Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible worm or rootkit help please


  • This topic is locked This topic is locked
37 replies to this topic

#1 relixknowmad

relixknowmad

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 06 November 2011 - 05:50 AM

Hi,

Unable to do windows update. Im concerned that my computer is infected with some sort of worm or rootkit. also, when I try to save anything to my hard drive I receive a message saying there are no more files. Would greatly appreciate it if an expert could look at my hijack this log and see what they think.



Thanks in advance



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by reliixknowmad at 2:11:16 on 2011-11-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.2222 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\PMonitor.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
C:\Program Files\ASUS\Turbo Gear\TurboGear.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\POWERISO\PWRISOVM.EXE
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\AsScrPro.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [Turbo Gear Help] "C:\Program Files\ASUS\Turbo Gear\GearHelp.exe"
mRun: [Turbo Gear] "C:\Program Files\ASUS\Turbo Gear\TurboGear.exe" -r
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun: [Turbo Gear Enhanced VGA Driver] "C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe"
mRun: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRun: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{2560D01B-C85A-44C1-A349-8C5242F7A2E0} : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{52CE5793-58E4-4F38-81A7-12BDD8DA1CA6} : NameServer = 156.154.70.22,156.154.71.22
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO-X64: QFX Software KeyScrambler - No File
BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No File
BHO-X64: ZoneAlarm Toolbar Registrar - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
BHO-X64: Searchqu Toolbar - No File
BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB-X64: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [Turbo Gear Help] "C:\Program Files\ASUS\Turbo Gear\GearHelp.exe"
mRun-x64: [Turbo Gear] "C:\Program Files\ASUS\Turbo Gear\TurboGear.exe" -r
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun-x64: [Turbo Gear Enhanced VGA Driver] "C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe"
mRun-x64: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\reliixknowmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\reliixknowmad\AppData\Roaming\Mozilla\Firefox\Profiles\x64aog3p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://encrypted.google.com/
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Users\reliixknowmad\AppData\Roaming\Mozilla\Firefox\Profiles\x64aog3p.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 1453c1ac-9980-4291-944f-4855bfa87a36
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,BuzzdockTease,DropDownDeals,BestVideoDownloader,BestVideoDownloader,
.
============= SERVICES / DRIVERS ===============
.
R0 cumon;cumon;C:\Windows\system32\drivers\cumon.sys --> C:\Windows\system32\drivers\cumon.sys [?]
R0 Evdd;Evdd;C:\Windows\system32\drivers\evdd.sys --> C:\Windows\system32\drivers\evdd.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 CFRMD;CFRMD;C:\Windows\system32\DRIVERS\CFRMD.sys --> C:\Windows\system32\DRIVERS\CFRMD.sys [?]
R1 CFRPD;CFRPD;C:\Windows\system32\DRIVERS\CFRPD.sys --> C:\Windows\system32\DRIVERS\CFRPD.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys --> C:\Windows\system32\DRIVERS\EIO64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2010-11-28 3029208]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-6-14 328536]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2011-11-1 14904]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-9-19 44768]
R2 CPMService;COMODO Programs Manager Service;C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe [2011-9-5 116032]
R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 20992]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-28 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-10 399416]
R2 WBVGAservice;WB VGA Service;C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2010-11-17 72248]
R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys --> C:\Windows\system32\drivers\keyscrambler.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
S2 AFBAgent;AFBAgent; [x]
S2 Cleaner_Validator;COMODO System - Cleaner Service;C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [2010-12-9 371648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 136176]
S2 IswSvc;ZoneAlarm ForceField IswSvc; [x]
S2 UfasoftSnifDriver6;Ufasoft Snif Filter Driver;C:\Windows\system32\DRIVERS\usft_flt6-64.sys --> C:\Windows\system32\DRIVERS\usft_flt6-64.sys [?]
S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2010-11-28 85800]
S3 Bulk;HDJBulk;C:\Windows\system32\Drivers\HDJBulk.sys --> C:\Windows\system32\Drivers\HDJBulk.sys [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-10-25 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-25 79360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 136176]
S3 HDJAsioK;HDJAsioK;C:\Windows\system32\Drivers\HDJAsioK.sys --> C:\Windows\system32\Drivers\HDJAsioK.sys [?]
S3 HDJMidi;Hercules DJ Console Rmx MIDI;C:\Windows\system32\DRIVERS\HDJMidi.sys --> C:\Windows\system32\DRIVERS\HDJMidi.sys [?]
S3 Installer Service;Installer Service;C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{6339663B-F26F-4FE3-B813-0E1DEC4ED976}\Installer\InstallerService.exe [2011-6-14 119296]
S3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys --> C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [?]
S3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys --> C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\10D3.tmp --> C:\Windows\system32\10D3.tmp [?]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 npggsvc;nProtect GameGuard Service; [x]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service; [x]
.
=============== Created Last 30 ================
.
2011-11-06 06:36:59 6144 ------w- C:\Windows\System32\2300.tmp
2011-11-06 06:33:42 6144 ------w- C:\Windows\System32\1E1F.tmp
2011-11-04 07:29:20 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CE4EF059-4A6C-434B-8691-10F5CCF741B8}\offreg.dll
2011-11-03 12:09:14 -------- d-----w- C:\Program Files (x86)\Yontoo Layers Runtime
2011-11-03 12:09:07 -------- d-----w- C:\ProgramData\Tarma Installer
2011-11-01 10:46:56 294400 ----a-w- C:\Windows\System32\FMAPO64.dll
2011-11-01 10:46:51 166400 ----a-w- C:\Windows\System32\AERTAC64.dll
2011-11-01 10:46:51 108032 ----a-w- C:\Windows\System32\AERTAR64.dll
2011-11-01 10:46:42 831488 ----a-r- C:\Windows\RtlExUpd.dll
2011-11-01 10:46:38 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-11-01 10:46:37 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-11-01 10:46:37 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-11-01 10:46:37 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-11-01 10:46:37 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-11-01 10:46:36 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-11-01 10:20:07 491520 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKe1EE.tmp
2011-11-01 10:18:48 491520 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKeCD66.tmp
2011-11-01 10:16:48 491520 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKeF763.tmp
2011-11-01 10:16:08 458752 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKe5B63.tmp
2011-11-01 10:15:22 458752 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKeA963.tmp
2011-11-01 10:10:16 458752 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKe8417.tmp
2011-11-01 10:02:10 425984 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKe1973.tmp
2011-11-01 09:57:45 262144 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKeDDF.tmp
2011-11-01 09:53:28 262144 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKe2EB7.tmp
2011-11-01 09:48:45 262144 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKeE549.tmp
2011-11-01 09:44:22 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-11-01 09:41:04 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-11-01 09:26:17 -------- d-----w- C:\Program Files\ATKGFNEX
2011-11-01 06:36:22 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CE4EF059-4A6C-434B-8691-10F5CCF741B8}\mpengine.dll
2011-10-28 03:56:28 -------- d-----w- C:\Users\reliixknowmad\AppData\Local\DDMSettings
2011-10-27 02:55:39 -------- d-----w- C:\Users\reliixknowmad\AppData\Local\Microsoft_Corporation
2011-10-26 21:01:44 -------- d-----w- C:\Windows\SysWow64\AGEIA
2011-10-25 11:02:29 -------- d-----w- C:\Program Files\Creative
2011-10-25 10:56:04 15360 ----a-r- C:\Windows\System32\drivers\EIO64_xp.sys
2011-10-25 10:07:40 -------- d-----w- C:\Program Files (x86)\Common Files\Creative
2011-10-25 10:07:34 -------- d--h--w- C:\Program Files (x86)\Creative Installation Information
2011-10-25 10:03:52 90112 ------w- C:\Windows\Updreg.EXE
2011-10-25 10:03:52 8704 ------w- C:\Windows\SysWow64\ResDefE.exe
2011-10-25 10:03:39 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-10-25 10:03:39 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-10-25 10:03:38 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-10-25 10:03:38 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-10-25 10:03:33 2873821 ------w- C:\Windows\SysWow64\Sens_oal.dll
2011-10-25 10:02:35 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared
2011-10-25 09:59:49 -------- d-----w- C:\Program Files (x86)\Creative
2011-10-25 09:46:06 1177600 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL
2011-10-25 09:46:04 16138240 ----a-w- C:\HALionOne.dll
2011-10-25 09:45:49 -------- d-----w- C:\Program Files (x86)\Common Files\VST3
2011-10-25 09:39:17 -------- d-----w- C:\ProgramData\Steinberg
2011-10-25 08:57:34 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-10-22 09:08:04 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
2011-10-22 08:44:49 -------- d-----w- C:\Users\reliixknowmad\AppData\Roaming\REAPER
2011-10-22 08:16:50 -------- d-----w- C:\Program Files\REAPER (x64)
2011-10-12 21:45:44 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-12 21:45:05 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE928445-5879-4C32-B26E-1843746B807E}\gapaengine.dll
2011-10-12 21:35:31 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-10-12 21:35:19 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-10-12 14:23:41 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F4FF62DA-EEB3-4579-93D9-0055CF7E5652}\mpengine.dll
2011-10-11 22:07:41 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-11 22:07:36 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-11 22:07:35 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-11 22:07:34 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-11 22:07:34 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-11 22:07:02 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-11 22:07:01 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-11 22:06:59 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-11 22:06:58 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-10 11:03:18 -------- d-----w- C:\Users\reliixknowmad\AppData\Roaming\Stellarium
2011-10-10 07:54:26 -------- d-----w- C:\Program Files\ESET
2011-10-10 07:02:15 4756216 ----a-w- C:\Windows\SysWow64\GameMon.des
2011-10-10 07:01:56 5174 ----a-w- C:\Windows\SysWow64\nppt9x.vxd
2011-10-10 07:01:56 4682 ----a-w- C:\Windows\SysWow64\npptNT2.sys
2011-10-10 07:01:49 -------- d-----w- C:\Program Files\Common Files\INCA Shared
2011-10-10 06:48:09 -------- d-----w- C:\9Dragons
2011-10-10 06:10:50 -------- d-----w- C:\Users\reliixknowmad\AppData\Local\PMB Files
2011-10-10 06:10:47 -------- d-----w- C:\ProgramData\PMB Files
2011-10-10 06:10:30 -------- d-----w- C:\Program Files (x86)\Pando Networks
.
==================== Find3M ====================
.
2011-11-04 02:09:10 22455 ----a-w- C:\Windows\cscmondump.bin
2011-10-07 17:47:57 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-10-07 17:47:56 574216 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-10-07 17:47:54 16528 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2011-10-07 17:47:10 300200 ----a-w- C:\Windows\SysWow64\guard32.dll
2011-10-07 17:47:08 388280 ----a-w- C:\Windows\System32\guard64.dll
2011-09-23 11:49:38 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2011-09-23 11:23:24 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-09-22 20:56:16 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-19 04:26:04 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-09-19 04:26:04 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2011-09-14 13:58:46 274616 ----a-w- C:\Windows\System32\drivers\keyscrambler.sys
2011-09-08 22:08:01 129024 ----a-w- C:\Windows\RegBootClean64.exe
2011-09-08 20:45:28 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2011-09-06 20:45:29 41184 ----a-w- C:\Windows\avastSS.scr
2011-09-06 20:38:18 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-09-06 20:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-09-05 15:14:34 19568 ----a-w- C:\Windows\System32\drivers\evdd.sys
2011-09-05 15:14:00 205512 ----a-w- C:\Windows\System32\drivers\cumon.sys
2011-09-05 15:12:56 27968 ----a-w- C:\Windows\System32\cpmnat.exe
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-01 00:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 2:15:25.27 ===============

Attached Files


Edited by relixknowmad, 06 November 2011 - 08:51 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,658 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:22 AM

Posted 11 November 2011 - 05:55 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/426558 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 relixknowmad

relixknowmad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 13 November 2011 - 03:25 AM

ok,

I fixed the windows updates issue but still get the popup message there are no more files when I try to save anything.




heres the new log



thanks in advance



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by reliixknowmad at 0:19:02 on 2011-11-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.881 [GMT -8:00]
.
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k ipripsvc
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\Turbo Gear\GearHelp.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\POWERISO\PWRISOVM.EXE
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Windows\AsScrPro.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\prevhost.exe
C:\Program Files\Windows Media Player\wmprph.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\WhatsRunning\WhatsRunning.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\mmc.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Comodo\Dragon\dragon.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\sfc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.gmail.com
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [Turbo Gear Help] "C:\Program Files\ASUS\Turbo Gear\GearHelp.exe"
mRun: [Turbo Gear] "C:\Program Files\ASUS\Turbo Gear\TurboGear.exe" -r
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun: [Turbo Gear Enhanced VGA Driver] "C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe"
mRun: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
dRun: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{2560D01B-C85A-44C1-A349-8C5242F7A2E0} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{2560D01B-C85A-44C1-A349-8C5242F7A2E0} : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{52CE5793-58E4-4F38-81A7-12BDD8DA1CA6} : NameServer = 8.26.56.26,156.154.70.22
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: KeyScramblerBHO Class: {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
BHO-X64: QFX Software KeyScrambler - No File
BHO-X64: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No File
BHO-X64: ZoneAlarm Toolbar Registrar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
BHO-X64: Searchqu Toolbar - No File
BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB-X64: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB-X64: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [Turbo Gear Help] "C:\Program Files\ASUS\Turbo Gear\GearHelp.exe"
mRun-x64: [Turbo Gear] "C:\Program Files\ASUS\Turbo Gear\TurboGear.exe" -r
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r
mRun-x64: [Turbo Gear Enhanced VGA Driver] "C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe"
mRun-x64: [ADSMTray] C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
mRun-x64: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
IE-X64: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\reliixknowmad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 cumon;cumon;C:\Windows\system32\drivers\cumon.sys --> C:\Windows\system32\drivers\cumon.sys [?]
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R0 Evdd;Evdd;C:\Windows\system32\drivers\evdd.sys --> C:\Windows\system32\drivers\evdd.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\Windows\system32\Drivers\SmartDefragDriver.sys --> C:\Windows\system32\Drivers\SmartDefragDriver.sys [?]
R1 CFRMD;CFRMD;C:\Windows\system32\DRIVERS\CFRMD.sys --> C:\Windows\system32\DRIVERS\CFRMD.sys [?]
R1 CFRPD;CFRPD;C:\Windows\system32\DRIVERS\CFRPD.sys --> C:\Windows\system32\DRIVERS\CFRPD.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys --> C:\Windows\system32\DRIVERS\EIO64.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2010-11-28 3029208]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-6-14 328536]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2011-11-1 14904]
R2 CPMService;COMODO Programs Manager Service;C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe [2011-9-5 116032]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 20992]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-28 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-1-10 993848]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-1-10 399416]
R2 WBVGAservice;WB VGA Service;C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2010-11-17 72248]
R3 KeyScrambler;KeyScrambler;C:\Windows\system32\drivers\keyscrambler.sys --> C:\Windows\system32\drivers\keyscrambler.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AFBAgent;AFBAgent; [x]
S2 Cleaner_Validator;COMODO System - Cleaner Service;C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [2010-12-9 371648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 136176]
S2 IswSvc;ZoneAlarm ForceField IswSvc; [x]
S2 UfasoftSnifDriver6;Ufasoft Snif Filter Driver;C:\Windows\system32\DRIVERS\usft_flt6-64.sys --> C:\Windows\system32\DRIVERS\usft_flt6-64.sys [?]
S3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2010-11-28 85800]
S3 Bulk;HDJBulk;C:\Windows\system32\Drivers\HDJBulk.sys --> C:\Windows\system32\Drivers\HDJBulk.sys [?]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-10-25 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-10-25 79360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 136176]
S3 HDJAsioK;HDJAsioK;C:\Windows\system32\Drivers\HDJAsioK.sys --> C:\Windows\system32\Drivers\HDJAsioK.sys [?]
S3 HDJMidi;Hercules DJ Console Rmx MIDI;C:\Windows\system32\DRIVERS\HDJMidi.sys --> C:\Windows\system32\DRIVERS\HDJMidi.sys [?]
S3 Installer Service;Installer Service;C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{6339663B-F26F-4FE3-B813-0E1DEC4ED976}\Installer\InstallerService.exe [2011-6-14 119296]
S3 MADFULEGACYKEYBOARD;Service for M-Audio Legacy Keyboard DFU;C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys --> C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard_DFU.sys [?]
S3 MAUSBLEGACYKEYBOARD;Service for M-Audio Legacy Keyboard;C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys --> C:\Windows\system32\DRIVERS\MAudioLegacyKeyboard.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\10D3.tmp --> C:\Windows\system32\10D3.tmp [?]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\system32\drivers\nmwcdnsucx64.sys --> C:\Windows\system32\drivers\nmwcdnsucx64.sys [?]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\system32\drivers\nmwcdnsux64.sys --> C:\Windows\system32\drivers\nmwcdnsux64.sys [?]
S3 npggsvc;nProtect GameGuard Service; [x]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-7 366152]
.
=============== Created Last 30 ================
.
2011-11-11 07:36:56 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{873E3A20-0CC5-4EBC-960B-33A614CE75BC}\offreg.dll
2011-11-11 07:36:52 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{873E3A20-0CC5-4EBC-960B-33A614CE75BC}\mpengine.dll
2011-11-09 13:21:25 -------- d-----w- C:\Program Files\Windows Journal
2011-11-09 12:39:27 -------- d-----w- C:\Users\reliixknowmad\AppData\Local\Comodo
2011-11-09 12:39:21 -------- d-----w- C:\Program Files (x86)\Comodo
2011-11-09 09:42:15 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 09:42:14 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 09:42:08 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 09:42:02 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-09 04:48:34 -------- d-----w- C:\Program Files (x86)\WhatsRunning
2011-11-07 17:40:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-11-07 15:46:26 -------- d--h--w- C:\Windows\AxInstSV
2011-11-07 11:44:22 -------- d-----w- C:\Users\reliixknowmad\AppData\Roaming\AppKeys
2011-11-07 11:40:11 -------- d-----w- C:\Users\reliixknowmad\AppData\Local\Rex_Venture_Group_LLC
2011-11-07 11:39:27 -------- d-----w- C:\Program Files (x86)\ShoppingDaisy
2011-11-06 22:25:36 -------- d-----w- C:\Windows\SysWow64\Wat
2011-11-06 22:25:36 -------- d-----w- C:\Windows\System32\Wat
2011-11-06 06:36:59 6144 ------w- C:\Windows\System32\2300.tmp
2011-11-06 06:33:42 6144 ------w- C:\Windows\System32\1E1F.tmp
2011-11-01 10:46:56 294400 ----a-w- C:\Windows\System32\FMAPO64.dll
2011-11-01 10:46:51 166400 ----a-w- C:\Windows\System32\AERTAC64.dll
2011-11-01 10:46:51 108032 ----a-w- C:\Windows\System32\AERTAR64.dll
2011-11-01 10:46:42 831488 ----a-r- C:\Windows\RtlExUpd.dll
2011-11-01 10:46:38 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-11-01 10:46:37 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-11-01 10:46:37 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-11-01 10:46:37 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-11-01 10:46:37 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-11-01 10:46:36 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-11-01 10:20:07 491520 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKe1EE.tmp
2011-11-01 10:18:48 491520 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKeCD66.tmp
2011-11-01 10:16:48 491520 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKeF763.tmp
2011-11-01 10:16:08 458752 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKe5B63.tmp
2011-11-01 10:15:22 458752 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKeA963.tmp
2011-11-01 10:10:16 458752 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKe8417.tmp
2011-11-01 10:02:10 425984 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKe1973.tmp
2011-11-01 09:57:45 262144 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKeDDF.tmp
2011-11-01 09:53:28 262144 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKe2EB7.tmp
2011-11-01 09:48:45 262144 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKeE549.tmp
2011-11-01 09:44:22 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-11-01 09:41:04 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-11-01 09:26:17 -------- d-----w- C:\Program Files\ATKGFNEX
2011-10-28 03:56:28 -------- d-----w- C:\Users\reliixknowmad\AppData\Local\DDMSettings
2011-10-27 02:55:39 -------- d-----w- C:\Users\reliixknowmad\AppData\Local\Microsoft_Corporation
2011-10-26 21:01:44 -------- d-----w- C:\Windows\SysWow64\AGEIA
2011-10-25 11:02:29 -------- d-----w- C:\Program Files\Creative
2011-10-25 10:56:04 15360 ----a-r- C:\Windows\System32\drivers\EIO64_xp.sys
2011-10-25 10:07:40 -------- d-----w- C:\Program Files (x86)\Common Files\Creative
2011-10-25 10:07:34 -------- d--h--w- C:\Program Files (x86)\Creative Installation Information
2011-10-25 10:03:52 90112 ------w- C:\Windows\Updreg.EXE
2011-10-25 10:03:52 8704 ------w- C:\Windows\SysWow64\ResDefE.exe
2011-10-25 10:03:39 419840 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-10-25 10:03:39 133632 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-10-25 10:03:38 413696 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-10-25 10:03:38 110592 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-10-25 10:03:33 2873821 ------w- C:\Windows\SysWow64\Sens_oal.dll
2011-10-25 10:02:35 -------- d-----w- C:\Program Files (x86)\Common Files\Creative Labs Shared
2011-10-25 09:59:49 -------- d-----w- C:\Program Files (x86)\Creative
2011-10-25 09:46:06 1177600 ----a-w- C:\Windows\SysWow64\SYNSOEMU.DLL
2011-10-25 09:46:04 16138240 ----a-w- C:\HALionOne.dll
2011-10-25 09:45:49 -------- d-----w- C:\Program Files (x86)\Common Files\VST3
2011-10-25 09:39:17 -------- d-----w- C:\ProgramData\Steinberg
2011-10-25 08:57:34 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-10-22 09:08:04 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
2011-10-22 08:44:49 -------- d-----w- C:\Users\reliixknowmad\AppData\Roaming\REAPER
2011-10-22 08:16:50 -------- d-----w- C:\Program Files\REAPER (x64)
.
==================== Find3M ====================
.
2011-11-09 16:08:43 22455 ----a-w- C:\Windows\cscmondump.bin
2011-10-07 17:47:57 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-10-07 17:47:56 574216 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-10-07 17:47:54 16528 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2011-10-07 17:47:10 300200 ----a-w- C:\Windows\SysWow64\guard32.dll
2011-10-07 17:47:08 388280 ----a-w- C:\Windows\System32\guard64.dll
2011-09-23 11:49:38 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2011-09-23 11:23:24 25160 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-09-22 20:56:16 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-19 04:26:04 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-09-19 04:26:04 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2011-09-16 13:06:17 4756216 ----a-w- C:\Windows\SysWow64\GameMon.des
2011-09-14 13:58:46 274616 ----a-w- C:\Windows\System32\drivers\keyscrambler.sys
2011-09-08 22:08:01 129024 ----a-w- C:\Windows\RegBootClean64.exe
2011-09-08 20:45:28 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2011-09-05 15:14:34 19568 ----a-w- C:\Windows\System32\drivers\evdd.sys
2011-09-05 15:14:00 205512 ----a-w- C:\Windows\System32\drivers\cumon.sys
2011-09-05 15:12:56 27968 ----a-w- C:\Windows\System32\cpmnat.exe
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-01 01:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
.
============= FINISH: 0:22:52.96 ===============

Edited by relixknowmad, 13 November 2011 - 03:29 AM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:22 AM

Posted 13 November 2011 - 11:08 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

I searched Google for this string there are no more files. You are not alone with this problem.

Some of the suggestions I found.
I had this problem and did a system restore. I chose a date before it started happening and it worked well. I didn't lose any files from any office programs.

Issue has been solved. I have no idea how, but for some reason, Hibernate seems to have done it

Some recommendations from Microsoft support.
http://answers.microsoft.com/en-us/windows/forum/windows_7-files/there-are-no-more-files-save-error/6f926ece-be28-429f-b09f-4e66a37148c9

Try these recommendations and let me know if the problem persists.

p.s.
Your DDS log shows ESET and Comodo firewall as enable.
You should not run two Firewalls or Virus secutity programs simultaneously.

#5 relixknowmad

relixknowmad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 15 November 2011 - 09:39 PM

thanks.... i uninstalled comodo system cleaner and that fixed it

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:22 AM

Posted 16 November 2011 - 08:21 AM

One last check.

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#7 relixknowmad

relixknowmad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 16 November 2011 - 02:59 PM

ok I downloaded Download Security Check by screen317 from here.
and ran it and says " not enough quota is available to process this command" on the screen... no text document came up.


something is wrong with system because I still get random lag and my network adaptor goes berzerk alot losing my connection randomly and I cant get online frequently.

let me know please


thx

Edited by relixknowmad, 16 November 2011 - 03:21 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:22 AM

Posted 17 November 2011 - 08:04 AM

http://msdn.microsoft.com/en-us/library/ms820778.aspx

quoted from the page :

Close some applications and try again. If you still get this message, choose System from Control Panel, then choose Virtual Memory and increase the size of your paging file.


I would close all my applications.

Make sure that your Virtual Memory is at least what is recommended.

On Windows 7 Search for Virtual Memory you will be directed to the Help page.

When complete please run the Security tool. Right Click on the .exe file and run it as an Administrator.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:22 AM

Posted 22 November 2011 - 10:43 AM

Are you still with me?

#10 relixknowmad

relixknowmad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 22 November 2011 - 10:31 PM

sorry for late reply internet has been down

heres the results from above


Results of screen317's Security Check version 0.99.28
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Malwarebytes' Anti-Malware
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

WinPatrol winpatrol.exe
Spybot Teatimer.exe is disabled!
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
Emsisoft Anti-Malware a2service.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
BillP Studios WinPatrol WinPatrol.exe
``````````End of Log````````````



also I did a scan with sophos anti rootkit and discovered 30+ rootkits but not able to remove. let me know what you think..

thanks in advance

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:22 AM

Posted 23 November 2011 - 11:42 AM

also I did a scan with sophos anti rootkit and discovered 30+ rootkits but not able to remove. let me know what you think..

One rootkit ie enough to give you a lot of problems.

If you can post the log for my review it may help.
===

Before I suggest any remedial tool I need more information.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Please post the logs for my review.

#12 relixknowmad

relixknowmad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 24 November 2011 - 08:34 AM

for some reason, when I run combofix it scans by real fast and doesnt produce a report
heres the aswmbr log




aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-24 04:05:42
-----------------------------
04:05:42.346 OS Version: Windows x64 6.1.7601 Service Pack 1
04:05:42.346 Number of processors: 2 586 0x170A
04:05:42.348 ComputerName: SAROS133-PC UserName:
04:05:44.076 Initialize success
04:05:44.205 AVAST engine defs: 11112400
04:06:14.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
04:06:14.281 Disk 0 Vendor: ST950032 0002 Size: 476940MB BusType: 3
04:06:14.343 Disk 0 MBR read successfully
04:06:14.343 Disk 0 MBR scan
04:06:14.343 Disk 0 Windows VISTA default MBR code
04:06:14.343 Service scanning
04:06:16.371 Modules scanning
04:06:16.371 Disk 0 trace - called modules:
04:06:16.434 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
04:06:16.434 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80072f8060]
04:06:16.434 3 CLASSPNP.SYS[fffff88001b7543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80065c0050]
04:06:17.276 AVAST engine scan C:\Windows
04:06:20.365 AVAST engine scan C:\Windows\system32
04:08:18.443 AVAST engine scan C:\Windows\system32\drivers
04:08:31.789 AVAST engine scan C:\Users\reliixknowmad
04:12:07.475 Disk 0 MBR has been saved successfully to "C:\Users\reliixknowmad\Desktop\New folder\MBR.dat"
04:12:07.491 The log file has been saved successfully to "C:\Users\reliixknowmad\Desktop\New folder\aswMBR.txt"







thanks

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:22 AM

Posted 24 November 2011 - 09:26 AM

The log should be in the text file. C:\ComboFix.txt

If you have place ComboFix in a folder other than the Desktop check that folder for the file.
Post the content if found.

#14 relixknowmad

relixknowmad
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 24 November 2011 - 09:37 AM

I did a search for ComboFix.txt and I cant find the file anywhere on my hard drive
Im starting to think my best option is to reinstall os


let me know what you think

#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:22 AM

Posted 24 November 2011 - 10:53 AM

Try this first.

Delete the version of ComboFix.exe file.

Download ComboFix from any of the links below but rename it to winlogon.exe before saving it to your desktop. <- Important.

Link 1
Link 2
==================================

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    Double click on the renamed ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click combofix's window while it's running. That may cause it to stall

Can you get a log now?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users