BleepingComputer.com: I think I'm infected...

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

I think I'm infected...

#1 User is offline   babyblue81 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 05-January 10

Posted 07 January 2010 - 12:41 PM

Hi, everyone ...I hope there is someone who can help me out.
I have an Acer Aspire 7220 Vista and have problems with this computer sinds I reinstalled Convertxtodvd.
First my E drive dissapeared and I could burn anything anymore.
Now I get a warning my computer cannot connect to the microsoft Group service.
My E drive keeps popping up but when I wantto burn something he is gone..
I uninstalled convertxtodvd but it didn't help.
I have installed Mc Afee antivirus and have also siteadvisor buti don't see the siteadvisor anywhere..
So I really think i'm infected...

Here ismy Hijack log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:34:31, on 7-1-2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Users\cherell\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mediazoneja.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://nl.intl.acer.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6424 bytes

This post has been edited by Orange Blossom: 22 January 2010 - 01:25 AM
Reason for edit: Move to HJT. ~ OB

#2 User is offline   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 38,982
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 22 January 2010 - 07:38 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results. Post both logs (no need to zip attach.txt).
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)
  • GMER log

Please do NOT post logs as attachments, unless you are unable to copy/paste a log directly in the reply box.

Thanks and again sorry for the delay.
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#3 User is offline   babyblue81 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 05-January 10

Posted 22 January 2010 - 04:41 PM

Hi Elise...

Thanks for helping me out...
I have reinstalled my computer with windows 7 but I still have the same problem...

Here are my logs..

DDS (Ver_09-12-01.01) - NTFSx86
Run by gazaqueen at 22:30:46,57 on vr 22-01-2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.1791.1286 [GMT 1:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\gazaqueen\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mediazoneja.com/
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: {DE46D8BB-A959-40B1-83DB-DC4A35684774} = 156.154.70.25,156.154.71.25
TCP: {F4680117-1079-471C-A429-A713942101DC} = 156.154.70.25,156.154.71.25
AppInit_DLLs: c:\windows\system32\guard32.dll

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2010-1-20 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-1-20 29520]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

=============== Created Last 30 ================

2010-01-22 21:12:22 0 d-----w- c:\program files\CCleaner
2010-01-22 18:39:06 0 d-----w- c:\windows\Installer
2010-01-22 12:22:15 0 d-sh--w- C:\$RECYCLE.BIN
2010-01-22 12:09:41 77312 ----a-w- c:\windows\MBR.exe
2010-01-22 12:09:41 261632 ----a-w- c:\windows\PEV.exe
2010-01-22 01:12:44 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-22 01:12:44 47360 ----a-w- c:\users\gazaqu~1\appdata\roaming\pcouffin.sys
2010-01-22 01:12:33 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-01-22 01:12:33 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-01-22 01:12:33 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-01-22 01:12:33 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-01-22 01:12:33 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-01-22 01:12:32 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-01-22 01:12:32 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-01-22 01:12:12 0 d-----w- c:\program files\VSO
2010-01-22 01:02:31 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-20 20:47:21 0 d-----w- c:\users\gazaqu~1\appdata\roaming\Malwarebytes
2010-01-20 20:47:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 20:47:15 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 20:47:15 0 d-----w- c:\programdata\Malwarebytes
2010-01-20 20:47:15 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 13:56:42 272 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-01-20 13:50:39 0 d-----w- c:\programdata\Comodo
2010-01-20 13:50:37 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-01-20 13:50:37 171552 ----a-w- c:\windows\system32\guard32.dll
2010-01-20 13:50:37 128376 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-01-20 13:50:37 0 d-----w- c:\program files\COMODO
2010-01-20 13:42:48 0 d-----w- c:\programdata\NVIDIA
2010-01-20 13:40:04 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-01-20 13:38:19 797216 ----a-w- c:\windows\system32\nvcplui.exe
2010-01-20 13:38:19 420384 ----a-w- c:\windows\system32\nvcpl.cpl
2010-01-20 13:38:19 1108512 ----a-w- c:\windows\system32\nvcpluir.dll
2010-01-20 13:38:18 453152 ----a-w- c:\windows\system32\nvuninst.exe
2010-01-20 13:36:51 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-20 13:33:43 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-01-20 13:33:43 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-01-20 13:33:42 507568 ----a-w- c:\windows\system32\winload.exe
2010-01-20 13:33:42 442920 ----a-w- c:\windows\system32\winresume.exe
2010-01-20 13:33:42 2613248 ----a-w- c:\windows\explorer.exe
2010-01-20 13:33:42 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-20 13:33:39 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-01-20 13:33:24 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-20 13:33:24 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-01-20 13:33:24 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-20 13:32:58 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-20 13:24:36 1523502 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-01-20 13:18:08 0 d-----w- c:\windows\system32\wbem\Performance
2010-01-20 13:16:33 0 d-sh--we c:\programdata\Sjablonen
2010-01-20 13:16:33 0 d-sh--we c:\programdata\Menu Start
2010-01-20 13:16:33 0 d-sh--we c:\programdata\Favorieten
2010-01-20 13:16:33 0 d-sh--we c:\programdata\Documenten
2010-01-20 13:16:33 0 d-sh--we c:\programdata\Bureaublad
2010-01-20 13:16:33 0 d-----w- C:\Recovery
2010-01-20 11:57:36 0 d-----w- c:\windows\Panther
2010-01-20 11:57:03 171136 --sha-r- C:\grldr
2010-01-20 11:57:03 0 d-----w- c:\windows\system32\oem
2010-01-20 10:56:10 0 d-----w- C:\Convesoft

==================== Find3M ====================

2010-01-22 21:07:17 691728 ----a-w- c:\windows\system32\perfh013.dat
2010-01-22 21:07:17 130232 ----a-w- c:\windows\system32\perfc013.dat
2009-07-14 08:27:10 43068 ----a-w- c:\windows\inf\perflib\0413\perfd.dat
2009-07-14 08:27:10 43068 ----a-w- c:\windows\inf\perflib\0413\perfc.dat
2009-07-14 08:27:10 341322 ----a-w- c:\windows\inf\perflib\0413\perfi.dat
2009-07-14 08:27:10 341322 ----a-w- c:\windows\inf\perflib\0413\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 22:31:03,34 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 20-1-2010 13:11:03
System Uptime: 22-1-2010 22:02:18 (0 hours ago)

Motherboard: Acer | | Fuquene
Processor: Mobile AMD Sempron™ Processor 3600+ | Socket A | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 33 GiB total, 22,627 GiB free.
D: is FIXED (NTFS) - 32 GiB total, 32,158 GiB free.

==== Disabled Device Manager Items =============

Class GUID:
Description: Base System-apparaat
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01261025&REV_12\4&2A4C3A5&0&2340
Manufacturer:
Name: Base System-apparaat
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_01261025&REV_12\4&2A4C3A5&0&2340
Service:

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: PCI-systeembeheer NVIDIA nForce
Device ID: PCI\VEN_10DE&DEV_0542&SUBSYS_01261025&REV_A2\3&2411E6FE&1&09
Manufacturer: NVIDIA
Name: PCI-systeembeheer NVIDIA nForce
PNP Device ID: PCI\VEN_10DE&DEV_0542&SUBSYS_01261025&REV_A2\3&2411E6FE&1&09
Service:

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Composite Bus Enumerator
Device ID: ROOT\COMPOSITEBUS\0000
Manufacturer: Microsoft
Name: Composite Bus Enumerator
PNP Device ID: ROOT\COMPOSITEBUS\0000
Service: CompositeBus

Class GUID:
Description: Coprocessor
Device ID: PCI\VEN_10DE&DEV_0543&SUBSYS_01261025&REV_A2\3&2411E6FE&1&0B
Manufacturer:
Name: Coprocessor
PNP Device ID: PCI\VEN_10DE&DEV_0543&SUBSYS_01261025&REV_A2\3&2411E6FE&1&0B
Service:

Class GUID:
Description:
Device ID: ACPI\ENE0100\4&971C358&0
Manufacturer:
Name:
PNP Device ID: ACPI\ENE0100\4&971C358&0
Service:

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Remote Desktop Device Redirector Bus
Device ID: ROOT\RDPBUS\0000
Manufacturer: Microsoft
Name: Remote Desktop Device Redirector Bus
PNP Device ID: ROOT\RDPBUS\0000
Service: rdpbus

Class GUID:
Description: Base System-apparaat
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01261025&REV_12\4&2A4C3A5&0&2240
Manufacturer:
Name: Base System-apparaat
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_01261025&REV_12\4&2A4C3A5&0&2240
Service:

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Programmeerbare interruptcontroller
Device ID: ACPI\PNP0000\4&971C358&0
Manufacturer: (standaardsysteemapparaten)
Name: Programmeerbare interruptcontroller
PNP Device ID: ACPI\PNP0000\4&971C358&0
Service:

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: Controller voor directe geheugentoegang
Device ID: ACPI\PNP0200\4&971C358&0
Manufacturer: (standaardsysteemapparaten)
Name: Controller voor directe geheugentoegang
PNP Device ID: ACPI\PNP0200\4&971C358&0
Service:

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Draadloze netwerkadapter AR5007EG van Atheros
Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_04281468&REV_01\4&367D0EC4&0&0068
Manufacturer: Atheros Communications Inc.
Name: Draadloze netwerkadapter AR5007EG van Atheros
PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_04281468&REV_01\4&367D0EC4&0&0068
Service: athr

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

CCleaner
COMODO Internet Security
ConvertXtoDVD 4.0.3.313
Malwarebytes' Anti-Malware
NVIDIA Drivers
WinRAR

==== End Of File ===========================


And Gmer:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-22 22:40:52
Windows 6.1.7600
Running: pgy9qxxc.exe; Driver: C:\Users\GAZAQU~1\AppData\Local\Temp\pxlcipow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x887D2F80]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x887D3F4E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x887D3166]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x887D23EC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x887D2BE6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x887D22CE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x887D2A74]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x887D3C08]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x887D1E94]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x887D3272]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x887D1CC6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x887D388A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x887D2670]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x887D2DC2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0x887D19F6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x887D2900]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0x887D1B6E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x887D43B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x887D3626]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x887D3A38]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x887D260A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x887D27F4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x887D2198]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x887D2066]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E22AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E22104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E223F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E0A634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E0A898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E221DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E22958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E226F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E22F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E231A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E82579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EA6F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 220 82EAE720 4 Bytes [80, 2F, 7D, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 248 82EAE748 8 Bytes [4E, 3F, 7D, 88, 66, 31, 7D, ...] {DEC ESI; AAS ; JGE 0xffffffffffffff8c; XOR [EBP-0x78], DI}
.text ntkrnlpa.exe!RtlSidHashLookup + 2DC 82EAE7DC 4 Bytes [EC, 23, 7D, 88] {IN AL, DX ; AND EDI, [EBP-0x78]}
.text ntkrnlpa.exe!RtlSidHashLookup + 2F8 82EAE7F8 4 Bytes [E6, 2B, 7D, 88] {OUT 0x2b, AL; JGE 0xffffffffffffff8c}
.text ntkrnlpa.exe!RtlSidHashLookup + 324 82EAE824 4 Bytes [CE, 22, 7D, 88] {INTO ; AND BH, [EBP-0x78]}
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E812340, 0x3EE217, 0xE8000020]
.text peauth.sys 93F68C9D 28 Bytes [9E, 50, E2, CD, DA, A1, E7, ...]
.text peauth.sys 93F68CC1 28 Bytes [9E, 50, E2, CD, DA, A1, E7, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[764] ntdll.dll!NtAllocateVirtualMemory 77164720 5 Bytes JMP 0040F940 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] ntdll.dll!NtAllocateVirtualMemory 77164720 5 Bytes JMP 0050DF00 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!CreateWindowExW 767F0E51 5 Bytes JMP 6E06801F C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!DialogBoxIndirectParamW 76814AA7 5 Bytes JMP 6E18EDC0 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!DialogBoxParamW 7681564A 5 Bytes JMP 6DF84D5B C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!DialogBoxParamA 7682CF6A 5 Bytes JMP 6E18ED5D C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!DialogBoxIndirectParamA 7682D29C 5 Bytes JMP 6E18EE23 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!MessageBoxIndirectA 7683E8C9 5 Bytes JMP 6E18ECF2 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!MessageBoxIndirectW 7683E9C3 5 Bytes JMP 6E18EC87 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!MessageBoxExA 7683EA29 5 Bytes JMP 6E18EC25 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3116] USER32.dll!MessageBoxExW 7683EA4D 5 Bytes JMP 6E18EBC3 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!UnhookWindowsHookEx 767ECC7B 5 Bytes JMP 6E0781D8 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!CallNextHookEx 767ECC8F 5 Bytes JMP 6E059A6C C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!CreateWindowExW 767F0E51 5 Bytes JMP 6E06801F C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!SetWindowsHookExW 767F210A 5 Bytes JMP 6E0146DB C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!DialogBoxIndirectParamW 76814AA7 5 Bytes JMP 6E18EDC0 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!DialogBoxParamW 7681564A 5 Bytes JMP 6DF84D5B C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!DialogBoxParamA 7682CF6A 5 Bytes JMP 6E18ED5D C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!DialogBoxIndirectParamA 7682D29C 5 Bytes JMP 6E18EE23 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!MessageBoxIndirectA 7683E8C9 5 Bytes JMP 6E18ECF2 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!MessageBoxIndirectW 7683E9C3 5 Bytes JMP 6E18EC87 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!MessageBoxExA 7683EA29 5 Bytes JMP 6E18EC25 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] USER32.dll!MessageBoxExW 7683EA4D 5 Bytes JMP 6E18EBC3 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] ole32.dll!OleLoadFromStream 76B45B88 5 Bytes JMP 6E18F137 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3200] ole32.dll!CoCreateInstance 76B957FC 5 Bytes JMP 6E068B0D C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\rundll32.exe[1344] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [751C5D3D] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1344] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [751C5D3D] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1344] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [751C5D3D] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Windows\system32\rundll32.exe[1344] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [751C5D3D] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2004] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [751C5D3D] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2004] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [751C5D3D] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2004] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [751C5D3D] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2004] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [751C5D3D] C:\Windows\system32\apphelp.dll (Toepassingscompatibiliteit van de client/Microsoft Corporation)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00618170] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [00617B10] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [00618250] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00618130] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00618200] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [006182E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [006181B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [00617290] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [00617BA0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [00617C60] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [00617240] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [00617700] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [00617670] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [00617D20] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00618200] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [006182E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00618130] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00618170] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExA] [006181B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [006172D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [006180D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawEdge] [006180B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [006174C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [00617E40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [00617F50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [006173B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [00617530] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetScrollPos] [00617320] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [00617240] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHELL32.dll [USER32.dll!RegisterClassW] [00617C60] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [00618060] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [00617700] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [00617D20] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!DeleteObject] [00617290] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00618130] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00618170] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\ole32.dll [GDI32.dll!DeleteObject] [00617290] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\ole32.dll [USER32.dll!CallWindowProcW] [00617530] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSysColor] [00617240] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSystemMetrics] [00617D20] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [00617E40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\ole32.dll [USER32.dll!RegisterClassW] [00617C60] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\ole32.dll [USER32.dll!DefWindowProcW] [00617700] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00618170] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00618130] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00618200] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [006181B0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00618130] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2012] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [006182E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000045 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.15 ----

#4 User is offline   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 38,982
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 23 January 2010 - 03:33 AM

Hello,

Your logs show you have been running Combofix. Please post me the log at c:\combofix.txt

Please note: ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert." It is NOT for unsupervised use. Please read Combofix's Disclaimer.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#5 User is offline   babyblue81 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 05-January 10

Posted 23 January 2010 - 05:18 AM

Hi,

I made a new one ...here it is:

ComboFix 10-01-22.03 - gazaqueen 23-01-2010 11:02:01.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.1791.1216 [GMT 1:00]
Gestart vanuit: c:\users\gazaqueen\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((((((((((( Other removals )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Help\help
c:\windows\Help\help\nl-NL\Help.h1c
c:\windows\Help\help\nl-NL\Help.H1T
c:\windows\Help\help\nl-NL\Help_AssetId.H1K
c:\windows\Help\help\nl-NL\Help_BestBet.H1K
c:\windows\Help\help\nl-NL\Help_LinkTerm.H1K
c:\windows\Help\help\nl-NL\Help_SubjectTerm.H1K
c:\windows\Help\help\nl-NL\resources.H1S
c:\windows\Help\help\nl-NL\stopwrds.stp

.
(((((((((((((((((((( Files Made 2009-12-23 to 2010-01-23 ))))))))))))))))))))))))))))))
.

2010-01-23 10:10 . 2010-01-23 10:10 -------- d-----w- c:\users\gazaqueen\AppData\Local\temp
2010-01-23 10:10 . 2010-01-23 10:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-23 10:10 . 2010-01-23 10:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-22 21:12 . 2010-01-22 21:12 -------- d-----w- c:\program files\CCleaner
2010-01-22 18:39 . 2010-01-22 18:39 -------- d-----w- c:\windows\Installer
2010-01-22 12:37 . 2010-01-22 12:37 -------- d-----w- c:\users\gazaqueen\AppData\Local\ElevatedDiagnostics
2010-01-22 11:55 . 2010-01-22 11:55 57560 ----a-w- c:\users\gazaqueen\AppData\Local\GDIPFONTCACHEV1.DAT
2010-01-22 01:12 . 2010-01-22 01:12 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-22 01:12 . 2010-01-22 01:12 47360 ----a-w- c:\users\gazaqueen\AppData\Roaming\pcouffin.sys
2010-01-22 01:12 . 2010-01-22 01:29 -------- d-----w- c:\users\gazaqueen\AppData\Roaming\Vso
2010-01-22 01:12 . 2009-09-02 15:41 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-01-22 01:12 . 2009-09-02 15:41 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-01-22 01:12 . 2009-09-02 15:41 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-01-22 01:12 . 2009-09-02 15:41 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-01-22 01:12 . 2009-09-02 15:41 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-01-22 01:12 . 2009-09-02 15:41 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-01-22 01:12 . 2009-09-02 15:41 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-01-22 01:12 . 2010-01-22 01:12 -------- d-----w- c:\program files\VSO
2010-01-22 01:02 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-20 20:47 . 2010-01-20 20:47 -------- d-----w- c:\users\gazaqueen\AppData\Roaming\Malwarebytes
2010-01-20 20:47 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 20:47 . 2010-01-20 20:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 20:47 . 2010-01-20 20:47 -------- d-----w- c:\programdata\Malwarebytes
2010-01-20 20:47 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 19:29 . 2010-01-22 12:40 -------- d-----w- c:\users\gazaqueen\AppData\Local\Diagnostics
2010-01-20 13:50 . 2010-01-20 13:57 -------- d-----w- c:\programdata\Comodo
2010-01-20 13:50 . 2010-01-20 13:50 -------- d-----w- c:\program files\COMODO
2010-01-20 13:50 . 2010-01-20 13:50 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-01-20 13:50 . 2010-01-20 13:50 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-01-20 13:50 . 2010-01-20 13:50 171552 ----a-w- c:\windows\system32\guard32.dll
2010-01-20 13:50 . 2010-01-20 13:50 128376 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-01-20 13:42 . 2010-01-20 13:43 -------- d-----w- c:\programdata\NVIDIA
2010-01-20 13:40 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-01-20 13:38 . 2009-03-06 10:52 797216 ----a-w- c:\windows\system32\nvcplui.exe
2010-01-20 13:38 . 2009-03-06 10:52 1108512 ----a-w- c:\windows\system32\nvcpluir.dll
2010-01-20 13:38 . 2009-03-06 10:52 453152 ----a-w- c:\windows\system32\nvuninst.exe
2010-01-20 13:36 . 2009-10-29 07:22 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-20 13:33 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-01-20 13:33 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-01-20 13:33 . 2009-08-29 06:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-20 13:33 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
2010-01-20 13:33 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
2010-01-20 13:33 . 2009-08-03 05:35 2613248 ----a-w- c:\windows\explorer.exe
2010-01-20 13:33 . 2009-08-29 06:57 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-01-20 13:33 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-20 13:33 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-20 13:33 . 2009-07-30 04:44 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-01-20 13:32 . 2010-01-14 10:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-20 13:18 . 2010-01-23 09:55 -------- d-----w- c:\windows\system32\wbem\Performance
2010-01-20 13:16 . 2010-01-20 13:16 -------- d-----w- C:\Recovery
2010-01-20 13:16 . 2010-01-20 13:16 -------- d-sh--we c:\users\Default\Sjablonen
2010-01-20 13:16 . 2010-01-20 13:16 -------- d-sh--we c:\users\Default\Netwerkprinteromgeving
2010-01-20 13:16 . 2010-01-20 13:16 -------- d-sh--we c:\users\Default\Mijn documenten
2010-01-20 13:16 . 2010-01-20 13:16 -------- d-sh--we c:\users\Default\Menu Start
2010-01-20 13:16 . 2010-01-20 13:16 -------- d-sh--we c:\users\Default\AppData\Local\Geschiedenis
2010-01-20 13:16 . 2010-01-20 13:16 -------- d-sh--we c:\programdata\Sjablonen
2010-01-20 13:16 . 2010-01-20 13:16 -------- d-sh--we c:\programdata\Menu Start
2010-01-20 13:16 . 2010-01-20 13:16 -------- d-sh--we c:\programdata\Favorieten
2010-01-20 13:16 . 2010-01-20 13:16 -------- d-sh--we c:\programdata\Documenten
2010-01-20 13:16 . 2010-01-20 13:16 -------- d-sh--we c:\programdata\Bureaublad
2010-01-20 11:57 . 2010-01-20 12:11 -------- d-----w- c:\windows\Panther
2010-01-20 11:57 . 2010-01-20 11:57 -------- d-----w- c:\windows\system32\oem
2010-01-20 10:56 . 2010-01-20 10:56 -------- d-----w- C:\Convesoft

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 09:55 . 2009-07-14 08:27 691728 ----a-w- c:\windows\system32\perfh013.dat
2010-01-23 09:55 . 2009-07-14 08:27 130232 ----a-w- c:\windows\system32\perfc013.dat
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg start up points )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-20 1800464]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [20-1-2010 14:50 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [20-1-2010 14:50 29520]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [14-7-2009 0:52 48128]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\System32\drivers\VSTAZL3.SYS [13-7-2009 23:13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\System32\drivers\VSTDPV3.SYS [13-7-2009 23:13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\System32\drivers\VSTCNXT3.SYS [13-7-2009 23:13 661504]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.mediazoneja.com/
TCP: {DE46D8BB-A959-40B1-83DB-DC4A35684774} = 156.154.70.25,156.154.71.25
TCP: {F4680117-1079-471C-A429-A713942101DC} = 156.154.70.25,156.154.71.25
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2010-01-23 11:14:23
ComboFix-quarantined-files.txt 2010-01-23 10:14

Pre-Run: 24.216.203.264 bytes beschikbaar
Post-Run: 24.212.758.528 bytes beschikbaar

- - End Of File - - 9BAC1368673D2DC15EA95F09C21F1F9D


#6 User is offline   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 38,982
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 23 January 2010 - 05:27 AM

Hi, your log shows you are using the following IP address: 156.154.71.25 (NeuStar, US)

However, I see many Dutch filenames, so I was wondering about the IP address, since it is not Dutch. Can you please confirm you are indeed using this IP address, so I know its not put there by malware?


regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#7 User is offline   babyblue81 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 05-January 10

Posted 23 January 2010 - 05:37 AM

Hi,

Thats a comodo ip adress...
Because of the problems I had , when I reinstalled everything comodo asked if I want to have my DNS settings via their servers..
And I said yes..

#8 User is offline   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 38,982
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 23 January 2010 - 11:17 AM

Did you install/update all hardware drivers? Also, whats on your E drive?

DDS attach.txt shows quite some disabled devices, did you disable those on purpose?
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#9 User is offline   babyblue81 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 05-January 10

Posted 23 January 2010 - 07:27 PM

Yes when it was still a vista I downloaded Nvidia drivers from the acer webside..I tought it would fix my problem of my E drive keeps dissapearing but it didn't help..
My E drive is my CD-DVD rom...Sometimes it appeares and most of the time its gone..
It all started when I upgraded VSO Convertxtodvd 2 months ago..My E drive started to dissapeare , I could convert but not burn to my e drive ..
Then I asked somebody to help me out and said my E drive is also my build in recovery CD so maby the best thing is to reinstall..
And I decided to reinstall my Vista but the problems weren't gone..It started right away..no acces to my network...every change I made it was changed back..
It looked like my Acer recovery en empowering technology were corrupted, so I tried windows 7 dvd without th Acer thing but they are installed anyway.
It also took me a while to install windows..like 5 hours...restart tried again, again and again..
Hope it clears up some things..


#10 User is offline   babyblue81 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 05-January 10

Posted 23 January 2010 - 07:31 PM

I dissabled remote desktop device redirector bus..wireless adapter...and all others..like unknown..base system..coprocessor..

#11 User is offline   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 38,982
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 24 January 2010 - 09:22 AM

Lets double check no rootkit is involved here.

Please navigate to the following file: c:\windows\mbr.exe
Double click on it to run it. A command window will flash briefly.
You will find the log at c:\windows\mbr.log
Post the contents of this log in your next reply.


regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#12 User is offline   babyblue81 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 05-January 10

Posted 24 January 2010 - 10:46 AM

Hi,

I have tried it and I see the window pop up briefly but no log file..
I get a message cannot find log file please check the name and try again...

#13 User is offline   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 38,982
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 24 January 2010 - 01:37 PM

Sorry, my bad, right click on mbr.exe and select "run as adminstrator".
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

#14 User is offline   babyblue81 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 9
  • Joined: 05-January 10

Posted 27 January 2010 - 04:29 AM

Hi,

My computer has start up problems now...As soon as it works again I will check the MBR..
Thanks for your patience...

#15 User is offline   Elise 

  • Bleepin' Blonde
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Admin
  • Posts: 38,982
  • Joined: 05-October 07
  • Gender:Female
  • Location:Romania

Posted 27 January 2010 - 05:32 AM

Okay, let me know if you need any help smile.gif
regards, Elise

"The mind is its own place, and in itself can make a heaven of hell, a hell of heaven." ~ John Milton
Posted Image Follow BleepingComputer on: Facebook | Twitter | Google+

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users