssystem32libcmmn.dll

2010-10-30 14:55:54 102400 ----a-w- c:windowssystem32st50220.dll

2010-10-27 09:25:37 -------- d-----w- c:docume~1alluse~1datiap~1explauncher

2010-10-27 09:25:32 -------- d-----w- c:docume~1alluse~1datiap~1launcher

2010-10-27 09:24:33 40560 ----a-w- c:windowssystem32drivershotcore3.sys

2010-10-27 09:24:12 -------- d-----w- c:programmiParagon Software

2010-10-27 08:59:50 -------- d-----w- c:programmiEASEUS

2010-10-25 23:17:24 -------- d-----w- C:5b59075a0b5cf0c871191fe7

==================== Find3M ====================

2010-11-08 00:20:24 89088 ----a-w- c:windowsMBR.exe

2010-10-16 21:52:49 3072 ----a-w- c:windowssystem32Viveza2FC32.dll

2010-10-04 12:13:30 64512 ----a-w- c:windowssystem32nlssrv32.exe

2010-09-18 10:23:20 974848 ----a-w- c:windowssystem32mfc42u.dll

2010-09-18 06:53:18 974848 ------w- c:windowssystem32mfc42.dll

2010-09-18 06:53:18 954368 ------w- c:windowssystem32mfc40.dll

2010-09-18 06:53:18 953856 ------w- c:windowssystem32mfc40u.dll

2010-09-10 22:41:40 285480 ----a-w- c:windowssystem32guard32.dll

2010-09-10 05:49:31 916480 ----a-w- c:windowssystem32wininet.dll

2010-09-10 05:49:24 1469440 ------w- c:windowssystem32inetcpl.cpl

2010-09-08 09:17:46 94208 ----a-w- c:windowssystem32QuickTimeVR.qtx

2010-09-08 09:17:46 69632 ----a-w- c:windowssystem32QuickTime.qts

2010-09-01 11:51:14 285824 ----a-w- c:windowssystem32atmfd.dll

2010-09-01 07:54:47 1852800 ----a-w- c:windowssystem32win32k.sys

2010-08-27 08:02:24 119808 ----a-w- c:windowssystem32t2embed.dll

2010-08-27 05:58:08 99840 ----a-w- c:windowssystem32srvsvc.dll

2010-08-27 01:43:50 5632 ----a-w- c:windowssystem32xpsp4res.dll

2010-08-23 16:12:17 617472 ------w- c:windowssystem32comctl32.dll

2009-11-19 19:08:02 3749224 ----a-w- c:programmifile comuniadlmint_libFNP.dll

2009-11-19 19:08:02 2941288 ----a-w- c:programmifile comuniadlmint.dll

============= FINISH: 10:02:37,37 ===============

I've tried one more time to use gmer.

After about 30 minutes, i get a BSOD PAGE_FAULT_IN_NONPAGED_AREA

STOP: 0x00000050 (0xFE82300B, 0x00000000,0xECBE7E15,0x00000000)

pxdiipog.sys - Address ECBE7E base at ECBDC000, Datestamp 4cd7b97f

Attach.zip

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.