Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i cant remove this malware...


  • This topic is locked This topic is locked
2 replies to this topic

#1 renejr902

renejr902

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:39 AM

Posted 21 December 2008 - 02:05 PM

i tried anti-malware, super antispyware, cclean, remove it pro, spybot, rogue remover, gmer, ad-aware... it cant remove it. and the worst thing is, all this apps cant find any trojan, virus, spyware. i cleaned everything. all of them are updated. i tried to clean my computer with each progam in normal boot and safe mode. i had a few rootkit, but i removed all of them. all files and registry entry, i read some info on google.

the problem is: When i power on my computer, windows startup normally, but when windows is starting, a explorer page open automatically with this web site: <http://www.webthangs.com/count/rotate/click.php?id=1>
and redirect to <http://publishers.xy7..>. and redirect again to this: <http://www.geniusinspiration.com/cab...y&keyword=CD51>
note: its strange but sometime it only open explorer with google.ca instead. but most of time it open with webhangs.... and sometime webhangs cant load.

i closed the web site and can navaigate again without problem, but EVERY 15 minutes, the explorer page open again automatically and the same web open one after another. for example: im playing a 3d game, my game exiting and im back with the explorer page every 15 minutes. i cant play much then 15 minutes without this problem.

i have windows xp sp3 professional original and i use avg 8.0 free edition.
i cant format my hard disk, so i must remove that problem or live with it.
i have more than 80 hours installation time in this computer. i will not reinstall all that again

i will post : Hijackthis.log attach.txt dds.txt ark.txt



thanks for help


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:04:11, on 2008-12-21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\checksum.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\diskkeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\Program Files\Systran\4_0\Premium\IEPlugIn.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [CheckSum] C:\WINDOWS\system32\cks.bat
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)
O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)
O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\diskkeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 6685 bytes



THIS IS MY DDS.txt:


DDS (Version 1.1.0) - NTFSx86
Run by Rene at 13:43:07,57 on 2008-12-20
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.3327.2816 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\checksum.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\Program Files\diskkeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rene\Desktop\dds.com

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mWinlogon: System=c:\windows\system32\svch?st.exe,
mWinlogon: SfcDisable=-99 (0xffffff9d)
TB: {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - c:\program files\systran\4_0\premium\IEPlugIn.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Start WingMan Profiler] "c:\program files\logitech\profiler\lwemon.exe" /noui
mRun: [nwiz] nwiz.exe /install
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CTHelper] CTHELPER.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRunOnce: [CheckSum] c:\windows\system32\cks.bat
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

============= SERVICES / DRIVERS ===============

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-8-20 39472]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2008-7-31 150568]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-14 97928]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-14 26824]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-12-4 55024]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\cyberlink\powerdvd8\000.fcl [2008-5-15 61424]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-12-14 231704]
R2 Devx;Devx;c:\windows\system32\drivers\Devx.sys [2008-8-2 4448]
R2 VtPr;VtPr;c:\windows\system32\drivers\VtPr.sys [2008-8-2 3328]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.SYS [2008-6-27 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.SYS [2008-6-27 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.SYS [2008-6-27 566296]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-7-31 36864]
R3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;c:\windows\system32\drivers\xusb20.sys [2006-10-13 50048]
S0 chowgnve;chowgnve;c:\windows\system32\drivers\xrniqlb.sys []
S0 ojklva;ojklva;c:\windows\system32\drivers\cjukz.sys []
S0 wqzus;wqzus;c:\windows\system32\drivers\dxxpwrs.sys []
S1 83eba970;83eba970;c:\windows\system32\drivers\83eba970.sys [2008-12-14 0]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2008-6-27 99352]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2008-6-27 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.SYS [2008-6-27 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2008-6-27 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2008-6-27 566296]
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2008-12-20 01:05 120,056 -------- c:\windows\system32\pxcpyi64.exe
2008-12-20 01:05 118,520 -------- c:\windows\system32\pxinsi64.exe
2008-12-19 22:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-19 22:56 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-19 22:56 <DIR> --d----- c:\docume~1\rene\applic~1\SUPERAntiSpyware.com
2008-12-19 22:50 <DIR> --d----- c:\program files\FileASSASSIN
2008-12-19 22:48 <DIR> --d----- c:\program files\RogueRemover FREE
2008-12-19 22:00 <DIR> --d----- c:\program files\InCode Solutions
2008-12-15 01:39 171,136 a--shr-- C:\grldr
2008-12-14 23:47 <DIR> --d----- c:\program files\Lavasoft
2008-12-14 22:28 <DIR> --d-h--- C:\$AVG8.VAULT$
2008-12-14 22:21 10,520 a------- c:\windows\system32\avgrsstx.dll
2008-12-14 22:21 97,928 a------- c:\windows\system32\drivers\avgldx86.sys
2008-12-14 22:21 <DIR> --d----- c:\windows\system32\drivers\Avg
2008-12-14 22:09 49,152 a------- c:\windows\system32\svch?st.exe
2008-12-14 22:06 223,128 a------- c:\windows\system32\drivers\dtscsi.sys
2008-12-14 22:06 <DIR> --d----- c:\program files\DAEMON Tools
2008-12-14 22:03 717,296 a------- c:\windows\system32\drivers\sptd.sys
2008-12-14 20:59 30,528 a------- c:\windows\system32\BMXBkpCtrlState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
2008-12-14 20:59 11,564 a------- c:\windows\system32\DVCState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
2008-12-14 20:59 4,958,588 a------- c:\windows\{00000005-00000000-00000002-00001102-00000004-20021102}.BAK
2008-12-14 20:58 <DIR> --d----- c:\program files\Creative
2008-12-14 20:34 <DIR> --d----- c:\windows\system32\dllcache
2008-12-14 20:33 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2008-12-14 20:33 749 a---hr-- c:\windows\WindowsShell.Manifest
2008-12-14 20:33 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2008-12-14 20:33 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2008-12-14 20:33 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2008-12-14 20:33 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2008-12-14 20:20 198,941 a------- c:\windows\system32\nvapps.nvb
2008-12-14 20:20 <DIR> --d----- c:\windows\NV9201656.TMP
2008-12-14 20:17 13,312 a------- c:\windows\system32\irclass.dll
2008-12-14 20:17 24,661 a------- c:\windows\system32\spxcoins.dll
2008-12-14 20:17 16,535 a----r-- c:\windows\SETAA.tmp
2008-12-14 20:17 1,088,840 a----r-- c:\windows\SET9E.tmp
2008-12-14 20:17 1,296,669 a----r-- c:\windows\SET9B.tmp
2008-12-14 19:06 <DIR> --d----- c:\program files\DAEMON Tools Lite
2008-12-14 18:56 <DIR> --d----- c:\windows\Downloaded Installations
2008-12-14 18:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2008-12-14 18:24 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avg8
2008-12-14 18:13 51,056 a------- c:\windows\setupapi.old
2008-12-14 17:53 <DIR> --d----- c:\program files\Trend Micro
2008-12-14 17:09 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-14 17:09 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-14 17:09 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-14 17:04 <DIR> --d----- c:\docume~1\rene\applic~1\DAEMON Tools Pro
2008-12-14 16:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Grisoft
2008-12-14 04:53 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-14 04:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-14 04:51 <DIR> --d----- c:\program files\RegCleaner
2008-12-14 04:13 <DIR> --d----- c:\program files\CCleaner
2008-12-14 03:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2008-12-14 03:55 <DIR> --d----- c:\docume~1\rene\applic~1\DAEMON Tools Lite
2008-12-14 02:58 <DIR> --d----- c:\program files\VideoLAN
2008-12-14 02:52 16,320,472 a------- C:\vlc-0.9.8a-win32.exe
2008-12-14 02:33 0 a------- c:\windows\system32\drivers\83eba970.sys
2008-12-14 02:33 2 a------- C:\-931777760
2008-12-14 02:33 576,000 a------- c:\windows\uninstall.exe
2008-12-14 02:33 176 a------- c:\windows\system32\eowero.vbs
2008-12-14 02:33 151 a------- c:\windows\system32\cks.bat
2008-12-14 02:33 <DIR> --d----- c:\program files\Uninstall
2008-12-14 02:33 22,406 -------- c:\windows\system32\checksum.exe
2008-12-14 02:33 <DIR> --d----- c:\windows\HDTVPlayer v3.5
2008-12-14 02:22 176 a------- c:\windows\eower.vbs
2008-12-14 02:22 45 a------- c:\windows\sys.bat
2008-12-14 02:22 <DIR> --d----- c:\windows\Setup
2008-12-14 02:22 <DIR> --d----- c:\program files\Setup
2008-12-14 02:22 <DIR> --d----- c:\windows\HDTVXviD Codec
2008-12-12 23:54 <DIR> --d----- c:\windows\system32\LogFiles
2008-12-12 21:42 <DIR> --dsh--- c:\windows\UmVuZSBNb3Jpbg
2008-12-12 21:42 <DIR> --d----- c:\temp\REX81
2008-12-12 21:42 <DIR> --d----- c:\windows\system32\vc
2008-12-12 21:42 <DIR> --d----- c:\windows\system32\foi
2008-12-12 16:10 106,130 a------- c:\windows\runner.exe
2008-11-26 22:01 547,840 a------- c:\windows\system32\wiaaut.dll
2008-11-26 22:01 132,880 a------- c:\windows\system32\MSINET.OCX
2008-11-26 22:01 108,336 a------- c:\windows\system32\Mswinsck.ocx
2008-11-26 22:01 102,400 a------- c:\windows\system32\DinkITXPUIMenus.ocx
2008-11-26 22:01 65,536 a------- c:\windows\system32\EnhSliderOcx.ocx
2008-11-26 22:01 64,000 a------- c:\windows\system32\wiaaut.oca
2008-11-24 16:29 <DIR> --d----- c:\windows\system32\xlive
2008-11-24 16:23 <DIR> --d----- c:\docume~1\rene\applic~1\Microsoft Games
2008-11-21 16:47 524,288 a------- c:\windows\system32\DivXsm.exe
2008-11-21 16:47 4,816 a------- c:\windows\system32\divxsm.tlb
2008-11-21 16:47 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-11-21 16:46 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-21 16:46 200,704 a------- c:\windows\system32\ssldivx.dll
2008-11-21 16:44 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 16:44 12,288 a------- c:\windows\system32\DivXWMPExtType.dll

==================== Find3M ====================

2008-12-14 20:57 444,952 a------- c:\windows\system32\wrap_oal.dll
2008-12-14 20:57 109,080 a------- c:\windows\system32\OpenAL32.dll
2008-12-14 20:30 22,720 a------- c:\windows\system32\emptyregdb.dat
2008-11-24 17:19 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-11-21 16:47 129,784 -------- c:\windows\system32\pxafs.dll
2008-11-12 21:16 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb20_01001.Wdf
2008-11-12 21:16 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2008-10-28 04:08 38,972,478 a------- c:\windows\pif\pif3.zip
2008-08-03 21:21 522 a------- c:\program files\Shortcut to dgVoodoo1.50Beta2.lnk
2008-08-01 15:05 1,569 a------- c:\program files\uninstal.log
2006-06-24 01:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe
2008-07-31 06:23 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008073120080801\index.dat

ATTACH.TXT:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2008-12-14 20:34:41
System Uptime: 2008-12-20 11:25:45 (2 hours ago)

Motherboard: ASUSTeK Computer INC. | | P5Q
Processor: Intel Pentium III Xeon processor | LGA 775 | 2999/376mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 230 GiB total, 42,502 GiB free.
D: is FIXED (NTFS) - 100 GiB total, 69,428 GiB free.
E: is FIXED (NTFS) - 135 GiB total, 47,692 GiB free.
G: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP14: 2008-12-19 23:41:02 - Installed SUPERAntiSpyware Free Edition

==== Installed Programs ======================


4x4 Evo2
7-Zip 4.57
ACE Mega CoDecS Pack
Ad-Aware
Adobe Reader 8.1.2
Age of Empires III
Antidote RX v2
Aquadelic GT 1.0.0.0
Atheros Communications Inc.® AR8121/AR8113 Gigabit/Fast Ethernet Driver
AutoUpdate
AVG Free 8.0
Bejeweled Deluxe 1.6z
Big City Adventure San Francisco
BSPlayer
Canon i470D
CCleaner (remove only)
Cool Edit Pro 2.1
Creative Audio Console
Croc 2
CyberLink PowerDVD8
Daytona USA
DEVIL MAY CRY 4
DiRT
Diskeeper 2007 Pro Premier
Divine Divinity
DivX Codec
DivX Player
Download Manager 2.3.6
Drome Racers
Dungeon Siege Demo
EA Network Play System
Electronic Arts Game Updater
Enclave
eRacer
Fable - The Lost Chapters
Far Cry
Far Cry (Patch 1.3)
Far Cry (Patch 1.31)
Far Cry (Patch 1.33)
ffdshow (remove only)
FileASSASSIN
Final Fantasy VII
Final Fantasy VII XP Patch
FlatOut
FlatOut2
Fraps
Gears of War
GRID
GTR 2 1.0.0.0
Heroes of Might and Magic® IV
HijackThis 2.0.2
IsoBuster 2.3
Java™ 6 Update 7
Jazz Jackrabbit 2
Lecteur Windows Media 11
LimeWire 4.18.3
Logitech Gaming Software
Malwarebytes' Anti-Malware
Malwarebytes' RogueRemover
Megaman X5
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft Application Compatibility Toolkit 5.0
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (French) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Word MUI (French) 2007
Microsoft RalliSport Challenge
Microsoft Silverlight
Microsoft Software Update for Web Folders (French) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Xbox 360 Accessories 1.0
mIRC
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Moto Racer
Moto Racer 2
MSN
MSXML 4.0 SP2 (KB941833)
MVP Baseball 2003
Need For Speed - Porsche Unleashed
Need for speed 4 high stakes
Need For Speed High Stakes
Need For Speed Hot Pursuit 2
Need For Speed II SE
Need For Speed III
Need for Speed Underground 2
Need for Speed™ Carbon
Need for Speed™ ProStreet
Need for Speed™ Undercover
Nero 8
neroxml
Neverwinter Nights 2
NVIDIA Drivers
NVIDIA PhysX v8.08.01
Oblivion
Ocean Express
Off Road
OpenAL
OutRun2006 Coast 2 Coast
Paragon Partition Manager 9.0 Professional
Paraworld US SP Demo
Petit Larousse 2004
PowerISO
Prince of Persia Les Sables du Temps
PSP Video 9 2.24
Pure
Puzzles Collection
Quake 4™
QuickTime
R.C. Cars
Rally Trophy
RAYKIT
RemoveIT Pro v4 - SE
SEGA Rally
Setup
Shockwave
Sid Meier's Pirates!
SimCity 4
SolSuite
SONIC ADVENTURE DX-Director's Cut
Spybot - Search & Destroy
Star Wars JK II Jedi Outcast
Stunt GP
SUPERAntiSpyware Free Edition
Supercar Street Challenge
Systran Professional Premium 4.0
Test Drive Unlimited
Titan Quest
Tomb Raider: Anniversary 1.0
Topwords
TrackMania Sunrise 1.4.6
Ultima IX
Utilitaire de carte mémoire
VLC media player 0.9.8a
VoptXP v7.22
Vuze
Warcraft III
WebFldrs XP
Winamp
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
WinRAR archiver
Wipeout XL

==== Event Viewer Messages From Past Week ========

2008-12-14 03:07:11, error: PlugPlayManager [11] - The device Root\LEGACY_BEEP\0000 disappeared from the system without first being prepared for removal.
2008-12-14 02:35:16, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
2008-12-14 03:20:21, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the icf service to connect.
2008-12-14 03:20:21, error: Service Control Manager [7000] - The icf service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2008-12-14 03:26:55, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.
2008-12-14 03:33:35, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
2008-12-14 03:47:47, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2008-12-14 04:00:31, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.
2008-12-14 16:33:25, error: sfsync02 [12] -
2008-12-14 17:29:34, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2008-12-14 17:31:10, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
2008-12-14 17:31:27, error: sptd [4] - Driver detected an internal error in its data structures for .
2008-12-14 18:01:21, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2008-12-14 18:02:09, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2008-12-14 18:02:09, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2008-12-14 18:02:09, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2008-12-14 18:02:09, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2008-12-14 18:02:09, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip
2008-12-14 18:13:03, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mv61xx
2008-12-14 18:13:09, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'DP(1)0x7e00-0x398dedcc00+1'. It has stopped monitoring the volume.
2008-12-14 19:53:46, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO Fips i8042prt intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip
2008-12-14 20:24:47, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
2008-12-14 20:24:47, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
2008-12-14 20:33:57, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
2008-12-14 20:35:59, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
2008-12-15 00:16:41, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu sptd Tcpip
2008-12-15 00:20:12, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
2008-12-15 12:00:03, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AvgLdx86 AvgMfx86 Fips hotcore3 intelppm IPSec MRxSmb NetBIOS NetBT ohci1394 RasAcd Rdbss SCDEmu Sparrow Tcpip
2008-12-19 23:40:27, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000022' while processing the file 'ati2axxx.sys' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
2008-12-19 23:44:25, error: Service Control Manager [7028] - The msqpdxserv.sys Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
2008-12-19 23:53:32, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AsIO AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SCDEmu Tcpip
2008-12-20 00:22:07, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: hotcore3 Sparrow
2008-12-14 20:40:26, information: Windows File Protection [64032] - Windows File Protection is not active on this system.

==== End Of File ===========================

ARK.LOG:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-20 15:22:10
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT spqo.sys ZwCreateKey [0xBA6A80E0]
SSDT spqo.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spqo.sys ZwEnumerateValueKey [0xBA6C7030]
SSDT spqo.sys ZwOpenKey [0xBA6A80C0]
SSDT spqo.sys ZwQueryKey [0xBA6C7108]
SSDT spqo.sys ZwQueryValueKey [0xBA6C6F88]
SSDT spqo.sys ZwSetValueKey [0xBA6C719A]

INT 0x63 ? 8B387BF8
INT 0x63 ? 8B387BF8
INT 0x63 ? 8B387BF8
INT 0x63 ? 8B387BF8
INT 0x63 ? 8A49EBF8
INT 0x83 ? 8B38ABF8
INT 0x83 ? 8A49EBF8
INT 0x83 ? 8B38ABF8
INT 0x94 ? 8A49EBF8
INT 0xA4 ? 8A49EBF8
INT 0xA4 ? 8A49EBF8
INT 0xA4 ? 8A49EBF8
INT 0xA4 ? 8A49EBF8
INT 0xB4 ? 8A49EBF8

Code \SystemRoot\System32\Drivers\sybex38.SYS ZwDuplicateObject [0xBAC7095B]
Code \SystemRoot\System32\Drivers\sybex38.SYS ExAllocatePool
Code \SystemRoot\System32\Drivers\sybex38.SYS ExAllocatePoolWithTag
Code \SystemRoot\System32\Drivers\sybex38.SYS KeDelayExecutionThread
Code \SystemRoot\System32\Drivers\sybex38.SYS NtDuplicateObject

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8B3851F8
Device \FileSystem\Fastfat \FatCdrom 88EEC1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{B02A5D69-82A7-4E41-A7BD-C566F9F3B820} 890D31F8
Device \Driver\usbuhci \Device\USBPDO-0 8A4151F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B3131F8
Device \Driver\dmio \Device\DmControl\DmConfig 8B3131F8
Device \Driver\dmio \Device\DmControl\DmPnP 8B3131F8
Device \Driver\dmio \Device\DmControl\DmInfo 8B3131F8
Device \Driver\usbuhci \Device\USBPDO-1 8A4151F8
Device \Driver\usbuhci \Device\USBPDO-2 8A4151F8
Device \Driver\usbehci \Device\USBPDO-3 8A47D1F8
Device \Driver\PCI_PNP4086 \Device\00000060 spqo.sys
Device \Driver\usbuhci \Device\USBPDO-4 8A4151F8
Device \Driver\usbuhci \Device\USBPDO-5 8A4151F8
Device \Driver\usbuhci \Device\USBPDO-6 8A4151F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B3881F8
Device \Driver\usbehci \Device\USBPDO-7 8A47D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B3881F8
Device \Driver\Cdrom \Device\CdRom0 8A3751F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8B3881F8
Device \Driver\Cdrom \Device\CdRom1 8A3751F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBt_Wins_Export 890D31F8
Device \Driver\NetBT \Device\NetbiosSmb 890D31F8
Device \Driver\usbuhci \Device\USBFDO-0 8A4151F8
Device \Driver\usbuhci \Device\USBFDO-1 8A4151F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A1C7500
Device \Driver\usbuhci \Device\USBFDO-2 8A4151F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A1C7500
Device \Driver\usbehci \Device\USBFDO-3 8A47D1F8
Device \Driver\usbuhci \Device\USBFDO-4 8A4151F8
Device \Driver\Ftdisk \Device\FtControl 8B3881F8
Device \Driver\usbuhci \Device\USBFDO-5 8A4151F8
Device \Driver\usbuhci \Device\USBFDO-6 8A4151F8
Device \Driver\usbehci \Device\USBFDO-7 8A47D1F8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 8A3341F8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\mv61xx \Device\Scsi\mv61xx1Port4Path0Target14Lun0 8B3861F8
Device \Driver\mv61xx \Device\Scsi\mv61xx1 8B3861F8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 8A3341F8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Fastfat \Fat 88EEC1F8

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A3C0500

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxmhxtofxh.sys
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules@msqpdxserv \systemroot\system32\drivers\msqpdxmhxtofxh.sys
Reg HKLM\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules@msqpdxl \systemroot\system32\msqpdxosvdnrsr.dll
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0xD5 0x76 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBA 0x8B 0xBB 0xBD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEE 0x6D 0x32 0x53 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA3 0x02 0xCE 0x07 ...
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxmhxtofxh.sys
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules@msqpdxserv \systemroot\system32\drivers\msqpdxmhxtofxh.sys
Reg HKLM\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules@msqpdxl \systemroot\system32\msqpdxosvdnrsr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF1 0xD5 0x76 0xEC ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x1C 0x97 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xBA 0x8B 0xBB 0xBD ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xEE 0x6D 0x32 0x53 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xA3 0x02 0xCE 0x07 ...

---- Files - GMER 1.0.14 ----

File C:\Documents and Settings\Rene\Local Settings\Temporary Internet Files\Content.IE5\G9ZRGFBW\step_back[1].gif 225 bytes
File C:\Documents and Settings\Rene\Local Settings\Temporary Internet Files\Content.IE5\G9ZRGFBW\wrt[1].gif 836 bytes
File C:\Documents and Settings\Rene\Local Settings\Temporary Internet Files\Content.IE5\G9ZRGFBW\globalNavCorner[1].gif 89 bytes
File C:\Documents and Settings\Rene\Local Settings\Temporary Internet Files\Content.IE5\G9ZRGFBW\kb_default[1].htm 3011 bytes
File C:\Documents and Settings\Rene\Local Settings\Temporary Internet Files\Content.IE5\G9ZRGFBW\icon_treenode_neg[1].gif 63 bytes
File C:\Documents and Settings\Rene\My Documents\Azureus Downloads\PC_Gears.of.War -ENG+FULL -.direct.play.-ToeD\G.o.W (ToeD) ...use 7zip ONLY (extract to...)\GoW\Gears of War\Wargame\CookedPC\COG\COG_Characters\COG_Grunt\COG_Grunt_Accessories\COG_Grunt_FragGrenade\COG_Grunt_FragGrenade.upk 411994 bytes

---- EOF - GMER 1.0.14 ----

Edited by Orange Blossom, 21 December 2008 - 02:31 PM.
Deactivate links. ~ OB


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:39 AM

Posted 28 December 2008 - 04:21 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:39 AM

Posted 03 January 2009 - 09:12 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please start a new topic.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users