Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New to hijack


  • This topic is locked This topic is locked
5 replies to this topic

#1 RogueGoat

RogueGoat

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 04 February 2010 - 03:58 PM

  1. Attached File  hijackthis.log   3.93KB   12 downloads

I need help deciphering or your help to fix if there is a problem any advice would be greatly appreciated please & thx.

BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:15 AM

Posted 06 February 2010 - 09:52 PM

Hello RogueGoat smile.gif Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.


Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.



After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.





Please go to the following link and follow the instructions there for what you will need to do in order for us to analyze your system. When you have done that post the logs back into this thread, do not open a new one and give me an idea of what is wrong with your computer such as getting redirections, pop-ups, etc. Of the logs you post only one will be an attachment and it is the one called Attach.txt, post the rest in the reply window.


http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/










Thanks,



thewall





If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 RogueGoat

RogueGoat
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 07 February 2010 - 01:18 PM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-07 12:14:14
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Kenneth\AppData\Local\Temp\ugrdafog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8AFB6F8E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8AFB7F5C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8AFB7174]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8AFB63FA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8AFB6BF4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x8AFB62DC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8AFB6A82]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8AFB7C16]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8AFB5EA2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8AFB7280]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x8AFB5CD4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8AFB7898]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8AFB667E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8AFB6DD0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0x8AFB5A04]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8AFB690E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0x8AFB5B7C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8AFB83C6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x8AFB7634]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8AFB7A46]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8AFB6618]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8AFB6802]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x8AFB61A6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8AFB6074]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E43AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E43104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E433F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E2C2D8
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E431DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E43958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E436F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E43F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E441A8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 861FC1F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\volmgr \Device\VolMgrControl 861F81F8
Device \Driver\usbuhci \Device\USBPDO-0 877A9500
Device \Driver\usbuhci \Device\USBPDO-1 877A9500
Device \Driver\usbuhci \Device\USBPDO-2 877A9500
Device \Driver\usbuhci \Device\USBPDO-3 877A9500
Device \Driver\usbehci \Device\USBPDO-4 862C8500

AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \Driver\PCI_PNP6830 \Device\00000057 spac.sys
Device \Driver\PCI_PNP6830 \Device\00000057 spac.sys
Device \Driver\volmgr \Device\HarddiskVolume1 861F81F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 861F81F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 8724D1F8
Device \Driver\cdrom \Device\CdRom1 8724D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 861FA1F8
Device \Driver\atapi \Device\Ide\IdePort0 861FA1F8
Device \Driver\atapi \Device\Ide\IdePort1 861FA1F8
Device \Driver\atapi \Device\Ide\IdePort2 861FA1F8
Device \Driver\atapi \Device\Ide\IdePort3 861FA1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-5 861FA1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 875B81F8
Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \Driver\sptd \Device\1910244330 spac.sys

AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \Driver\usbuhci \Device\USBFDO-0 877A9500
Device \Driver\usbuhci \Device\USBFDO-1 877A9500
Device \Driver\USBSTOR \Device\0000006e 872C11F8
Device \Driver\usbuhci \Device\USBFDO-2 877A9500
Device \Driver\NetBT \Device\NetBT_Tcpip_{7EA72959-178A-4C70-BDBE-9C8D752FA423} 875B81F8
Device \Driver\USBSTOR \Device\0000006f 872C11F8
Device \Driver\usbuhci \Device\USBFDO-3 877A9500
Device \Driver\usbehci \Device\USBFDO-4 862C8500
Device \Driver\a18pghzb \Device\Scsi\a18pghzb1 876521F8
Device \Driver\a18pghzb \Device\Scsi\a18pghzb1Port4Path0Target0Lun0 876521F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDC 0x24 0xA3 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x98 0x99 0xCC 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD8 0x0F 0x10 0xBB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDC 0x24 0xA3 0xA7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x98 0x99 0xCC 0xA4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD8 0x0F 0x10 0xBB ...

---- EOF - GMER 1.0.15 ----


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-07 12:14:14
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Kenneth\AppData\Local\Temp\ugrdafog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8AFB6F8E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8AFB7F5C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8AFB7174]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8AFB63FA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8AFB6BF4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x8AFB62DC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8AFB6A82]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8AFB7C16]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8AFB5EA2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8AFB7280]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x8AFB5CD4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8AFB7898]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8AFB667E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8AFB6DD0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0x8AFB5A04]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8AFB690E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0x8AFB5B7C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8AFB83C6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x8AFB7634]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8AFB7A46]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8AFB6618]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8AFB6802]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x8AFB61A6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8AFB6074]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E43AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E43104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E433F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E2C2D8
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E431DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E43958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E436F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E43F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83E441A8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 861FC1F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \Driver\volmgr \Device\VolMgrControl 861F81F8
Device \Driver\usbuhci \Device\USBPDO-0 877A9500
Device \Driver\usbuhci \Device\USBPDO-1 877A9500
Device \Driver\usbuhci \Device\USBPDO-2 877A9500
Device \Driver\usbuhci \Device\USBPDO-3 877A9500
Device \Driver\usbehci \Device\USBPDO-4 862C8500

AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \Driver\PCI_PNP6830 \Device\00000057 spac.sys
Device \Driver\PCI_PNP6830 \Device\00000057 spac.sys
Device \Driver\volmgr \Device\HarddiskVolume1 861F81F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 861F81F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 8724D1F8
Device \Driver\cdrom \Device\CdRom1 8724D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 861FA1F8
Device \Driver\atapi \Device\Ide\IdePort0 861FA1F8
Device \Driver\atapi \Device\Ide\IdePort1 861FA1F8
Device \Driver\atapi \Device\Ide\IdePort2 861FA1F8
Device \Driver\atapi \Device\Ide\IdePort3 861FA1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-5 861FA1F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 875B81F8
Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \Driver\sptd \Device\1910244330 spac.sys

AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device \Driver\usbuhci \Device\USBFDO-0 877A9500
Device \Driver\usbuhci \Device\USBFDO-1 877A9500
Device \Driver\USBSTOR \Device\0000006e 872C11F8
Device \Driver\usbuhci \Device\USBFDO-2 877A9500
Device \Driver\NetBT \Device\NetBT_Tcpip_{7EA72959-178A-4C70-BDBE-9C8D752FA423} 875B81F8
Device \Driver\USBSTOR \Device\0000006f 872C11F8
Device \Driver\usbuhci \Device\USBFDO-3 877A9500
Device \Driver\usbehci \Device\USBFDO-4 862C8500
Device \Driver\a18pghzb \Device\Scsi\a18pghzb1 876521F8
Device \Driver\a18pghzb \Device\Scsi\a18pghzb1Port4Path0Target0Lun0 876521F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDC 0x24 0xA3 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x98 0x99 0xCC 0xA4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD8 0x0F 0x10 0xBB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDC 0x24 0xA3 0xA7 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x98 0x99 0xCC 0xA4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD8 0x0F 0x10 0xBB ...

---- EOF - GMER 1.0.15 ----

Here ya go sorry for the late reply wasn't quite sure of what to do thx again

Attached Files



#4 RogueGoat

RogueGoat
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 07 February 2010 - 01:19 PM


DDS (Ver_09-12-01.01) - NTFSx86
Run by Kenneth at 11:59:41.30 on Sun 02/07/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_18
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2559.1632 [GMT -6:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\LEXPPS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Kenneth\Desktop\Tcpview.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Kenneth\Downloads\dds(2).scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page =
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\windows\system32\guard32.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\kenneth\appdata\roaming\mozilla\firefox\profiles\a55hjeot.default\
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2010-1-21 130960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-1-21 29520]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-3-19 731840]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-3-19 93312]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-11-20 240232]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-1-17 16472]
S3 esihdrv;esihdrv;c:\users\kenneth\appdata\local\temp\esihdrv.sys [2010-2-7 107256]
SUnknown hfkejdm;hfkejdm; [x]

=============== Created Last 30 ================

2010-02-07 17:50:44 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-02-07 16:02:22 0 d-----w- c:\users\kenneth\DoctorWeb
2010-02-07 16:00:53 0 d-----w- c:\users\kenneth\appdata\roaming\Online Solutions
2010-02-07 14:24:06 0 d-----w- c:\program files\VGA USB Camera
2010-02-07 12:33:16 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-02-07 12:32:10 0 d-----w- c:\users\kenneth\appdata\roaming\SUPERAntiSpyware.com
2010-02-07 11:20:45 0 d-----w- c:\windows\system32\BestPractices
2010-02-07 11:20:39 0 d-----w- C:\inetpub
2010-02-05 13:28:11 528 ----a-w- c:\windows\system32\sh_wi.bak
2010-02-05 11:11:49 0 d-----w- c:\program files\Enigma Software Group
2010-02-05 10:18:17 0 d-----w- c:\users\kenneth\appdata\roaming\PeerNetworking
2010-02-05 09:58:09 65536 --sha-w- c:\users\kenneth\ntuser.dat{0f8daf50-1225-11df-9707-001321efb093}.TM.blf
2010-02-05 09:58:09 524288 --sha-w- c:\users\kenneth\ntuser.dat{0f8daf50-1225-11df-9707-001321efb093}.TMContainer00000000000000000002.regtrans-ms
2010-02-05 09:58:09 524288 --sha-w- c:\users\kenneth\ntuser.dat{0f8daf50-1225-11df-9707-001321efb093}.TMContainer00000000000000000001.regtrans-ms
2010-02-05 03:26:56 0 d-----w- c:\program files\VirtualDJ
2010-02-04 20:21:22 0 d-----w- c:\program files\TrendMicro
2010-02-04 13:20:45 0 d-----w- c:\programdata\Adobe
2010-02-04 10:43:08 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2010-02-04 10:42:29 212480 ----a-w- c:\windows\PCDLIB32.DLL
2010-02-04 00:34:48 6656 ----a-w- c:\windows\system32\CoInst.dll
2010-02-04 00:34:48 457856 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2010-02-04 00:34:43 566 ----a-w- c:\windows\system32\SP7302.INI
2010-02-04 00:34:43 129024 ----a-w- c:\windows\system32\SP7302.AX
2010-02-04 00:34:40 0 d-----w- c:\windows\Pixart
2010-02-01 13:25:30 0 d-----w- c:\users\kenneth\Tracing
2010-02-01 13:23:35 0 d-----w- c:\windows\PCHEALTH
2010-02-01 13:17:20 0 d-----w- c:\program files\common files\Windows Live
2010-02-01 07:40:30 0 d-----w- c:\users\kenneth\appdata\roaming\Sony Online Entertainment
2010-02-01 04:30:52 0 d-----w- c:\program files\Sony
2010-01-30 09:34:01 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-01-30 09:22:24 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-30 09:22:23 138056 ----a-w- c:\users\kenneth\appdata\roaming\PnkBstrK.sys
2010-01-30 09:20:55 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-30 09:20:44 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-27 17:36:32 0 d-----w- c:\program files\common files\Steam
2010-01-27 17:36:16 0 d-----w- c:\program files\Steam
2010-01-27 05:25:49 2614272 ----a-w- c:\windows\explorer.exe
2010-01-27 05:25:48 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-26 10:39:48 0 d-----w- c:\programdata\XoftSpySE
2010-01-26 07:04:01 0 d-----w- c:\programdata\Sun
2010-01-26 07:03:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-26 05:56:03 0 d-----w- c:\windows\system32\appmgmt
2010-01-25 16:34:33 0 d-----w- c:\program files\Lx_cats
2010-01-25 15:48:43 132 ----a-w- c:\windows\system32\lxbzplc.ini
2010-01-25 15:48:28 0 d-----w- C:\drivers
2010-01-23 00:54:07 0 d-----w- c:\program files\Mass Effect 2
2010-01-23 00:54:06 0 d-----w- c:\program files\common files\BioWare
2010-01-22 05:52:49 0 d-----w- c:\program files\VideoLAN
2010-01-22 02:14:34 0 d-----w- c:\users\kenneth\appdata\roaming\StarVault
2010-01-22 02:04:21 183808 ----a-w- c:\program files\Mortal Beta Launcher.exe
2010-01-22 02:04:21 0 d-----w- c:\program files\Updater
2010-01-22 01:29:55 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-22 01:28:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01007.Wdf
2010-01-22 00:45:16 0 d-----w- c:\programdata\Comodo
2010-01-22 00:45:10 171552 ----a-w- c:\windows\system32\guard32.dll1
2010-01-22 00:45:10 171552 ----a-w- c:\windows\system32\guard32.dll
2010-01-22 00:45:09 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-01-22 00:45:08 130960 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-01-22 00:44:01 0 d-----w- c:\program files\COMODO
2010-01-21 23:40:41 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-21 07:35:06 0 d-----w- c:\program files\CAPCOM
2010-01-21 07:29:09 0 d-----w- c:\program files\DAEMON Tools Toolbar
2010-01-21 07:28:19 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-21 07:27:45 0 d-----w- c:\program files\DAEMON Tools Lite
2010-01-21 07:27:34 0 d-----w- c:\users\kenneth\appdata\roaming\DAEMON Tools Lite
2010-01-21 07:27:31 0 d-----w- c:\programdata\DAEMON Tools Lite
2010-01-21 07:25:36 65536 --sha-w- c:\users\kenneth\ntuser.dat{f1a30af4-065c-11df-bc52-001321efb093}.TM.blf
2010-01-21 07:25:36 524288 --sha-w- c:\users\kenneth\ntuser.dat{f1a30af4-065c-11df-bc52-001321efb093}.TMContainer00000000000000000002.regtrans-ms
2010-01-21 07:25:36 524288 --sha-w- c:\users\kenneth\ntuser.dat{f1a30af4-065c-11df-bc52-001321efb093}.TMContainer00000000000000000001.regtrans-ms
2010-01-21 07:06:05 0 d-----w- c:\program files\File Shredder
2010-01-21 06:52:35 0 d-----w- c:\program files\Zone Labs
2010-01-21 06:51:58 70 ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-01-21 06:51:58 0 d-----w- c:\windows\system32\ZoneLabs
2010-01-21 06:50:45 0 d-----w- c:\programdata\CheckPoint
2010-01-21 06:50:15 0 d-----w- c:\windows\Internet Logs
2010-01-21 06:40:00 0 d-----w- c:\windows\system32\RTCOM
2010-01-21 06:39:36 551456 ----a-w- c:\windows\system32\RTSndMgr.cpl
2010-01-21 06:39:34 2981024 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-01-21 06:39:34 1539104 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-01-21 06:39:33 56864 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-01-21 06:39:33 2630176 ----a-w- c:\windows\system32\RtkAPO.dll
2010-01-21 06:39:32 76488 ----a-w- c:\windows\system32\RTEEL32A.dll
2010-01-21 06:39:32 62664 ----a-w- c:\windows\system32\RTEEG32A.dll
2010-01-21 06:39:32 357576 ----a-w- c:\windows\system32\RTEEP32A.dll
2010-01-21 06:39:32 293584 ----a-w- c:\windows\system32\RP3DHT32.dll
2010-01-21 06:39:32 293584 ----a-w- c:\windows\system32\RP3DAA32.dll
2010-01-21 06:39:32 168648 ----a-w- c:\windows\system32\RTEED32A.dll
2010-01-21 06:39:18 0 d-----w- c:\program files\Realtek
2010-01-21 06:39:16 838176 ----a-w- c:\windows\RtlExUpd.dll
2010-01-21 06:39:16 0 d--h--w- c:\program files\Temp
2010-01-21 06:25:09 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-01-21 06:24:53 0 d-----w- C:\Intel
2010-01-21 06:23:24 0 d-----w- C:\swsetup
2010-01-21 06:17:43 106 ----a-w- c:\windows\system32\_WKERNEL.SYL
2010-01-21 06:17:23 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2010-01-21 06:17:23 544768 ----a-w- c:\windows\system32\wbocx.ocx
2010-01-21 06:17:23 258352 ----a-w- c:\windows\system32\unicows.dll
2010-01-21 06:17:22 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2010-01-21 06:17:22 439 ----a-w- c:\windows\system32\shfolder.inf
2010-01-21 06:17:22 33968 ----a-w- c:\windows\system32\anim.dll
2010-01-21 06:17:22 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2010-01-21 06:17:22 1706800 ----a-w- c:\windows\system32\gdiplus.dll
2010-01-21 06:17:21 0 d-----w- c:\program files\WinUtilities
2010-01-20 03:11:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-01-19 19:47:57 0 d-----r- c:\program files\Skype
2010-01-19 19:47:54 0 d-----w- c:\programdata\Skype
2010-01-18 19:04:19 0 d-----w- c:\programdata\NVIDIA
2010-01-18 18:59:11 0 d-----w- c:\windows\system32\AGEIA
2010-01-18 18:59:00 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-18 18:58:53 0 d-----w- c:\program files\NVIDIA Corporation
2010-01-18 18:26:35 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-01-17 23:24:25 0 d-----w- c:\program files\Download Manager
2010-01-17 23:19:46 0 d-----w- c:\program files\PeerBlock
2010-01-17 23:18:34 0 d-----w- c:\programdata\ESET
2010-01-17 23:18:34 0 d-----w- c:\program files\ESET
2010-01-17 23:17:09 0 d-sh--w- c:\windows\Installer
2010-01-16 21:04:55 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-01-16 21:04:55 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-01-16 21:04:47 0 d-----w- c:\program files\TVersity Codec Pack
2010-01-16 20:26:34 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-16 20:22:03 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-01-16 20:22:03 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-16 20:13:12 0 d-----w- c:\program files\uTorrent
2010-01-16 20:12:51 0 d-----w- c:\users\kenneth\appdata\roaming\uTorrent
2010-01-14 05:33:00 65536 ------w- c:\windows\system32\Ikeext.etl
2010-01-14 03:44:45 792708 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-01-14 03:44:28 0 d-----w- c:\windows\system32\wbem\Performance
2010-01-14 03:38:36 204528 --sh--r- C:\GRLDR
2010-01-14 03:38:27 0 d-sh--w- C:\Recovery
2010-01-14 03:38:26 0 d-sh--we c:\programdata\Documents
2010-01-14 03:21:08 8192 --sha-r- C:\BOOTSECT.BAK
2010-01-14 03:21:01 383562 --sha-r- C:\bootmgr
2010-01-14 03:21:01 0 d-sh--w- C:\Boot
2010-01-13 17:24:03 0 d-----w- C:\Documents and Settings
2010-01-13 17:18:27 355 --sha-r- C:\Boot.ini.saved

==================== Find3M ====================

2010-01-14 17:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-11-21 02:33:00 812648 ----a-w- c:\windows\system32\nvsvc.dll
2009-11-21 02:33:00 66664 ----a-w- c:\windows\system32\nvshext.dll
2009-11-21 02:33:00 12685928 ----a-w- c:\windows\system32\nvcpl.dll
2009-11-21 02:33:00 122984 ----a-w- c:\windows\system32\nvvsvc.exe
2009-11-21 02:33:00 110184 ----a-w- c:\windows\system32\nvmctray.dll
2009-11-10 09:38:37 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2009-11-10 09:38:32 507568 ----a-w- c:\windows\system32\winload.exe
2009-11-10 09:38:32 442920 ----a-w- c:\windows\system32\winresume.exe
2009-11-10 09:38:32 293888 ----a-w- c:\windows\system32\atmfd.dll
2009-11-10 09:38:32 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 12:00:37.99 ===============


#5 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:15 AM

Posted 07 February 2010 - 02:33 PM

That's OK, we'll see what we can do.

Along with the following in your next reply let me know of any symptoms you may be having such as redirections, pop-ups or the like which can help me with diagnosis.


Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".







Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.




If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:15 AM

Posted 13 February 2010 - 12:16 AM

Due to the lack of feedback This Topic is closed.

Should you need it reopened, please contact my by PM. Include the address of this thread in your request.

If you have a new issue, please start a New Topic.

This applies only to the original poster. Everyone else please begin a New Topic.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users