Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple problems with my computer that's caused by an infection of some sort


  • This topic is locked This topic is locked
19 replies to this topic

#1 darkknite

darkknite

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 08 July 2009 - 07:09 PM

I problems all started when I downloaded something and installed it (I forgot what I downloaded exactly since it was last week). Realizing it could have been a virus or something, I quickly uninstalled it. Even though my anti-virus (AVG Internet Security) was running fine, it didn't detect it. Thinking that I have deleted the virus, I just continued doing what I was doing before. After a while, I realized it could have been malware or something so I tried to launch Malwarebytes' Anti-Malware. I tried double clicking the icon on my desktop but nothing happened. I then tried right clicking it and it didn't show the Open, Run as... or scan with Malwarebytes' Anti-Malware button. Instead it showed Cut, Copy, Delete and Rename or something along those lines. I then thought that the shortcuts stopped working so I went to the Malwarebytes' Anti-Malware directory and launched that. Then windows said it Cannot open this file: mbam.exe and so on. I tried other applications and the same thing happened. Since I had Firefox on, I searched the web and fixed it with fixswen.inf. Right now, all the application icons are gone so then I searched the web to find out how to restore them I fixed it with http://www.dougknox.com/xp/file_assoc.htm . I then launched Malwarebytes' Anti-Malware and found one a registry item that was infected and deleted it. After that, i fixed some file associations and thought I fixed everything. Realizing that all the .dll file icon weren't shown I tried to fix it by launching it and waiting for the "Windows cannot open this file..." to pop up. I selected "Use Web service to find appropriate program", thinking that it could solve the icon issue. I waited for Internet explorer to pop up. It did pop up but then closed again. I tried launching Internet Explorer normally and the same thing happened. I tried a couple more times and gave up. I look through the web and thought it could be corrupted so I tired uninstalling it. I then realized the Add/ Remove list was showing some odd entries, some of which I didn't hear about before, the remove button was gone for all of the entries and Some program didn't even show up. I ignored it for now thinking that I'll fix that when I get Internet explorer fixed. I ran the uninstaller for Internet explorer and went through all the steps. It didn't work so I had to go into "safe mode" to uninstall it. That worked so I re-installed it but now, Internet Explorer opens then freezes. I uninstalled it again so then I can revert to the Internet explorer version that the computer cam with. I tried that, it worked, but there was no address bar. I tired locking and unlocking the toolbar and still didn't work. A picture of this is here: http://img188.imageshack.us/img188/4950/pr...haddressbar.jpg . After trying to fix all these problems with various methods such as running sfc.exe , I decided to update windows since I know it would be somewhat outdated due to sfc.exe. I tired updating windows with the update button and everything was going fine, I clicked "express " but I got redirected to a page saying the the files used for Windows update are no longer registered or installed. After that, I just gave up after about a week of trying.


Sorry for the long story but I just want you to know what happened between the time I got the infection and now. Anyways, without further ado, here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:17 PM, on 08/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Documents and Settings\ThE CoMpUtEr\Desktop\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1085031214-1788223648-725345543-1004\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" (User '?')
O4 - HKUS\S-1-5-21-1085031214-1788223648-725345543-1004\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?')
O4 - HKUS\S-1-5-21-1085031214-1788223648-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1237743449953
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9507 bytes


Just tell me if I need any more logs and thanks.

BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 PM

Posted 17 July 2009 - 05:49 PM

Hello and :thumbup2: to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.

-----------------------------------------------------------

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


Kind regards
Net_Surfer

:)

#3 darkknite

darkknite
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 17 July 2009 - 10:19 PM

Thank you for looking into this problem I have Bleeping Computer :thumbup2:

Anyways, I still have the problems that I had before, and more as I have discovered over the past few days. All the problems that I have right now are**:

-Internet Explorer 6/7 (not sure what version) not having the address bar (I tried right clicking and selecting address bar and such)
-Internet Explorer 8 freezes upon opening (Stays and freezes at "Customize setting" or whatever page it is when you open IE 8 for the first time)
-Add/Remove programs not showing all installed programs, but shows some random entries and most of them I don't know and they don't have the "Remove" button. I tried using some Add/Remove programs that aren't from windows and same thing happened except it shows the entries that do have the "Remove" button; "Auslogics BoostSpeed"
doesn't seem to have this problem
-Some file extentions, such as .dll , doesn't have the "Open" or "Run as..."when right clicked; they have "Cut", "Copy" and so on
-Windows Update doesn't work (shows a page that says "Files required to use Windows Update are no longer registered or installed on your computer. To continue:
[ ]Register or reinstall the files for me now (Recommended) [ ]Let me read about more steps that might be required to solve the problem" , both of leads me to a site that doesn't work
-Some how the system time got reset to January 1, 2002, making me unable to open almost anything until I changed the system time to proper time (Don't know what caused this) *
-Windows Installer doesn't work; same thing for Installshield *
-"Network Connections" doesn't show ANY connections at all, even though I know that I they are installed; I checked Task Manager and Device Manager, both of which shows my modem name *
-Could not drag and drop icons or anything for this matter, even though it is enabled *
-Maybe irrelevant but explorer.exe takes along time opening "My Computer" (It takes around 30 seconds for it to open it now when it should take less than 5 seconds before)
-May also be irrelevant but when I right click the desktop, and go to "New" all it shows is "Folder", Shortcut" , "Microsoft Word Document" and "Compressed (Zipped) Folder"

*= problems that I have found after posting the topic
**=note that these are also all the problems that I could think of while i was typing this out


Anyways, here is the DSS file (for the DSS.scr, it won't let me open since I still have some problems with file extentions but I renamed it to DSS.exe ; just wanted to say that incase it could have altered the results):

DDS (Ver_09-06-26.01) - NTFSx86
Run by ThE CoMpUtEr at 22:15:04.79 on 17/07/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14

============== Running Processes ===============


============== Pseudo HJT Report ===============

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [msnmsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\thecom~1\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237743449953
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\thecom~1\applic~1\mozilla\firefox\profiles\ns0vkil1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============


============== File Associations ===============

txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2009-07-14 15:08 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-07-08 15:44 <DIR> --d----- c:\documents and settings\the computer\.housecall6.6
2009-07-07 19:55 41,808 a------- c:\windows\system32\xfcodec.dll
2009-07-06 20:40 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-07-06 20:40 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-07-06 20:40 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-07-06 20:40 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-07-06 20:40 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-07-06 20:40 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-07-06 20:39 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-07-06 20:39 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-07-06 20:39 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-07-06 20:39 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-07-06 20:39 8,832 ac------ c:\windows\system32\dllcache\wmiacpi.sys
2009-07-06 20:39 154,624 ac------ c:\windows\system32\dllcache\wlluc48.sys
2009-07-06 20:37 19,528 ac------ c:\windows\system32\dllcache\w840nd.sys
2009-07-06 20:36 26,112 ac------ c:\windows\system32\dllcache\usbser.sys
2009-07-06 20:35 525,568 ac------ c:\windows\system32\dllcache\tridxp.dll
2009-07-06 20:34 17,129 ac------ c:\windows\system32\dllcache\tdkcd31.sys
2009-07-06 20:33 41,472 ac------ c:\windows\system32\dllcache\sw_effct.dll
2009-07-06 20:32 9,600 ac------ c:\windows\system32\dllcache\sonymc.sys
2009-07-06 20:31 91,294 ac------ c:\windows\system32\dllcache\skfpwin.sys
2009-07-06 20:30 386,560 ac------ c:\windows\system32\dllcache\sgiul50.dll
2009-07-06 20:29 77,824 ac------ c:\windows\system32\dllcache\s3sav4m.sys
2009-07-06 20:28 37,563 ac------ c:\windows\system32\dllcache\rlnet5.sys
2009-07-06 20:27 112,574 ac------ c:\windows\system32\dllcache\ptserlp.sys
2009-07-06 20:26 27,904 ac------ c:\windows\system32\dllcache\perm2.sys
2009-07-06 20:25 48,000 ac------ c:\windows\system32\dllcache\ovcam2.sys
2009-07-06 20:24 32,840 ac------ c:\windows\system32\dllcache\ngrpci.sys
2009-07-06 20:23 19,968 ac------ c:\windows\system32\dllcache\mxicfg.dll
2009-07-06 20:23 21,888 ac------ c:\windows\system32\dllcache\mxcard.sys
2009-07-06 20:23 103,296 ac------ c:\windows\system32\dllcache\mtxvideo.sys
2009-07-06 20:23 49,024 ac------ c:\windows\system32\dllcache\mstape.sys
2009-07-06 20:23 12,416 ac------ c:\windows\system32\dllcache\msriffwv.sys
2009-07-06 20:23 2,944 ac------ c:\windows\system32\dllcache\msmpu401.sys
2009-07-06 20:23 22,016 ac------ c:\windows\system32\dllcache\msircomm.sys
2009-07-06 20:23 35,200 ac------ c:\windows\system32\dllcache\msgame.sys
2009-07-06 20:23 56,832 ac------ c:\windows\system32\dllcache\msdvbnp.ax
2009-07-06 20:23 6,016 ac------ c:\windows\system32\dllcache\msfsio.sys
2009-07-06 20:22 51,200 ac------ c:\windows\system32\dllcache\msdv.sys
2009-07-06 20:22 17,280 ac------ c:\windows\system32\dllcache\mraid35x.sys
2009-07-06 20:22 15,232 ac------ c:\windows\system32\dllcache\mpe.sys
2009-07-06 20:22 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2009-07-06 20:22 16,128 ac------ c:\windows\system32\dllcache\modemcsa.sys
2009-07-06 20:19 6,528 ac------ c:\windows\system32\dllcache\miniqic.sys
2009-07-06 20:14 320,384 ac------ c:\windows\system32\dllcache\mgaum.sys
2009-07-06 20:14 235,648 ac------ c:\windows\system32\dllcache\mgaud.dll
2009-07-06 20:13 26,112 ac------ c:\windows\system32\dllcache\memstpci.sys
2009-07-06 20:13 47,616 ac------ c:\windows\system32\dllcache\memgrp.dll
2009-07-06 20:12 8,320 ac------ c:\windows\system32\dllcache\memcard.sys
2009-07-06 20:10 164,586 ac------ c:\windows\system32\dllcache\mdgndis5.sys
2009-07-06 20:07 26,442 ac------ c:\windows\system32\dllcache\lanepic5.sys
2009-07-06 20:07 19,016 ac------ c:\windows\system32\dllcache\ktc111.sys
2009-07-06 20:07 37,376 ac------ c:\windows\system32\dllcache\kousd.dll
2009-07-06 20:07 253,952 ac------ c:\windows\system32\dllcache\kdsusd.dll
2009-07-06 20:07 48,640 ac------ c:\windows\system32\dllcache\kdsui.dll
2009-07-06 20:07 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll
2009-07-06 20:07 8,704 ac------ c:\windows\system32\dllcache\kbdjpn.dll
2009-07-06 20:07 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-07-06 20:07 6,144 ac------ c:\windows\system32\dllcache\kbd106.dll
2009-07-06 20:07 5,632 ac------ c:\windows\system32\dllcache\kbd103.dll
2009-07-06 20:07 6,144 ac------ c:\windows\system32\dllcache\kbd101c.dll
2009-07-06 20:07 6,144 ac------ c:\windows\system32\dllcache\kbd101b.dll
2009-07-06 20:06 26,624 ac------ c:\windows\system32\dllcache\irstusb.sys
2009-07-06 20:06 18,688 ac------ c:\windows\system32\dllcache\irsir.sys
2009-07-06 20:06 28,160 ac------ c:\windows\system32\dllcache\irmon.dll
2009-07-06 20:06 23,552 ac------ c:\windows\system32\dllcache\irmk7.sys
2009-07-06 20:06 151,552 ac------ c:\windows\system32\dllcache\irftp.exe
2009-07-06 20:06 88,192 ac------ c:\windows\system32\dllcache\irda.sys
2009-07-06 20:06 45,632 ac------ c:\windows\system32\dllcache\ip5515.sys
2009-07-06 20:06 90,200 ac------ c:\windows\system32\dllcache\io8ports.dll
2009-07-06 20:06 38,784 ac------ c:\windows\system32\dllcache\io8.sys
2009-07-06 20:06 5,504 ac------ c:\windows\system32\dllcache\intelide.sys
2009-07-06 20:06 13,056 ac------ c:\windows\system32\dllcache\inport.sys
2009-07-06 20:06 16,000 ac------ c:\windows\system32\dllcache\ini910u.sys
2009-07-06 20:04 488,383 ac------ c:\windows\system32\dllcache\hsf_v124.sys
2009-07-06 20:04 50,751 ac------ c:\windows\system32\dllcache\hsf_tone.sys
2009-07-06 20:04 73,279 ac------ c:\windows\system32\dllcache\hsf_spkp.sys
2009-07-06 20:04 44,863 ac------ c:\windows\system32\dllcache\hsf_soar.sys
2009-07-06 20:04 57,471 ac------ c:\windows\system32\dllcache\hsf_samp.sys
2009-07-06 20:04 542,879 ac------ c:\windows\system32\dllcache\hsf_msft.sys
2009-07-06 20:04 391,199 ac------ c:\windows\system32\dllcache\hsf_k56k.sys
2009-07-06 20:04 9,759 ac------ c:\windows\system32\dllcache\hsf_inst.dll
2009-07-06 20:04 115,807 ac------ c:\windows\system32\dllcache\hsf_fsks.sys
2009-07-06 20:04 199,711 ac------ c:\windows\system32\dllcache\hsf_faxx.sys
2009-07-06 20:04 289,887 ac------ c:\windows\system32\dllcache\hsf_fall.sys
2009-07-06 20:02 907,456 ac------ c:\windows\system32\dllcache\hcf_msft.sys
2009-07-06 20:01 27,165 ac------ c:\windows\system32\dllcache\fetnd5.sys
2009-07-06 20:00 61,952 ac------ c:\windows\system32\dllcache\eqnloop.exe
2009-07-06 19:59 20,992 ac------ c:\windows\system32\dllcache\dshowext.ax
2009-07-06 19:59 334,208 ac------ c:\windows\system32\dllcache\ds1wdm.sys
2009-07-06 19:59 20,192 ac------ c:\windows\system32\dllcache\dpti2o.sys
2009-07-06 19:59 28,062 ac------ c:\windows\system32\dllcache\dp83820.sys
2009-07-06 19:59 23,808 ac------ c:\windows\system32\dllcache\dot4usb.sys
2009-07-06 19:59 8,704 ac------ c:\windows\system32\dllcache\dot4scan.sys
2009-07-06 19:59 12,928 ac------ c:\windows\system32\dllcache\dot4prt.sys
2009-07-06 19:59 206,976 ac------ c:\windows\system32\dllcache\dot4.sys
2009-07-06 19:57 86,016 ac------ c:\windows\system32\dllcache\dc240usd.dll
2009-07-06 19:56 8,192 ac------ c:\windows\system32\dllcache\changer.sys
2009-07-06 19:55 15,360 ac------ c:\windows\system32\dllcache\brmfbidi.dll
2009-07-06 19:54 101,888 ac------ c:\windows\system32\dllcache\adpu160m.sys
2009-07-06 19:53 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-07-05 21:37 78,336 ac------ c:\windows\system32\dllcache\ieencode.dll
2009-07-05 21:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-03 23:32 221,184 a------- c:\windows\system32\wmpns.dll
2009-07-03 20:26 <DIR> --dsh--- c:\windows\ftpcache
2009-07-03 20:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2009-07-03 20:23 <DIR> --d----- c:\program files\DAEMON Tools Toolbar
2009-07-03 20:23 <DIR> --d----- c:\program files\DAEMON Tools Lite
2009-07-03 20:22 <DIR> --d----- c:\docume~1\thecom~1\applic~1\DAEMON Tools Lite
2009-06-30 22:00 <DIR> --d----- c:\docume~1\thecom~1\applic~1\Auslogics
2009-06-30 22:00 <DIR> --d----- c:\program files\Auslogics
2009-06-29 21:56 <DIR> --d----- c:\program files\Audacity
2009-06-29 20:57 <DIR> --d----- C:\downloads
2009-06-29 20:57 <DIR> --d----- c:\docume~1\thecom~1\applic~1\FVZilla
2009-06-23 13:25 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-06-23 13:25 <DIR> --d----- c:\program files\Windows Desktop Search
2009-06-23 13:21 <DIR> --d----- c:\windows\system32\URTTEMP

==================== Find3M ====================

2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-07 11:35 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-13 13:00 34 a------- c:\documents and settings\the computer\jagex_runescape_preferences.dat
2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-24 15:24 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-04-24 15:23 50,968 a------- c:\windows\system32\avgfwdx.dll
2008-04-13 20:12 24,762 ----h--- c:\docume~1\thecom~1\applic~1\addons.dat
2009-03-22 14:58 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032220090323\index.dat

============= FINISH: 22:16:17.84 ===============

Thank you for helping me with my computer problem.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:33 PM

Posted 19 July 2009 - 06:25 PM

Hi darkknite,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

I will be back soon with the first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:33 PM

Posted 19 July 2009 - 06:44 PM

Hi,

There are a lot of issues here and some may have been caused by malware. The logs aren't showing anything but we need to rule out malware before anything else can be done.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop, please rename it as gamer.exe.
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Then please delete your copy of Malwarebytes and follow the instructions below.

Please download Malwarebytes Anti-Malware and save it to your desktop as mole.exe
  • Make sure you are connected to the Internet.
  • Double-click on mole.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

MBAM may still not run, if it doesn't then let me know.
Posted Image
m0le is a proud member of UNITE

#6 darkknite

darkknite
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 20 July 2009 - 04:28 PM

Ok, I did the scans as asked and here are the results:

GMER

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-20 15:54:06
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT sppa.sys ZwCreateKey [0xF72860E0]
SSDT sppa.sys ZwEnumerateKey [0xF72A4CA4]
SSDT sppa.sys ZwEnumerateValueKey [0xF72A5032]
SSDT sppa.sys ZwOpenKey [0xF72860C0]
SSDT sppa.sys ZwQueryKey [0xF72A510A]
SSDT sppa.sys ZwQueryValueKey [0xF72A4F8A]
SSDT sppa.sys ZwSetValueKey [0xF72A519C]

INT 0x63 ? 8587FBF8
INT 0x73 ? 8587FBF8
INT 0x73 ? 8587FBF8
INT 0x73 ? 8565ABF8
INT 0x73 ? 8587FBF8
INT 0x82 ? 8587FBF8
INT 0xA4 ? 8565ABF8

---- Kernel code sections - GMER 1.0.15 ----

? sppa.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6CF08AC 5 Bytes JMP 8565A1D8
.text a0cmvgo4.SYS F6BD4386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a0cmvgo4.SYS F6BD43AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a0cmvgo4.SYS F6BD43C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a0cmvgo4.SYS F6BD43C9 1 Byte [30]
.text a0cmvgo4.SYS F6BD43C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1001AD97 C:\Program Files\Xfire\xfire_toucan_37966.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3744] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1001AE97 C:\Program Files\Xfire\xfire_toucan_37966.dll (Xfire Toucan DLL/Xfire Inc.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7287042] sppa.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F728713E] sppa.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F72870C0] sppa.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7287800] sppa.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F72876D6] sppa.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7296E9C] sppa.sys
IAT \SystemRoot\System32\Drivers\a0cmvgo4.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a0cmvgo4.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\a0cmvgo4.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a0cmvgo4.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\a0cmvgo4.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a0cmvgo4.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a0cmvgo4.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\a0cmvgo4.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a0cmvgo4.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\a0cmvgo4.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a0cmvgo4.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\a0cmvgo4.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a0cmvgo4.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\a0cmvgo4.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a0cmvgo4.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[1388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B02F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[1388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B02CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[1388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B02D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\Core\smax4pnp.exe[1388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B02CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\AVG\AVG8\avgtray.exe[1696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C22F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\AVG\AVG8\avgtray.exe[1696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C22CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\AVG\AVG8\avgtray.exe[1696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C22D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\AVG\AVG8\avgtray.exe[1696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C22CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Contacts\wlcomm.exe[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D62F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Contacts\wlcomm.exe[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D62CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Contacts\wlcomm.exe[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D62D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Contacts\wlcomm.exe[1968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D62CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009E2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009E2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009E2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\taskmgr.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\taskmgr.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\taskmgr.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\taskmgr.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C42F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C42CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C42D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[3392] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C42CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CD2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CD2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CD2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[3744] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CD2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[4028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009C2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[4028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009C2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[4028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009C2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RUNDLL32.EXE[4028] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009C2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[4968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [011D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[4968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [011D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[4968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [011D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Mail\wlmail.exe[4968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [011D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[5848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B12F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[5848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B12CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[5848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B12D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[5848] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B12CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\ThE CoMpUtEr\Desktop\gmer\gmer.exe[5896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\ThE CoMpUtEr\Desktop\gmer\gmer.exe[5896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\ThE CoMpUtEr\Desktop\gmer\gmer.exe[5896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\ThE CoMpUtEr\Desktop\gmer\gmer.exe[5896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe[5960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B92F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe[5960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B92CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe[5960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B92D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe[5960] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B92CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8587E1F8
Device \FileSystem\Fastfat \FatCdrom 84CAF1F8

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbohci \Device\USBPDO-0 856591F8
Device \Driver\usbehci \Device\USBPDO-1 8564C1F8
Device \Driver\PCI_PNP5710 \Device\00000045 sppa.sys

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{414D3C88-4A88-4755-A7A0-3FB7E9304830} 84D3D1F8
Device \Driver\Ftdisk \Device\HarddiskVolume1 858121F8
Device \Driver\Cdrom \Device\CdRom0 856381F8
Device \Driver\Cdrom \Device\CdRom1 856381F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 84D3D1F8
Device \Driver\NetBT \Device\NetbiosSmb 84D3D1F8

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\sptd \Device\2737850710 sppa.sys
Device \Driver\usbohci \Device\USBFDO-0 856591F8
Device \Driver\usbehci \Device\USBFDO-1 8564C1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 84D221F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 84D221F8
Device \Driver\Ftdisk \Device\FtControl 858121F8
Device \Driver\a0cmvgo4 \Device\Scsi\a0cmvgo41 856311F8
Device \Driver\a0cmvgo4 \Device\Scsi\a0cmvgo41Port6Path0Target0Lun0 856311F8
Device \FileSystem\Fastfat \Fat 84CAF1F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 84CAE1F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFC 0x40 0xF0 0x95 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA8 0x95 0x1D 0xA8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF4 0x2D 0x4D 0xE6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x63 0xDE 0xC4 0x8F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xFD 0x1C 0x50 0x57 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFC 0x40 0xF0 0x95 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA8 0x95 0x1D 0xA8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF4 0x2D 0x4D 0xE6 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x63 0xDE 0xC4 0x8F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xFD 0x1C 0x50 0x57 ...

---- EOF - GMER 1.0.15 ----


Malwarebytes Anti-Malware

Malwarebytes' Anti-Malware 1.39
Database version: 2468
Windows 5.1.2600 Service Pack 3

20/07/2009 5:22:13 PM
mbam-log-2009-07-20 (17-22-13).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 191750
Time elapsed: 1 hour(s), 25 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

On a side note, nothing bad really happened when I did the scans (no pop ups, update was successful, and so on)

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:33 PM

Posted 20 July 2009 - 04:58 PM

Well, that went well.

Gmer shows no signs of rootkits and the MBAM scan also went off without a hitch. The fact that no pop-ups occurred and updates were carried out makes me more sure this isn't a malware issue.

I think we need to run a system file scan.

Go to the Run box on the Start Menu and type in:

sfc /scannow

More info on this process can be found here.

Please post back with the results.

Then

We need to repair some of windows' internal registration settings

Please read through this guide first
  • Please download Dial-A-Fix
  • Extract the zip file to your desktop.
  • Double click Dial-a-Fix.exe to start the program.
  • Press the green double checkmark box (Looks like this: Posted Image)
  • UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
    Posted Image
  • When the window looks like this, press the GO button in the bottom of the window.
    Posted Image
  • Exit/Close Dial-A-Fix
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#8 darkknite

darkknite
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 21 July 2009 - 10:53 AM

As asked, I ran sfc /scannow and Dial-A-Fix

For the "sfc /scannow" part, I think it was finished because it asked for the Windows XP CD-ROM. I put the CD in and after a couple minutes, the Windows File protection closed by itself when the blue bar filled the bottom. I assumed it was finished but I though there would be a pop up of some sort to indicate it was finished.

After that happened, I ran Dial-A-Fix, did what you told me and let it run. After it was finished, Windows Update popped up and I installed the updates. I installed all except for the Internet Explorer 8 one, because I think that it will just freeze just like last time whenever I open it.

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:33 PM

Posted 21 July 2009 - 11:11 AM

From the original list, what problems do you now have?

Am I right in saying that you have both IE6 or 7 and IE8 installed?
Posted Image
m0le is a proud member of UNITE

#10 darkknite

darkknite
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 21 July 2009 - 07:27 PM

Ok so here are the problems that I have right now that I can think off the top of my head;

-Add/Remove programs still has odd entries and most of them don't have the remove button
-Internet explorer 6 still doesn't have the address bar (pretty sure it is IE6 because the Windows update told me to install IE7
-Internet explorer 7 gets stuck at "Customize you settings". Can't close or anything unless I got to task manager to end process (thought problem was fixed)
-Internet explorer 7 opens and then closes (after I tried to uninstall it)
-Some file extensions, such as .dll , doesn't have the "Open" or "Run as..."when right clicked; they have "Cut", "Copy" and so on
-Windows Installer and Installsheild doesn't work (for windows installer, it just freezes up and for Installsheild and error code pops up)
-When I right click the desktop, and go to "New" all it shows is "Folder", Shortcut" , "Microsoft Word Document" and "Compressed (Zipped) Folder"
-explorer.exe takes along time opening "My Computer"

Well that's pretty much all the problems that I can think off the top of my head.

Oh and one more thing, I currently have Internet explorer 7 installed but had Internet explorer 6 installed before.

Edited by darkknite, 21 July 2009 - 07:31 PM.


#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:33 PM

Posted 22 July 2009 - 11:56 AM

Okay darkknite. There are clearly some system issues on here that don't come under malware-related.

As much as I would love to go through these with you I will have to ask you to try a forum more suited to the issues as this is a malware removal forum. Sorry mate.

Please run a final online scan to pick up any stray files.

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#12 darkknite

darkknite
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 22 July 2009 - 10:08 PM

One problem with the BitDefender scan... I can't use Internet Explorer because when ever I open it, it just closes. I tried to uninstall it so then it can revert back to Internet Explorer 6 to do the scan because it only supports Internet Explorer 6 or higher but, unfortunately, I failed at doing so. Sorry.

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:33 PM

Posted 23 July 2009 - 10:33 AM

Okay, let's try another online scanner.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Posted Image
m0le is a proud member of UNITE

#14 darkknite

darkknite
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:05:33 PM

Posted 23 July 2009 - 08:42 PM

Ok, I did the scan and here are the result that I got from the scan:

C:\RECYCLER\S-1-5-21-1085031214-1788223648-725345543-1004\Dc25.7z probably a variant of Win32/Agent trojan deleted - quarantined
C:\System Volume Information\_restore{D23FDBD9-3548-4605-BB89-3F60DA1C6904}\RP148\A0051006.exe probably a variant of Win32/Genetik trojan deleted - quarantined

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:33 PM

Posted 24 July 2009 - 07:01 AM

Hi darkknite,

That looks clean now.

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from
>>> here <<<
  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box will briefly appear and then close.
Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Let me know which problems still exist.

Finally, post new DDS logs for me to check through.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users