Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Hijack This log. SVCHOST problem


(!)

Nightmare's Avatar
Nightmare Nightmare is offline
Member with 119 posts.
THREAD STARTER
 
Join Date: Sep 2004
Experience: Intermediate
01-Feb-2012, 11:36 AM #1
Hijack This log. SVCHOST problem
svchost keeps on starting and eating up more thatn 50% of my resources. I stop it and it starts again. I also have Google as my default search engine but when I click on a link, I get redirected to varoious ad sites and never to the link that I clicked on.

Also, when svchost starts again, my computers beeps, sometimes three or four times.

I have CA antivirus running.

I have run Malwarebytes and also Superantispyware toc clean my system but the problem persists.

Any advice?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:21:50 AM, on 2/1/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baynews9.com/weather/klys...e=hillsborough
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 94.63.147.16 www.google.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CA Anti-Phishing Toolbar Helper - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll
O3 - Toolbar: CA Anti-Phishing Toolbar - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\toolbar\caIEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\casc.exe"
O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe
O4 - HKLM\..\Run: [dlldevice] %APPDATA%\dlldevice.exe
O4 - HKLM\..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [dlldevice] %APPDATA%\dlldevice.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [dplaysvr] %APPDATA%\dplaysvr.exe (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetect...etection32.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://supportcenter.rr.com/sdccommo...ad/tgctlcm.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab3.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/mis...ex-2.2.5.0.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.com/ediags/dd/...osticsxp2k.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1266880529093
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.hp.com/ediags/gmd...pdetect118.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://www.gunbroker.com/WebResource...30999680000000
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {DB31DA00-4F6F-4CC7-8627-C5A142E1FC7C} (SyncXfer Class) - http://www.syncmyride.com/Own/Module...plets/sync.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: 1235904601_m7d_opf_260209 - 1235904601_m7d_opf_260209.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: hemine - {9d6fac42-a7be-4702-87ef-75d8dc14249e} - (no file)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAAMSvc - CA - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Unknown owner - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM) (clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM)) - Unknown owner - C:\WINDOWS\system32\acodel.exe (file missing)
O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32lanmanserver (clr_optimization_v2.0.50727_32lanmanserver) - Unknown owner - C:\WINDOWS\system32\ALSndMgre.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HID Input Service HidServNla (HidServNla) - Unknown owner - C:\WINDOWS\system32\apcupsr.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe
O23 - Service: TM Engine (UmxEngine) - CA - C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe

--
End of file - 10625 bytes

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Steven at 10:37:53 on 2012-02-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2102 [GMT -5:00]
.
AV: CA Anti-Virus Plus *Enabled/Updated* {6B98D35F-BB76-41C0-876B-A50645ED099A}
FW: CA Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\casc.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamsvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\caamscanner.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.baynews9.com/weather/klystron9?animate=hillsborough
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CA Anti-Phishing Toolbar Helper: {45011cf5-e4a9-4f13-9093-f30a784eb9b2} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
TB: CA Anti-Phishing Toolbar: {0123b506-0ad9-43aa-b0cf-916c122ad4c5} - c:\program files\ca\ca internet security suite\ca anti-phishing\toolbar\caIEToolbar.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [cctray] "c:\program files\ca\ca internet security suite\casc.exe"
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
mRun: [<NO NAME>]
mRun: [dlldevice] %APPDATA%\dlldevice.exe
mRun: [dplaysvr] %APPDATA%\dplaysvr.exe
dRun: [dplaysvr] %APPDATA%\dplaysvr.exe
dRun: [dlldevice] %APPDATA%\dlldevice.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\VetRedir.dll
DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://supportcenter.rr.com/sdccommon/download/tgctlcm.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266880529093
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.gunbroker.com/WebResource.axd?d=Qydpf0KIwF1Fr6RRPI2vp09Qx7960W1PefrwdgTL1YWRWyUo6in6PN6VS 7m59gst6zjhnPK4xtevtkkiPAeNbVdLz1lm1BKvO-eVx_B2d1Lb7EFrywmMr-EfCQUqniwFPL_qr5-6LT50B9lSJqZDgme2Vksu6ajL4Qvm6a-2VX8ROm8K0&t=634230999680000000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DB31DA00-4F6F-4CC7-8627-C5A142E1FC7C} - hxxp://www.syncmyride.com/Own/Modules/UploadDownload/applets/sync.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{709889B9-1732-4423-80DE-B9F188664A3D} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: 1235904601_m7d_opf_260209 - 1235904601_m7d_opf_260209.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
AppInit_DLLs: UmxSbxExw.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {9d6fac42-a7be-4702-87ef-75d8dc14249e} - No File
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 94.63.147.16 www.google.com
.
============= SERVICES / DRIVERS ===============
.
R0 KmxAMRT;KmxAMRT;c:\windows\system32\drivers\KmxAMRT.sys [2011-7-29 164944]
R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2011-7-29 123984]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2011-1-24 13696]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2011-7-29 83536]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2011-7-29 63056]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2011-7-28 116304]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 67664]
R1 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver;c:\windows\system32\ZDCndis5.sys [2009-3-25 20736]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-31 116608]
R2 CAAMSvc;CAAMSvc;c:\program files\ca\ca internet security suite\ca anti-virus plus\CAAMSvc.exe [2011-5-30 206152]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus plus\isafe.exe [2011-5-30 222544]
R2 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\ca\ca internet security suite\ccschedulersvc.exe [2011-5-30 206160]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-1-29 21992]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2011-7-29 150608]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2011-7-29 82000]
R2 ppsio2;PPDevice;c:\windows\system32\drivers\ppsio2.sys [2007-2-24 23200]
R2 uacFlt;Plantronics USB Audio Adapter EQ Filter Driver;c:\windows\system32\drivers\uacflt.sys [2007-3-3 21276]
R2 UmxEngine;TM Engine;c:\program files\ca\sharedcomponents\tmengine\UmxEngine.exe [2011-4-4 662096]
R3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\drivers\MAudioDelta.sys [2011-1-26 302472]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2011-7-29 331344]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-1-29 27632]
S0 ajxm;ajxm;c:\windows\system32\drivers\ebynkc.sys --> c:\windows\system32\drivers\ebynkc.sys [?]
S2 clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM);.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32 Intelligent Application Manager (IAM);c:\windows\system32\acodel.exe srv --> c:\windows\system32\acodel.exe srv [?]
S2 clr_optimization_v2.0.50727_32lanmanserver;.NET Runtime Optimization Service v2.0.50727_X86 clr_optimization_v2.0.50727_32lanmanserver;c:\windows\system32\alsndmgre.ex e srv --> c:\windows\system32\ALSndMgre.exe srv [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-30 136176]
S2 HidServNla;HID Input Service HidServNla;c:\windows\system32\apcupsr.exe srv --> c:\windows\system32\apcupsr.exe srv [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-1-24 1684736]
S3 APL531;35mm Film Scanner;c:\windows\system32\drivers\filmscan.sys --> c:\windows\system32\drivers\FILMSCAN.sys [?]
S3 FXDrv32;FXDrv32;\??\d:\fxdrv32.sys --> d:\FXDrv32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-30 136176]
S3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\drivers\lgatbus.sys [2008-8-7 43024]
S3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\drivers\lgatmdm.sys [2008-8-7 77104]
S3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\drivers\lgatserd.sys [2008-8-7 60816]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.s ys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPUSB;NPUSB;c:\windows\system32\drivers\npusb.sys [2007-2-24 15360]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [2006-3-20 1452032]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 RioDrv;Rio600 driver;c:\windows\system32\drivers\riodrv.sys [2001-8-17 12032]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2007-12-16 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2007-12-16 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2007-12-16 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2007-12-16 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2007-12-16 98568]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 12872]
S3 STTub203;Thrustmaster HOTAS USB Bulk Out;c:\windows\system32\drivers\sttub203.sys --> c:\windows\system32\drivers\STTub203.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2003-7-16 14336]
.
=============== Created Last 30 ================
.
2012-02-01 15:13:20 388096 ----a-r- c:\documents and settings\steven\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-01-31 22:42:33 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2012-01-21 17:39:17 -------- d-----w- c:\documents and settings\steven\System
2012-01-21 17:39:17 -------- d-----w- c:\documents and settings\steven\application data\SmartDraw
2012-01-21 17:28:26 -------- d-----w- C:\SmartDraw 2012
2012-01-18 04:20:11 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-01-18 04:20:10 -------- d-----w- c:\windows\system32\wbem\Repository
2012-01-12 21:33:33 -------- d-----w- c:\documents and settings\steven\local settings\application data\Mozilla
2012-01-12 21:33:15 -------- d-----w- c:\program files\Aurora
.
==================== Find3M ====================
.
2012-01-12 21:37:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD2500KS-00MJB0 rev.02.01C03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89CD949F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89ce0738]; MOV EAX, [0x89ce08ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8B01AAB8]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\0000007c[0x8AFA1510]
5 ACPI[0xB7F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8B021940]
\Driver\atapi[0x8A7E02D8] -> IRP_MJ_CREATE -> 0x89CD949F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89CD92C6
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 10:45:19.79 ===============

Last edited by Nightmare; 01-Feb-2012 at 12:08 PM..
Nightmare's Avatar
Nightmare Nightmare is offline
Member with 119 posts.
THREAD STARTER
 
Join Date: Sep 2004
Experience: Intermediate
01-Feb-2012, 12:09 PM #2
More Logs
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/1/2006 12:40:56 AM
System Uptime: 2/1/2012 10:02:09 AM (0 hours ago)
.
Motherboard: BIOSTAR Group | | TA790GX 128M
Processor: AMD Phenom(tm) II X2 545 Processor | CPU 1 | 3000/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 119.439 GiB free.
D: is FIXED (NTFS) - 298 GiB total, 42.692 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1448: 11/20/2011 3:39:16 PM - System Checkpoint
RP1449: 11/23/2011 4:35:49 PM - System Checkpoint
RP1450: 11/24/2011 5:20:18 PM - System Checkpoint
RP1451: 11/30/2011 7:50:01 AM - Software Distribution Service 3.0
RP1452: 12/1/2011 8:40:02 AM - System Checkpoint
RP1453: 12/2/2011 2:02:16 PM - System Checkpoint
RP1454: 12/3/2011 2:29:23 PM - System Checkpoint
RP1455: 12/4/2011 3:18:21 PM - System Checkpoint
RP1456: 12/5/2011 4:05:07 PM - System Checkpoint
RP1457: 12/6/2011 4:56:25 PM - System Checkpoint
RP1458: 12/15/2011 11:14:31 PM - System Checkpoint
RP1459: 12/18/2011 2:47:40 AM - Software Distribution Service 3.0
RP1460: 12/19/2011 11:33:14 AM - System Checkpoint
RP1461: 12/20/2011 1:53:46 PM - System Checkpoint
RP1462: 12/21/2011 3:24:31 PM - System Checkpoint
RP1463: 12/22/2011 4:08:33 PM - System Checkpoint
RP1464: 12/23/2011 6:32:57 PM - System Checkpoint
RP1465: 12/24/2011 7:04:31 PM - System Checkpoint
RP1466: 12/26/2011 1:20:53 PM - System Checkpoint
RP1467: 12/27/2011 1:57:52 PM - System Checkpoint
RP1468: 12/28/2011 3:45:24 PM - System Checkpoint
RP1469: 12/30/2011 12:05:50 PM - System Checkpoint
RP1470: 12/31/2011 9:42:35 AM - Software Distribution Service 3.0
RP1471: 1/1/2012 1:28:02 PM - System Checkpoint
RP1472: 1/2/2012 1:46:10 PM - System Checkpoint
RP1473: 1/3/2012 3:35:22 PM - System Checkpoint
RP1474: 1/4/2012 6:12:42 PM - System Checkpoint
RP1475: 1/6/2012 1:37:06 AM - System Checkpoint
RP1476: 1/7/2012 1:44:23 AM - System Checkpoint
RP1477: 1/8/2012 7:51:36 AM - System Checkpoint
RP1478: 1/9/2012 8:53:34 AM - System Checkpoint
RP1479: 1/10/2012 4:32:42 PM - System Checkpoint
RP1480: 1/11/2012 6:46:43 PM - System Checkpoint
RP1481: 1/11/2012 11:28:41 PM - Software Distribution Service 3.0
RP1482: 1/12/2012 9:52:02 PM - Software Distribution Service 3.0
RP1483: 1/14/2012 12:42:11 PM - System Checkpoint
RP1484: 1/15/2012 1:49:00 PM - System Checkpoint
RP1485: 1/16/2012 2:52:41 PM - System Checkpoint
RP1486: 1/17/2012 11:17:33 PM - Restore Operation
RP1487: 1/17/2012 11:27:01 PM - Unsigned driver install
RP1488: 1/18/2012 12:46:33 PM - Installed HP Product Detection
RP1489: 1/18/2012 12:46:45 PM - Installed Hewlett-Packard ACLM.NET v1.1.0.0.
RP1490: 1/19/2012 12:56:33 PM - System Checkpoint
RP1491: 1/20/2012 2:55:39 PM - System Checkpoint
RP1492: 1/21/2012 12:37:33 PM - Removed Google Earth Plug-in.
RP1493: 1/22/2012 1:03:39 PM - System Checkpoint
RP1494: 1/23/2012 5:10:26 PM - System Checkpoint
RP1495: 1/24/2012 9:24:05 PM - System Checkpoint
RP1496: 1/26/2012 11:22:47 AM - System Checkpoint
RP1497: 1/27/2012 2:51:28 PM - System Checkpoint
RP1498: 1/28/2012 4:09:52 PM - System Checkpoint
RP1499: 1/29/2012 4:44:55 PM - System Checkpoint
RP1500: 1/30/2012 5:09:56 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Audition 1.5
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Dreamweaver CS3
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS3
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Help Viewer CS3
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader 9.1.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe XMP Panels CS4
APH placeholder
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Attribute Changer 6.10b
AutoUpdate
BluScenes: Coral Reef Aquarium
Bonjour
BufferChm
CA Anti-Phishing
CA Anti-Virus Plus
CA Backup and Migration
CA Internet Security Suite
CA Personal Firewall
CameraDrivers
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CDDRV_Installer
CNET TechTracker
Connect
CPUID CPU-Z 1.56
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
DeLorme Earthmate GPS PN-20 Update
DeLorme Topo USA 6
DeLorme Topo USA 6.0
DeLorme Topo USA 6.0 DVD Data
DeLorme Topo USA 6.0 Merge Modules
DeLorme Topo USA 6.0 PN Merge Modules
Destinations
DeviceManagementQFolder
DivX
DNAMigrator
DVD43 v4.4.1
Earthmate Image Tagger
eSupportQFolder
Falcon 4 Free Falcon
Falcon 4.0: Allied Force
Foxware
Google Update Helper
Hewlett-Packard ACLM.NET v1.1.0.0
HiJackThis
HijackThis 2.0.2
HiTilesAF
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Driver Diagnostics
HP Extended Capabilities 5.3
HP Imaging Device Functions 5.3
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Product Assistant
HP Product Detection
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
Image Plugin
InstaCodecs
Ipswitch WS_FTP LE
Java(TM) 6 Update 15
Java(TM) 6 Update 3
KhalInstallWrapper
kuler
LightScribe 1.8.15.1
Logitech Harmony Remote Software 7
Logitech SetPoint
Logitech Updater
M-Audio Delta Driver 6.0.2 (x86)
Magellan Content Manager
Malwarebytes' Anti-Malware version 1.51.2.1300
MarketResearch
MGI PhotoSuite II SE (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Media Content
Microsoft Office XP Pro Step by Step Interactive
Microsoft Office XP Standard
Microsoft Publisher 97
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSVCMergeModules
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
NVIDIA Control Panel 266.58
NVIDIA Graphics Driver 266.58
NVIDIA Install Application
NVIDIA nView 135.50
NVIDIA nView Desktop Manager
PerfectDisk
Philips Device Manager
Philips Device Plug-in
Photoshop Camera Raw
PrimaScan 2400U
PS470
PSPrinters08
PSTAPlugin
QuickTime
Qurb
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Roxio Drag-to-Disc
Roxio Easy Media Creator 9 Suite
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SetPointPatch
Skins
SolutionCenter
Sonic CinePlayer DVD Pack
Spelling Dictionaries Support For Adobe Reader 9
Status
Street Atlas USA 2004
Street Atlas USA 2004 Data
Suite Shared Configuration CS4
SUPERAntiSpyware Free Edition
SureThing CD Labeler Deluxe Trial 5
TeamSpeak 2 RC2
TrayApp
TWC Customer Controls
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB896256)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
ViewSonic Windows XP Signed Files
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
WinRAR archiver
Xingtone Ringtone Maker
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
2/1/2012 9:30:42 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
1/31/2012 9:49:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
1/31/2012 9:15:10 AM, error: Service Control Manager [7023] - The Remote Access Connection Manager service terminated with the following error: Access is denied.
1/31/2012 9:15:10 AM, error: Rasman [20035] - Remote Access Connection Manager failed to start because it could not create buffers. Restart the computer. Access is denied.
1/31/2012 8:54:50 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/30/2012 8:51:14 AM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume D:.
.
==== End Of File ===========================
Nightmare's Avatar
Nightmare Nightmare is offline
Member with 119 posts.
THREAD STARTER
 
Join Date: Sep 2004
Experience: Intermediate
01-Feb-2012, 12:12 PM #3
I'm going to hang onto the gmer log unless I have to post it. Lots of personal information there.
Nightmare's Avatar
Nightmare Nightmare is offline
Member with 119 posts.
THREAD STARTER
 
Join Date: Sep 2004
Experience: Intermediate
04-Feb-2012, 03:51 PM #4
Mods - please delete the data in this thread as it no longer applies.. Windows XP crashed and I had to recover windows using a boot disk. Will post new logs once I run Hijack This and other as incated in the now post.

Thanks

Last edited by Cookiegal; 07-Feb-2012 at 10:55 AM..
Nightmare's Avatar
Nightmare Nightmare is offline
Member with 119 posts.
THREAD STARTER
 
Join Date: Sep 2004
Experience: Intermediate
06-Feb-2012, 11:39 AM #5
Windows XP BSOD while boot.
I caught a nasty Google redirect virus last week, even while running my CA Anti Virus. The redirect would cause any links that I selected from a Google search to send me to other sites that were pimping various wares. It also caused the scvhost to start, restart, and continually restart to do who knows what, even after I terminated the process using the Task Manager.

While posting the Hijack This and other logs in the Malware section for help, my computer crashed and I got the BSOD. Upon restart, I would get BSODs and I could not get the system to boot either normally or in safe mode. The BSOD indicated a kdcom.dll as the problem at first. I replaced the kdcom.dll file with the windows disk I386 file copy. Upon trying to reboot, I got another BSOD for atapi.sys. I wound up rebuilding my boot.ini file and finally made it into safe mode where I move all the needed data I had on the D and C drives to a external disk. But upon restarting windows, I got another BSOD and could not get into windows and I could not get the BSOD data because even is I selected no reboot upon BSOD, the screen would immediatly shut down. I finally ended up using a boot CD to get into windows, however, I need to use a boot cd to get into windows every time as I still get a BSOD or black screen if I try to load windows off the HDD, even when using the new boot.ini file.

I need help to stabilize windows to be able to start it up independent of a boot cd so that I can tackle the malware/virus issue which does not seem to be a prevelant factor now that windows is running and the redirect is gone, I suspect from a bootable cd.

I have run a complete CA scan for viruses and none are detected on the entire system including the external storage device. Same with MalwareBytes and Super Anti Spyware

I have also noted that each time I try to boot, my D drive gets a warning to chkdsk every time. I am now running the Seagate Sea Tools "Fix All Long" on my Seagate drive to see if there are any bad sectors that are causing the chkdsk utility to want to run each time windows starts. Windows is loaded on the C drive.

What can I do to help you help me fix this problem?


TIA

Last edited by Cookiegal; 07-Feb-2012 at 11:00 AM..
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,681 posts.
 
Join Date: Aug 2003
07-Feb-2012, 11:03 AM #6
Please do not start a new thread to add new information. I've merged your threads together here.

I've also edited out the name of the boot CD as we do not support its use here due to copyright violation issues.

Please double click the GMER .exe file on your desktop to run the tool and it will automatically do a quick scan.

If the tool warns of rootkit activity and asks if you want to run a full scan, click on No and make sure the following are unchecked on the right-hand side:

IAT/EAT
Any drive letter other than the primary system drive (which is generally C).

Click the Scan button and when the scan is finished, click Save and save the log in Notepad with the name ark.txt to your desktop.

Note: It's important that all other windows be closed and that you don't touch the mouse or do anything with the computer during the scan as it may cause it to freeze. You should disable your screen saver as if it comes on it may cause the program to freeze.

Open the ark.txt file and copy and paste the contents of the log here please.
__________________
Microsoft MVP - Consumer Security
Nightmare's Avatar
Nightmare Nightmare is offline
Member with 119 posts.
THREAD STARTER
 
Join Date: Sep 2004
Experience: Intermediate
07-Feb-2012, 12:41 PM #7
I can not post the log under copy and paste. I have tried twice and IE8 gives a warning that there is a sctipt file running and it ask if I want to cancel the script. I indicate no and IE refreshed to a blank screen.

The ark.txt file has the "Show All" checked so I do not know if the file is too big or not.

Also, while running Gmer the first time, there was a pwer failure. I rebooted into Windows XP Rebuild (this is using the boot.ini file that I had to create when the system was BSODing. While running Gmer once the system rebooted, the Gmer program crashed. I ran it again to completion.

The ark.txt file is 2.11 MB.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,681 posts.
 
Join Date: Aug 2003
07-Feb-2012, 12:57 PM #8
Please zip the file and then you should be able to attach it.
Nightmare's Avatar
Nightmare Nightmare is offline
Member with 119 posts.
THREAD STARTER
 
Join Date: Sep 2004
Experience: Intermediate
07-Feb-2012, 01:23 PM #9
Here is the Zip file.
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,681 posts.
 
Join Date: Aug 2003
07-Feb-2012, 01:39 PM #10
Please download aswMBR.exe and save it to your desktop.

Double click aswMBR.exe to start the tool (Vista/Windows 7 users - right click to run as administrator) and allow it to download the Avast database.

Click Scan.

Upon completion of the scan, click Save log then save it to your desktop and post that log in your next reply for review.
Note - do NOT attempt any Fix yet.
Nightmare's Avatar
Nightmare Nightmare is offline
Member with 119 posts.
THREAD STARTER
 
Join Date: Sep 2004
Experience: Intermediate
07-Feb-2012, 01:52 PM #11
aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-07 12:46:47
-----------------------------
12:46:47.171 OS Version: Windows 5.1.2600 Service Pack 3
12:46:47.171 Number of processors: 2 586 0x402
12:46:47.171 ComputerName: MACHINEMASTER UserName: Steven
12:46:50.953 Initialize success
12:47:49.578 AVAST engine defs: 12020701
12:48:18.250 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:48:18.250 Disk 0 Vendor: WDC_WD2500KS-00MJB0 02.01C03 Size: 238475MB BusType: 3
12:48:18.265 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-e
12:48:18.265 Disk 1 Vendor: ST3320620AS 3.AAK Size: 305245MB BusType: 3
12:48:18.265 Device \Driver\atapi -> DriverStartIo 8a1ae2c6
12:48:18.312 Disk 0 MBR read successfully
12:48:18.328 Disk 0 MBR scan
12:48:18.484 Disk 0 Windows XP default MBR code
12:48:18.500 Disk 0 MBR hidden
12:48:18.500 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 305243 MB offset 63
12:48:18.546 Disk 0 scanning sectors +488376000
12:48:18.640 Disk 0 scanning C:\WINDOWS\system32\drivers
12:48:18.640 Service scanning
12:48:20.906 Modules scanning
12:48:22.906 Disk 0 trace - called modules:
12:48:22.937 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a1ae49f]<<
12:48:22.953 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8affa968]
12:48:22.953 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000081[0x8b017278]
12:48:22.968 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> [0x8b010940]
12:48:22.984 \Driver\atapi[0x8aa66308] -> IRP_MJ_CREATE -> 0x8a1ae49f
12:48:23.640 AVAST engine scan C:\WINDOWS
12:48:30.625 AVAST engine scan C:\WINDOWS\system32
12:48:44.515 AVAST engine scan C:\WINDOWS\system32\drivers
12:48:51.484 AVAST engine scan C:\Documents and Settings\Steven
12:48:58.437 AVAST engine scan C:\Documents and Settings\All Users
12:48:58.468 Scan finished successfully
12:49:24.828 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steven\Desktop\MBR.dat"
12:49:24.843 The log file has been saved successfully to "C:\Documents and Settings\Steven\Desktop\aswMBR.txt"
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,681 posts.
 
Join Date: Aug 2003
07-Feb-2012, 02:16 PM #12
Please go to the following link and download and run TDSSKiller:

http://support.kaspersky.com/viruses...?qid=208280684

Allow it cure anything if prompted.

Please post the log back here.

Last edited by Cookiegal; 07-Feb-2012 at 02:24 PM..
Nightmare's Avatar
Nightmare Nightmare is offline
Member with 119 posts.
THREAD STARTER
 
Join Date: Sep 2004
Experience: Intermediate
07-Feb-2012, 02:21 PM #13
Which one do you want me to do? Cure it as indicated in the third line or not cure it as indicated on line 9?
Cookiegal's Avatar
Administrator & Malware Removal Specialist with 97,681 posts.
 
Join Date: Aug 2003
07-Feb-2012, 02:24 PM #14
Sorry, allow it to cure.
Nightmare's Avatar
Nightmare Nightmare is offline
Member with 119 posts.
THREAD STARTER
 
Join Date: Sep 2004
Experience: Intermediate
07-Feb-2012, 02:36 PM #15
TDSS ran and found something and required a reboot but there is not log. I missed the log under the "Report" button before the reboot. There are some quarentined folders in the TDSS folder on the C drive but nothing in either .log or .txt. Is there a way to recover the log file?

During the reboot, my system again asked me to run a check disk for the D drive. It does this everytime I reboot.

I think that this is what it found. It is contained in an object file in the TDSS folder.

[InfectedObject]
Verdict: Rootkit.Boot.Pihar.b

Last edited by Nightmare; 07-Feb-2012 at 02:45 PM..
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑