1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Am I Infected?

Discussion in 'Virus & Other Malware Removal' started by antech, Apr 30, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. antech

    antech Banned Thread Starter

    Joined:
    Feb 23, 2010
    Messages:
    1,427
    I am currenly ,suddenly experiencing slowdown on my acer aspire 5100
    See my specs for additional info.

    HJT LOG:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 5:58:37 PM, on 4/30/2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\NetWorx\networx.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\System32\taskmgr.exe
    C:\Program Files\SpeedFan\speedfan.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe
    E:\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
    O3 - Toolbar: &NetWorx Desk Band - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\PROGRA~1\NetWorx\deskband.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O13 - Gopher Prefix:
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D1A9575-E548-4ADA-8DD8-4A60E6E3FD53}: NameServer = 202.56.215.54,202.56.215.55
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 - Service: BootRacerServ - Greatis Software, LLC - C:\Program Files\BootRacer\BootRacerServ.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7764 bytes




    Currently scanning with SAS and MalwareBytes
     
  2. antech

    antech Banned Thread Starter

    Joined:
    Feb 23, 2010
    Messages:
    1,427
    No threats found with SAS and Malware Bytes
     
  3. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    How have you got office 2010 installed

    is it a beta version or have you downloaded a "pre-release " version from a non Microsoft site

    My first suspiocion would be an infection from a non legit source

    Download to Desktop: DDS by sUBs from one of these locations:

    http://download.bleepingcomputer.com/sUBs/dds.com
    http://download.bleepingcomputer.com/sUBs/dds.scr
    http://www.forospyware.com/sUBs/dds

    double click DDS.scr to run

    When complete, DDS.txt will open.

    Click Yes for Optional Scan.
    Save both reports to your desktop.
    DDS.txt
    Attach.txt

    Attach the contents of both logs back here.

    and

    download gmer rootkit detector from http://gmer.net

    unzip it & double click the gmer.exe file

    It will do a quick scan automatically, when that finishes if it says "rootkit activity detected" then Stop there & press copy & post back the log it makes.
    Do NOT allow it to perform a full scan at this time

    If there is No warning of rootkit activity then select the rootkit tab & press scan. When it finishes press copy & post back the log it makes


    Right click the DDS file & select run as admin
     
  4. antech

    antech Banned Thread Starter

    Joined:
    Feb 23, 2010
    Messages:
    1,427
    Office 2010-It is a Beta Version from the Microsoft site.
    (Legit source)
    AS for GMER and other suggestion ,I will post the logs soon as I am currently on my desktop.(HP Vectra VL 400).
     
  5. antech

    antech Banned Thread Starter

    Joined:
    Feb 23, 2010
    Messages:
    1,427
    DDS LOGS:

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Administrator at 21:53:57.42 on Sat 05/01/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_19
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.894.232 [GMT 5.5:30]
    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
    ============== Running Processes ===============
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\NetWorx\networx.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\taskmgr.exe
    C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Administrator\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\SpeedFan\speedfan.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Administrator\Downloads\dds.com
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    ============== Pseudo HJT Report ===============
    uStart Page = hxxp://www.google.co.in/
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
    TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\progra~1\networx\deskband.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [OfficeSyncProcess] "c:\program files\microsoft office\office14\MSOSYNC.EXE"
    mRun: [NetWorx] "c:\program files\networx\networx.exe" /auto
    StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office14\GROOVE.EXE
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: {6D1A9575-E548-4ADA-8DD8-4A60E6E3FD53} = 202.56.215.54,202.56.215.55
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: klogon - c:\windows\system32\klogon.dll
    AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    ================= FIREFOX ===================
    FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\vlkwye40.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.in/
    FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    ============= SERVICES / DRIVERS ===============
    R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-11-3 21520]
    R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-3-29 38976]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    R3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
    S2 BootRacerServ;BootRacerServ;c:\program files\bootracer\BootRacerServ.exe [2009-9-28 57096]
    S3 AVP;Kaspersky Internet Security;c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe [2009-10-20 340456]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-4-2 27192]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-10 1343400]
    =============== Created Last 30 ================
    2010-04-30 09:22:12 41216 ----a-w- c:\windows\system32\drivers\ativvpxx.vp
    2010-04-30 09:22:12 229376 ----a-w- c:\windows\system32\Oemdspif.dll
    2010-04-30 09:22:12 2096 ----a-w- c:\windows\system32\drivers\ativpkxx.vp
    2010-04-30 09:22:12 2096 ----a-w- c:\windows\system32\drivers\ativokxx.vp
    2010-04-30 09:22:12 2096 ----a-w- c:\windows\system32\drivers\ativdkxx.vp
    2010-04-30 09:22:08 159744 ----a-w- c:\windows\system32\atitmmxx.dll
    2010-04-30 09:22:05 7389184 ----a-w- c:\windows\system32\atioglxx.dll
    2010-04-30 09:22:05 11441 ----a-w- c:\windows\atiogl.xml
    2010-04-30 09:22:04 49152 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2010-04-30 09:22:04 319488 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2010-04-30 09:22:04 2464768 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2010-04-30 09:22:04 143676 ----a-w- c:\windows\system32\atiicdxx.dat
    2010-04-30 09:21:26 0 d-----w- C:\8.362-070405a-047117C-Acer
    2010-04-29 12:32:37 505104 ----a-r- c:\windows\system32\msxml.dll
    2010-04-29 12:32:36 115016 ----a-r- c:\windows\system32\MSINET.OCX
    2010-04-29 12:32:27 35840 ----a-r- c:\windows\system32\comdlg32.oca
    2010-04-29 12:32:27 140488 ----a-r- c:\windows\system32\comdlg32.ocx
    2010-04-29 12:32:26 69632 ----a-r- c:\windows\system32\xmltok.dll
    2010-04-29 12:32:26 36864 ----a-r- c:\windows\system32\xmlparse.dll
    2010-04-29 12:32:26 26096 ----a-r- c:\windows\system32\xmlinst.exe
    2010-04-29 12:32:26 24576 ----a-r- c:\windows\system32\msxml3a.dll
    2010-04-29 12:32:25 28432 ----a-r- c:\windows\system32\msxmlr.dll
    2010-04-29 12:32:24 89360 ----a-r- c:\windows\system32\VB5DB.DLL
    2010-04-29 12:32:24 29184 ----a-r- c:\windows\system32\MSINET.oca
    2010-04-29 12:32:22 0 d-----w- c:\program files\Ubi Soft
    2010-04-29 08:18:29 0 d-----w- c:\users\admini~1\appdata\roaming\Rainmeter
    2010-04-29 08:15:21 0 d-----w- c:\program files\Rainmeter
    2010-04-29 07:38:05 0 d-----w- c:\programdata\RoboForm
    2010-04-29 07:37:48 0 d-----w- c:\program files\Siber Systems
    2010-04-28 10:05:08 0 d-----w- c:\program files\BootRacer
    2010-04-28 10:05:01 1563 ----a-w- c:\windows\bootracer
    2010-04-28 09:51:15 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys
    2010-04-28 09:51:15 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
    2010-04-28 09:45:50 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2010-04-28 09:45:50 1037312 ----a-w- c:\windows\system32\lsasrv.dll
    2010-04-28 09:45:15 0 d-----w- c:\program files\uTorrent
    2010-04-28 09:10:15 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
    2010-04-27 10:07:48 0 d-----w- c:\users\admini~1\appdata\roaming\BitTorrent
    2010-04-27 10:07:40 0 d-----w- c:\program files\BitTorrent
    2010-04-25 10:29:41 0 d-----w- c:\program files\COMODO
    2010-04-25 10:14:46 0 d-sh--r- C:\bootwiz
    2010-04-25 10:08:25 0 d-----w- c:\programdata\Acronis
    2010-04-25 10:04:52 902432 ----a-w- c:\windows\system32\drivers\tdrpm251.sys
    2010-04-25 10:04:49 570016 ----a-w- c:\windows\system32\drivers\timntr.sys
    2010-04-25 09:19:49 0 d-----w- c:\users\admini~1\appdata\roaming\Auslogics
    2010-04-25 08:45:28 27672 ----a-r- c:\windows\system32\drivers\Entech.sys
    2010-04-25 08:45:28 0 d-----w- c:\windows\system32\Futuremark
    2010-04-23 10:37:04 0 d-----w- c:\programdata\Adobe
    2010-04-23 09:25:37 0 d-----w- C:\TurboC3
    2010-04-23 09:22:01 0 d-----w- c:\program files\DOSBox-0.73
    2010-04-22 12:47:45 0 d-----w- c:\program files\Trend Micro
    2010-04-22 09:26:01 0 d-----w- c:\program files\The Game Creators
    2010-04-20 12:14:18 0 d-----w- c:\program files\Games By GG releases
    2010-04-18 11:40:16 1086 ----a-w- c:\windows\HELP.ICO
    2010-04-18 11:40:12 0 d--h--w- c:\windows\PIF
    2010-04-18 11:40:10 87 ----a-w- c:\windows\TDW.INI
    2010-04-18 11:40:10 290 ----a-w- c:\windows\WINHELP.INI
    2010-04-18 11:40:10 180 ----a-w- c:\windows\BCW.INI
    2010-04-18 11:40:09 19568 ----a-w- c:\windows\system\CTL3D.DLL
    2010-04-18 11:40:09 1410 ----a-w- c:\windows\openhelp.ini
    2010-04-18 11:40:01 21648 ----a-w- c:\windows\system\CTL3DV2.DLL
    2010-04-18 11:38:58 200 ----a-w- c:\windows\OWL.INI
    2010-04-18 09:36:35 0 d-----w- c:\program files\Microsoft SQL Server
    2010-04-18 09:29:21 0 d-----w- c:\program files\common files\Merge Modules
    2010-04-16 11:10:38 229224 ----a-w- c:\windows\system32\drivers\VMM.sys
    2010-04-16 09:43:03 0 d-----w- c:\programdata\SUPERAntiSpyware.com
    2010-04-16 09:42:25 0 d-----w- c:\program files\SUPERAntiSpyware
    2010-04-16 09:42:24 0 d-----w- c:\users\admini~1\appdata\roaming\SUPERAntiSpyware.com
    2010-04-16 09:41:30 0 d-----w- c:\program files\common files\Wise Installation Wizard
    2010-04-16 09:37:37 0 d-----w- c:\programdata\Startup Manager
    2010-04-16 09:37:37 0 d-----w- c:\program files\Startup Manager
    2010-04-16 09:30:58 0 d-----w- c:\users\admini~1\appdata\roaming\Malwarebytes
    2010-04-16 09:30:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-16 09:30:41 0 d-----w- c:\programdata\Malwarebytes
    2010-04-16 09:30:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-16 09:30:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-15 09:06:21 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-04-15 09:06:19 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-04-15 09:06:17 427520 ----a-w- c:\windows\system32\vbscript.dll
    2010-04-15 09:06:16 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2010-04-15 09:06:16 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-04-15 09:06:16 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-04-14 08:29:56 172032 ----a-w- c:\windows\system32\wintrust.dll
    2010-04-14 08:29:55 132608 ----a-w- c:\windows\system32\cabview.dll
    2010-04-13 14:03:31 0 d-----w- c:\users\administrator\Shared
    2010-04-13 14:03:31 0 d-----w- c:\users\administrator\Incomplete
    2010-04-13 13:59:37 411368 ----a-w- c:\windows\system32\deploytk.dll
    2010-04-13 12:44:30 0 d-----w- c:\programdata\Sun
    2010-04-13 12:24:18 0 d-----w- c:\users\admini~1\appdata\roaming\CBS Interactive
    2010-04-13 12:22:05 0 d-----w- c:\users\admini~1\appdata\roaming\SkyDownloader
    2010-04-13 12:10:49 0 d-----w- c:\programdata\ZapShares
    2010-04-11 07:20:02 0 d-----w- c:\program files\MSECACHE
    2010-04-11 07:08:56 0 d-----w- c:\program files\Microsoft Synchronization Services
    2010-04-11 07:08:43 0 d-----w- c:\program files\Microsoft Analysis Services
    2010-04-11 07:07:48 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-04-11 07:07:47 0 d-----w- c:\windows\PCHEALTH
    2010-04-11 07:07:47 0 d-----w- c:\program files\Microsoft Visual Studio 8
    2010-04-11 06:36:22 0 d-sh--w- C:\found.000
    2010-04-11 05:48:54 0 d-----w- c:\program files\Auslogics
    2010-04-10 17:58:18 0 d-----w- c:\programdata\Microsoft Help
    2010-04-10 13:51:54 310690 --sh--r- C:\EDTYP
    2010-04-10 13:51:54 20 --sh--r- C:\winx.ld
    2010-04-08 13:12:07 0 d-----w- c:\users\admini~1\appdata\roaming\Actual Tools
    2010-04-08 13:11:59 0 d-----w- c:\program files\Actual Transparent Window
    2010-04-02 05:25:21 0 d-----w- c:\program files\MSXML 4.0
    2010-04-02 05:19:13 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2010-04-02 05:19:11 0 d-----w- c:\program files\VS Revo Group
    2010-04-02 05:09:45 0 d-----w- c:\users\admini~1\appdata\roaming\KeePass
    ==================== Find3M ====================
    2010-04-28 15:09:07 97549 ----a-w- c:\windows\system32\drivers\klick.dat
    2010-04-28 15:09:07 113933 ----a-w- c:\windows\system32\drivers\klin.dat
    2010-04-01 08:29:13 0 ---ha-w- c:\windows\system32\drivers\Msft_User_GeosenseSensor_01_09_00.Wdf
    2010-03-29 09:31:58 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys
    2010-03-26 06:10:06 74752 ----a-w- c:\windows\ST6UNST.EXE
    2010-03-26 06:10:06 253952 ------w- c:\windows\Setup1.exe
    2010-03-24 12:02:37 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
    2010-03-17 13:50:01 64512 ---ha-w- c:\users\admini~1\appdata\roaming\dach100.dll
    2010-03-15 23:34:59 36734 ----a-w- c:\windows\system32\OggDSuninst.exe
    2010-03-14 16:00:28 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-03-12 15:25:54 4304384 ----a-w- c:\windows\system32\drivers\RtkHDAud.Sys
    2010-03-12 15:25:48 16248320 ----a-w- c:\windows\RTHDCPL.exe
    2010-02-24 04:46:06 181632 ------w- c:\windows\system32\MpSigStub.exe
    2010-02-23 07:56:00 977920 ----a-w- c:\windows\system32\wininet.dll
    2010-02-02 07:45:54 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
    2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    ============= FINISH: 21:55:00.71 ===============
     
  6. antech

    antech Banned Thread Starter

    Joined:
    Feb 23, 2010
    Messages:
    1,427
    LOG 2:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    DDS (Ver_10-03-17.01)
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume4
    Install Date: 3/11/2010 10:05:52 AM
    System Uptime: 5/1/2010 4:38:48 PM (5 hours ago)
    Motherboard: Acer | | Navarro
    Processor: AMD Turion(tm) 64 Mobile Technology MK-36 | Socket M2/S1G1 | 2000/200mhz
    ==== Disk Partitions =========================
    C: is FIXED (NTFS) - 22 GiB total, 4.79 GiB free.
    D: is FIXED (NTFS) - 20 GiB total, 11.104 GiB free.
    E: is FIXED (NTFS) - 35 GiB total, 4.529 GiB free.
    F: is FIXED (NTFS) - 35 GiB total, 18.95 GiB free.
    G: is CDROM (CDFS)
    H: is CDROM ()
    I: is CDROM (CDFS)
    J: is CDROM ()
    ==== Disabled Device Manager Items =============
    Class GUID: {36fc9e60-c465-11cf-8056-444553540000}
    Description: Unknown Device
    Device ID: USB\VID_0000&PID_0000\5&610DAD3&0&4
    Manufacturer: (Standard USB Host Controller)
    Name: Unknown Device
    PNP Device ID: USB\VID_0000&PID_0000\5&610DAD3&0&4
    Service:
    ==== System Restore Points ===================
    RP111: 4/28/2010 3:05:54 PM - Removed EASEUS Data Recovery Wizard Professional 4.3.6
    RP112: 4/28/2010 3:07:09 PM - Removed Acronis True Image Home
    RP113: 4/28/2010 3:20:06 PM - Windows Update
    RP114: 4/28/2010 3:34:31 PM - Installed BootRacer
    RP115: 4/29/2010 1:45:37 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    RP116: 4/29/2010 3:00:26 PM - Installed Windows SideShow Managed Runtime 1.0
    RP118: 4/29/2010 5:40:03 PM - Installed Tom Clancy's Splinter Cell
    RP120: 4/30/2010 1:32:05 PM - Installed Acer OrbiCam
    RP121: 4/30/2010 1:39:22 PM - Windows Update
    RP122: 4/30/2010 2:51:19 PM - ATI Chipset Driver Installation
    ==== Installed Programs ======================
    ĀµTorrent
    Acer OrbiCam
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    AI RoboForm (All Users)
    ATI Catalyst Install Manager
    Auslogics Disk Defrag
    BitTorrent
    BootRacer
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center HydraVision Full
    Catalyst Control Center InstallProxy
    ccc-core-static
    ccc-utility
    CCC Help English
    CCleaner
    CNET TechTracker
    Construction - Destruction
    DH Mobility Modder.NET
    Direct Show Ogg Vorbis Filter (remove only)
    Euro Truck Simulator 1.3
    FLV Player 2.0 (build 25)
    Geosense for Windows
    Google Chrome
    Google Talk (remove only)
    HDAUDIO Soft Data Fax Modem with SmartCP
    HijackThis 2.0.2
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
    Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
    Java Auto Updater
    Java(TM) 6 Update 19
    Kaspersky Internet Security 2010
    MagicDisc 2.7.106
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft SharedView
    Microsoft Silverlight
    Microsoft SQL Server 2008 Management Objects
    Microsoft Virtual PC 2007 SP1
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
    Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
    Mozilla Firefox (3.6)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Need for Speed™ Carbon
    NetWorx 5.1.1
    PlayReady PC Runtime x86
    Rainmeter (remove only)
    Realtek High Definition Audio Driver
    Revo Uninstaller Pro 2.2.0
    Skins
    Skype Toolbars
    Skype™ 4.2
    Snail Mail
    SpeedFan (remove only)
    SQL Server System CLR Types
    Startup Manager 2.4.2
    SUPERAntiSpyware Professional
    System Requirements Lab
    Tom Clancy's Splinter Cell
    VC 9.0 Runtime
    Windows Internet Explorer Platform Preview
    Windows SideShow Managed Runtime 1.0
    WinRAR archiver
    World of Warcraft FREE Trial
    ==== Event Viewer Messages From Past Week ========
    5/1/2010 4:39:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ATITool
    5/1/2010 4:39:21 PM, Error: Service Control Manager [7000] - The Acronis Scheduler2 Service service failed to start due to the following error: The system cannot find the file specified.
    4/30/2010 7:52:08 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: [email protected]
    4/30/2010 6:55:22 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
    4/30/2010 6:54:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
    4/30/2010 6:03:16 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    4/30/2010 3:09:53 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR13.
    4/30/2010 3:09:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    4/30/2010 3:00:16 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom1.
    4/29/2010 6:44:27 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
    4/28/2010 3:38:17 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR33.
    4/28/2010 3:36:01 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR32.
    4/28/2010 3:35:11 PM, Error: Service Control Manager [7030] - The BootRacerServ service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    4/28/2010 3:34:58 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR28.
    4/28/2010 2:13:26 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    4/28/2010 2:13:26 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    ==== End Of File ===========================
     
  7. antech

    antech Banned Thread Starter

    Joined:
    Feb 23, 2010
    Messages:
    1,427
    GMER LOG:
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit quick scan 2010-05-01 21:56:38
    Windows 6.1.7600
    Running: dg58shhe.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pwlcrpow.sys

    ---- Disk sectors - GMER 1.0.15 ----
    Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Ntfs \Ntfs 8488B1F8
    AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)
    AttachedDevice \Driver\tdx \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    ---- EOF - GMER 1.0.15 ----
     
  8. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    run a full scan with gmer please & post that

    it looks like a rootkit, possibly a MBR rootkit
     
  9. antech

    antech Banned Thread Starter

    Joined:
    Feb 23, 2010
    Messages:
    1,427
    Oh,
    Forgot to tell you that I recently uninstalled Comodo Time Machine ,Comodo Backup and Acronis True Image.
    I was just testing their compatibility
     
  10. antech

    antech Banned Thread Starter

    Joined:
    Feb 23, 2010
    Messages:
    1,427
    Sorry but I was in a hurry when I posted the logs and I forgot to include the GMER Full log.
    Did the Suspected rootkit somehow affected my USB Port's?
    I guess it hooked up some drivers.
    Something like the "sphj.sys" has popped up.
    Whats sppx.sys?
    I could'nt find it anywhere online.
     
  11. antech

    antech Banned Thread Starter

    Joined:
    Feb 23, 2010
    Messages:
    1,427
    Heres the Full log dvk:
    Is it the FULL LOG?

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-05-02 20:44:32
    Windows 6.1.7600
    Running: dg58shhe.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pwlcrpow.sys

    ---- System - GMER 1.0.15 ----
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0x87B0ABD0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcConnectPort [0x87B0C52C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcCreatePort [0x87B0C782]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwAlpcSendWaitReceivePort [0x87B0C9FC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwClose [0x87B0B450]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwConnectPort [0x87B0BB32]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateEvent [0x87B0BF3C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateFile [0x87B0B5F8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateMutant [0x87B0BE14]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0x87B0A7D6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreatePort [0x87B0BCD0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSection [0x87B0A992]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSemaphore [0x87B0C06E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateSymbolicLinkObject [0x87B0DCB0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThread [0x87B0B0EE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateThreadEx [0x87B0B1EE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwCreateWaitablePort [0x87B0BD72]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDebugActiveProcess [0x87B0D6A2]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwDuplicateObject [0x87B0E672]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwFsControlFile [0x87B0B752]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwLoadDriver [0x87B0D734]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwMapViewOfSection [0x87B0DD64]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenEvent [0x87B0BFDE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenFile [0x87B0B4D2]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenMutant [0x87B0BEAC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenProcess [0x87B0ADD6]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSection [0x87B0DCDA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenSemaphore [0x87B0C110]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwOpenThread [0x87B0ACFA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueryDirectoryObject [0x87B0CC3E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQuerySection [0x87B0E07C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwQueueApcThread [0x87B0D9CA]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyPort [0x87B0C49A]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0x87B0C360]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0x87B0D442]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwResumeThread [0x87B0E554]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSecureConnectPort [0x87B0B86C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetContextThread [0x87B0B30C]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetInformationToken [0x87B0CCF2]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSecurityObject [0x87B0D82E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSetSystemInformation [0x87B0E1BC]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendProcess [0x87B0E2A0]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSuspendThread [0x87B0E3C8]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwSystemDebugControl [0x87B0D5CE]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateProcess [0x87B0AF4E]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwTerminateThread [0x87B0AEA4]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0x87B0DF32]
    SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0x87B0B02E]
    INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2CAF8
    INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2C104
    INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2C3F4
    INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C14FB4
    INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2C1DC
    INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2C958
    INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2C6F8
    INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2CF2C
    INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C2D1A8
    ---- Kernel code sections - GMER 1.0.15 ----
    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C8C599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB0F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!RtlSidHashLookup + 220 82CB8730 4 Bytes [D0, AB, B0, 87]
    .text ntkrnlpa.exe!RtlSidHashLookup + 248 82CB8758 8 Bytes [2C, C5, B0, 87, 82, C7, B0, ...]
    .text ntkrnlpa.exe!RtlSidHashLookup + 28C 82CB879C 4 Bytes [FC, C9, B0, 87] {CLD ; LEAVE ; MOV AL, 0x87}
    .text ntkrnlpa.exe!RtlSidHashLookup + 2B8 82CB87C8 4 Bytes [50, B4, B0, 87]
    .text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82CB87EC 4 Bytes [32, BB, B0, 87]
    .text ...
    ? System32\Drivers\sphj.sys The system cannot find the path specified. !
    .text USBPORT.SYS!DllUnload 8FE24CA0 5 Bytes JMP 85C0D1D8
    .text aww1og5a.SYS 90216000 12 Bytes [44, 78, C1, 82, EE, 76, C1, ...]
    .text aww1og5a.SYS 9021600D 9 Bytes [57, C1, 82, 48, 7B, C1, 82, ...]
    .text aww1og5a.SYS 90216017 170 Bytes [00, DE, 97, 31, 87, E6, 95, ...]
    .text aww1og5a.SYS 902160C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
    .text aww1og5a.SYS 902160CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
    .text ...
    .text peauth.sys 97A2CC9D 28 Bytes [4F, A6, 55, B4, 28, 52, 4A, ...]
    .text peauth.sys 97A2CCC1 28 Bytes [4F, A6, 55, B4, 28, 52, 4A, ...]
    PAGE peauth.sys 97A32E20 101 Bytes [A4, 74, E2, 32, C4, BA, 5D, ...]
    PAGE peauth.sys 97A3302C 102 Bytes [07, 71, E2, 9A, 35, 37, 05, ...]
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!CreateWindowExW 75AD0E51 5 Bytes JMP 670480F7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!DialogBoxIndirectParamW 75AF4AA7 5 Bytes JMP 6716F218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!DialogBoxParamW 75AF564A 5 Bytes JMP 66F64B7F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!DialogBoxParamA 75B0CF6A 5 Bytes JMP 6716F1B5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!DialogBoxIndirectParamA 75B0D29C 5 Bytes JMP 6716F27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!MessageBoxIndirectA 75B1E8C9 5 Bytes JMP 6716F14A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!MessageBoxIndirectW 75B1E9C3 5 Bytes JMP 6716F0DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!MessageBoxExA 75B1EA29 5 Bytes JMP 6716F07D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3168] USER32.dll!MessageBoxExW 75B1EA4D 5 Bytes JMP 6716F01B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!UnhookWindowsHookEx 75ACCC7B 5 Bytes JMP 670582FA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!CallNextHookEx 75ACCC8F 5 Bytes JMP 67039D00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!CreateWindowExW 75AD0E51 5 Bytes JMP 670480F7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!SetWindowsHookExW 75AD210A 5 Bytes JMP 66FF45DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!DialogBoxIndirectParamW 75AF4AA7 5 Bytes JMP 6716F218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!DialogBoxParamW 75AF564A 5 Bytes JMP 66F64B7F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!DialogBoxParamA 75B0CF6A 5 Bytes JMP 6716F1B5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!DialogBoxIndirectParamA 75B0D29C 5 Bytes JMP 6716F27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!MessageBoxIndirectA 75B1E8C9 5 Bytes JMP 6716F14A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!MessageBoxIndirectW 75B1E9C3 5 Bytes JMP 6716F0DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!MessageBoxExA 75B1EA29 5 Bytes JMP 6716F07D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!MessageBoxExW 75B1EA4D 5 Bytes JMP 6716F01B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3364] ole32.dll!OleLoadFromStream 75565B88 5 Bytes JMP 6716F576 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3364] ole32.dll!CoCreateInstance 755B57FC 5 Bytes JMP 67048BE5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    ---- Kernel IAT/EAT - GMER 1.0.15 ----
    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8721D042] \SystemRoot\System32\Drivers\sphj.sys
    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8721D6D6] \SystemRoot\System32\Drivers\sphj.sys
    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8721D800] \SystemRoot\System32\Drivers\sphj.sys
    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8721D13E] \SystemRoot\System32\Drivers\sphj.sys
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortNotification] 00147880
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortInitialize] 157B805E
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
    IAT \SystemRoot\System32\Drivers\aww1og5a.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B
    ---- User IAT/EAT - GMER 1.0.15 ----
    IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73E62494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73E45624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73E456E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73E6250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73E58573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73E54D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73E550CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73E551A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73E566D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73E582CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73E58819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73E5907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73E5E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[1688] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73E54C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    ---- Devices - GMER 1.0.15 ----
    Device \FileSystem\Ntfs \Ntfs 8488B1F8
    AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc)
    Device \Driver\volmgr \Device\VolMgrControl 848861F8
    Device \Driver\usbohci \Device\USBPDO-0 85C65500
    Device \Driver\usbohci \Device\USBPDO-1 85C65500
    Device \Driver\usbehci \Device\USBPDO-2 85C64500
    AttachedDevice \Driver\tdx \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    Device \Driver\PCI_PNP8896 \Device\00000062 sphj.sys
    Device \Driver\volmgr \Device\HarddiskVolume1 848861F8
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    Device \Driver\ACPI_HAL \Device\00000058 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
    Device \Driver\volmgr \Device\HarddiskVolume2 848861F8
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    Device \Driver\cdrom \Device\CdRom0 85A641F8
    Device \Driver\volmgr \Device\HarddiskVolume3 848861F8
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    Device \Driver\cdrom \Device\CdRom1 85A641F8
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 848881F8
    Device \Driver\atapi \Device\Ide\IdePort0 848881F8
    Device \Driver\atapi \Device\Ide\IdePort1 848881F8
    Device \Driver\volmgr \Device\HarddiskVolume4 848861F8
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    Device \Driver\cdrom \Device\CdRom2 85A641F8
    Device \Driver\cdrom \Device\CdRom3 85A641F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 85AB9500
    Device \Driver\NetBT \Device\NetBT_Tcpip_{6D1A9575-E548-4ADA-8DD8-4A60E6E3FD53} 85AB9500
    AttachedDevice \Driver\tdx \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    Device \Driver\NetBT \Device\NetBT_Tcpip_{032BF9FF-79E2-425C-908B-36624A1CDAF6} 85AB9500
    AttachedDevice \Driver\tdx \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab)
    Device \Driver\sptd \Device\919286396 sphj.sys
    Device \Driver\usbohci \Device\USBFDO-0 85C65500
    Device \Driver\usbohci \Device\USBFDO-1 85C65500
    Device \Driver\usbehci \Device\USBFDO-2 85C64500
    Device \Driver\SI3112 \Device\Scsi\SI31121 848891F8
    Device \Driver\SI3112 \Device\Scsi\SI31121Port2Path1TargetffLun0 848891F8
    Device \Driver\aww1og5a \Device\Scsi\aww1og5a1 85C901F8
    Device \Driver\aww1og5a \Device\Scsi\aww1og5a1Port4Path0Target1Lun0 85C901F8
    Device \Driver\SI3112 \Device\Scsi\SI31121Port2Path0Target0Lun0 848891F8
    Device \Driver\aww1og5a \Device\Scsi\aww1og5a1Port4Path0Target0Lun0 85C901F8
    Device \FileSystem\cdfs \Cdfs 864961F8
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\[email protected] 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\[email protected] 0x62 0xDB 0x54 0x76 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xC6 0x50 0x24 0x87 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x11 0x32 0xF2 0x21 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x02 0x49 0xC3 0x46 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\[email protected] 0x62 0xDB 0x54 0x76 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\[email protected] 0xC6 0x50 0x24 0x87 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x11 0x32 0xF2 0x21 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\[email protected] 0x02 0x49 0xC3 0x46 ...
    ---- Disk sectors - GMER 1.0.15 ----
    Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
    Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
    ---- EOF - GMER 1.0.15 ----


    Sorry but I am acting like a Novice
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    sp**.sys are daemon tools & they always affect all rootkit scansd as daemon uses rootkit technioques to work & bypass windows protections

    I am fairly sure all your problems are abad uninstall of comodo time machine & when it has happened in teh past, the only cure was format & reinstall of OS
     
  13. antech

    antech Banned Thread Starter

    Joined:
    Feb 23, 2010
    Messages:
    1,427
    No, I just fix the MBR using the windows 7 disk and it seemed to fix the problem.
    Are there any sign of infections?
    I had a Modified WinXP disk
    (Modified using nLite)
    The problem aapeared after some days of installing Win Xp using that disk.
    USB Ports started to stop working.
    BTW,
    I dont know why Daemon tools would hook up some USB Drivers?
    The file seems to be in use since I got the XP Disk.
    And,one more thing to note:
    I scanned using RADIX and didnt fix anything.
    Daemon tools was NOT INSTALLED then.
    Still RADIX found that some drivers were hooked up by sppx.sys!
    That's Strange.............
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    those mbr entries in gmer look like backups made by either ati or comodo or even EASEUS Data Recovery Wizard Professional 4.3.6 and don't look like normal malware related mbr entries

    how many different OS have you got on this computer

    nlite is not an approved operating system and depending where you downloaded it from, it might have been infected

    We only support/help with fully legitimate versions of windows using full windows media. in view oif your statement about Nlite before going any further yhou ned to satisfy us that you have alegitimate operating system

    • Please go here using Internet Explorer.
    • Click on "Windows Validation Assistant"
    • Click on the "Validate Now" button.
    • Be patient while the ActiveX loads, do not click on any links.
    • Read the instructions on this page while it's loading. You will be prompted to install - click YES.
    • Enter your product key then click "continue"
    • When it says "Validation Complete" please click "Continue to return to your previous activity"
    • Copy what it says and paste it here.

    Do that on ALL OS you have installed on this computer

    I find it strange that you have W7 Ultimate on a fairly low spec system

    Daemon tools hooks all disk drivers & most other OS drivers on the system
     
  15. antech

    antech Banned Thread Starter

    Joined:
    Feb 23, 2010
    Messages:
    1,427
    It just automatically redirected me to the page containing this:
    (I am using a 30 day trial of windows 7):

    Windows validation did not successfully complete

    This Update to Windows Activation Technologies (KB971033) is not able to validate Windows running on your PC at this time. Please try again later. If the problem persists, you may need to uninstall and then reinstall the update by returning to http://www.microsoft.com/genuine , clicking on Validate Now, and following the installation instructions.

    To uninstall an update:

    1. Click Start.
    2. Select Control Panel.
    3. Click on the Programs icon.
    4. Click on View Installed Updates under Programs and Features.
    5. Select the update you wish to uninstall.
    6. Click Uninstall.
    Some days ago ,I removed Win XP as it had crashed during a Beta testing of a software


    Sorry for the Big font.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/920196

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice