Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

I'm being hunted..


Recommended Posts

I just went to my firewall log this morning and saw that the log was tremendous.. I can easily say that it has more than 25.000+ blocks.. This began on 11 march and is still going on till now. Every minut about aprox 5 attempts that try to connect to me. And I haven't even noticed it since than. Thank god that it blocked all since now but stil worried while it is still going on. I don't know if this is a hacker or a trojan or virus that tries to connect and drom more malware but sure want it to stop. I haven't seen any symptoms of my computer being infected thought.

 

I did scan with IS360, MABM and SAS all updated and all came clear.

Then I did scan with avast and it sayd that it found rootkits but couldn't place it in tha virus chest. I think this is because of it was in a 'sandbox' so they no longer exist.

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 27-1-2011 21:10:37

System Uptime: 7-5-2011 16:31:48 (0 hours ago)

.

Motherboard: PCCHIPS | | A33G

Processor: AMD Athlon 64 X2 Dual Core Processor 3800+ | | 2000/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 195 GiB total, 169,616 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}

Description: Ethernet-controller

Device ID: PCI\VEN_1039&DEV_0190&SUBSYS_01331019&REV_00\3&267A616A&0&20

Manufacturer:

Name: Ethernet-controller

PNP Device ID: PCI\VEN_1039&DEV_0190&SUBSYS_01331019&REV_00\3&267A616A&0&20

Service:

.

==== System Restore Points ===================

.

RP100: 30-4-2011 1:28:42 - Controlepunt van systeem

RP101: 2-5-2011 19:07:23 - Windows XP KB2492386 is geïnstalleerd.

RP102: 3-5-2011 11:35:32 - IObit Uninstaller restore point

RP103: 3-5-2011 11:37:32 - IObit Uninstaller restore point

RP104: 3-5-2011 11:43:56 - IObit Uninstaller restore point

RP105: 4-5-2011 13:31:51 - Controlepunt van systeem

RP106: 5-5-2011 23:42:44 - Controlepunt van systeem

RP107: 6-5-2011 11:48:31 - IObit Uninstaller restore point

RP108: 6-5-2011 23:50:55 - Installed COMODO Internet Security

RP109: 7-5-2011 15:31:37 - IObit Uninstaller restore point

.

==== Installed Programs ======================

.

Adobe Flash Player 10 Plugin

Adobe Reader X (10.0.1) - Nederlands

Adobe Shockwave Player 11.5

Advanced SystemCare 4

AMD APP SDK Runtime

ATI Catalyst Control Center

ATI Catalyst Install Manager

ATI Display Driver

avast! Internet Security

Beveiligingsupdate voor Windows Internet Explorer 7 (KB2416400)

Beveiligingsupdate voor Windows Internet Explorer 8 (KB2482017)

Beveiligingsupdate voor Windows Internet Explorer 8 (KB2497640)

Beveiligingsupdate voor Windows Internet Explorer 8 (KB2510531)

Beveiligingsupdate voor Windows Internet Explorer 8 (KB971961)

Beveiligingsupdate voor Windows Internet Explorer 8 (KB981332)

Beveiligingsupdate voor Windows Internet Explorer 8 (KB982381)

Beveiligingsupdate voor Windows Media Player (KB2378111)

Beveiligingsupdate voor Windows Media Player (KB954155)

Beveiligingsupdate voor Windows Media Player (KB973540)

Beveiligingsupdate voor Windows Media Player (KB975558)

Beveiligingsupdate voor Windows Media Player (KB978695)

Beveiligingsupdate voor Windows XP (KB2079403)

Beveiligingsupdate voor Windows XP (KB2115168)

Beveiligingsupdate voor Windows XP (KB2121546)

Beveiligingsupdate voor Windows XP (KB2229593)

Beveiligingsupdate voor Windows XP (KB2259922)

Beveiligingsupdate voor Windows XP (KB2286198)

Beveiligingsupdate voor Windows XP (KB2296011)

Beveiligingsupdate voor Windows XP (KB2296199)

Beveiligingsupdate voor Windows XP (KB2347290)

Beveiligingsupdate voor Windows XP (KB2360937)

Beveiligingsupdate voor Windows XP (KB2387149)

Beveiligingsupdate voor Windows XP (KB2393802)

Beveiligingsupdate voor Windows XP (KB2412687)

Beveiligingsupdate voor Windows XP (KB2419632)

Beveiligingsupdate voor Windows XP (KB2423089)

Beveiligingsupdate voor Windows XP (KB2436673)

Beveiligingsupdate voor Windows XP (KB2440591)

Beveiligingsupdate voor Windows XP (KB2443105)

Beveiligingsupdate voor Windows XP (KB2476687)

Beveiligingsupdate voor Windows XP (KB2478960)

Beveiligingsupdate voor Windows XP (KB2478971)

Beveiligingsupdate voor Windows XP (KB2479628)

Beveiligingsupdate voor Windows XP (KB2479943)

Beveiligingsupdate voor Windows XP (KB2481109)

Beveiligingsupdate voor Windows XP (KB2483185)

Beveiligingsupdate voor Windows XP (KB2485376)

Beveiligingsupdate voor Windows XP (KB2485663)

Beveiligingsupdate voor Windows XP (KB2503658)

Beveiligingsupdate voor Windows XP (KB2506212)

Beveiligingsupdate voor Windows XP (KB2506223)

Beveiligingsupdate voor Windows XP (KB2507618)

Beveiligingsupdate voor Windows XP (KB2508272)

Beveiligingsupdate voor Windows XP (KB2508429)

Beveiligingsupdate voor Windows XP (KB2509553)

Beveiligingsupdate voor Windows XP (KB2511455)

Beveiligingsupdate voor Windows XP (KB2524375)

Beveiligingsupdate voor Windows XP (KB923561)

Beveiligingsupdate voor Windows XP (KB952004)

Beveiligingsupdate voor Windows XP (KB956572)

Beveiligingsupdate voor Windows XP (KB956744)

Beveiligingsupdate voor Windows XP (KB956844)

Beveiligingsupdate voor Windows XP (KB958869)

Beveiligingsupdate voor Windows XP (KB959426)

Beveiligingsupdate voor Windows XP (KB960803)

Beveiligingsupdate voor Windows XP (KB960859)

Beveiligingsupdate voor Windows XP (KB961501)

Beveiligingsupdate voor Windows XP (KB969059)

Beveiligingsupdate voor Windows XP (KB970430)

Beveiligingsupdate voor Windows XP (KB971657)

Beveiligingsupdate voor Windows XP (KB971961)

Beveiligingsupdate voor Windows XP (KB972270)

Beveiligingsupdate voor Windows XP (KB973507)

Beveiligingsupdate voor Windows XP (KB973869)

Beveiligingsupdate voor Windows XP (KB973904)

Beveiligingsupdate voor Windows XP (KB974112)

Beveiligingsupdate voor Windows XP (KB974318)

Beveiligingsupdate voor Windows XP (KB974392)

Beveiligingsupdate voor Windows XP (KB974571)

Beveiligingsupdate voor Windows XP (KB975025)

Beveiligingsupdate voor Windows XP (KB975467)

Beveiligingsupdate voor Windows XP (KB975560)

Beveiligingsupdate voor Windows XP (KB975562)

Beveiligingsupdate voor Windows XP (KB975713)

Beveiligingsupdate voor Windows XP (KB977816)

Beveiligingsupdate voor Windows XP (KB977914)

Beveiligingsupdate voor Windows XP (KB978037)

Beveiligingsupdate voor Windows XP (KB978338)

Beveiligingsupdate voor Windows XP (KB978542)

Beveiligingsupdate voor Windows XP (KB978601)

Beveiligingsupdate voor Windows XP (KB978706)

Beveiligingsupdate voor Windows XP (KB979309)

Beveiligingsupdate voor Windows XP (KB979482)

Beveiligingsupdate voor Windows XP (KB979687)

Beveiligingsupdate voor Windows XP (KB980195)

Beveiligingsupdate voor Windows XP (KB980232)

Beveiligingsupdate voor Windows XP (KB980436)

Beveiligingsupdate voor Windows XP (KB981322)

Beveiligingsupdate voor Windows XP (KB981349)

Beveiligingsupdate voor Windows XP (KB981852)

Beveiligingsupdate voor Windows XP (KB981997)

Beveiligingsupdate voor Windows XP (KB982132)

Beveiligingsupdate voor Windows XP (KB982214)

Beveiligingsupdate voor Windows XP (KB982665)

C-Media WDM Audio Driver

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center HydraVision Full

Catalyst Control Center Localization All

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Comodo Dragon

COMODO Internet Security

Compatibility Pack for the 2007 Office system

Counter-Strike: Source

Dual-Core Optimizer

ESET Online Scanner v3

G Data CloudSecurity

Game Booster

Ghostery IE Plugin

Google Afmelden voor advertentiecookie

Google Chrome

Google Earth Plug-in

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Windows XP (KB976002-v5)

Hotfix voor Windows XP (KB2443685)

Hotfix voor Windows XP (KB961118)

InternetCalls

IObit Malware Fighter

Java Auto Updater

Java 6 Update 24

KB971513: Update voor Microsoft Windows

Malwarebytes' Anti-Malware

Messenger Plus! Live

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Dutch Language Pack

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - NLD

Microsoft .NET Framework 3.0 Dutch Language Pack

Microsoft .NET Framework 3.0 Nederlands taalpakket

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - NLD

Microsoft .NET Framework 3.5 Language Pack SP1 - nld

Microsoft .NET Framework 3.5 Service Pack 1

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office Word Viewer 2003

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

mIRC

Mozilla Firefox 4.0 (x86 nl)

MSVCRT

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

Paltalk Messenger

Realtek AC'97 Audio

Segoe UI

Skins

Skype™ 5.1

Smart Defrag 2

Steam

SUPERAntiSpyware

Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL

TeamViewer 6

Uninstall 1.0.0.1

Update voor Windows Internet Explorer 8 (KB2447568)

Update voor Windows Internet Explorer 8 (KB976662)

Update voor Windows XP (KB2141007)

Update voor Windows XP (KB2345886)

Update voor Windows XP (KB2467659)

Update voor Windows XP (KB2492386)

Update voor Windows XP (KB955759)

Update voor Windows XP (KB961503)

Update voor Windows XP (KB967715)

Update voor Windows XP (KB968389)

Update voor Windows XP (KB971029)

Update voor Windows XP (KB971737)

Update voor Windows XP (KB973687)

Update voor Windows XP (KB973815)

Veetle TV 0.9.18

VLC media player 1.1.9

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 8

Windows Live - Hulpprogramma voor uploaden

Windows Live aanmeldhulp

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Management Framework Core

WinRAR 4.00 (32-bit)

XML Paper Specification Shared Components Language Pack 1.0

.

==== End Of File ===========================

Link to comment
Share on other sites

Dds

 

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Cengi at 16:40:32,68 on za 07-05-2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3071.2322 [GMT 2:00]

.

AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Sunbelt VIPRE *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

FW: avast! Internet Security *Enabled*

FW: COMODO Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\AVAST Software\Avast\afwServ.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Comodo\Dragon\dragon.exe

C:\Program Files\Comodo\Dragon\dragon.exe

C:\Program Files\Comodo\Dragon\dragon.exe

C:\Program Files\Comodo\Dragon\dragon.exe

C:\Program Files\Comodo\Dragon\dragon.exe

C:\Program Files\Comodo\Dragon\dragon.exe

C:\Program Files\Comodo\Dragon\dragon.exe

C:\Program Files\Comodo\Dragon\dragon.exe

C:\Program Files\Comodo\Dragon\dragon.exe

C:\Documents and Settings\Cengi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Cengi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Cengi\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Cengi\Mijn documenten\Downloads\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = socks=

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: GhosteryBHO Class: {237eb6da-3fea-4dd2-8a61-a901b5c489d7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObjec.dll

BHO: Afmelden voor advertentiecookie: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - c:\program files\google\advertising cookie opt-out\opt_out.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: G Data CloudSecurity: {aadac261-4ee9-473a-ab95-d8e153424c38} - c:\program files\g data\g data cloudsecurity\CloudSecurityIE.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: G Data CloudSecurity: {aadac261-4ee9-473a-ab95-d8e153424c38} - c:\program files\g data\g data cloudsecurity\CloudSecurityIE.dll

uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

c:\documents and settings\cengi\local settings\temp\7.tmp\temp00

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32

uPolicies-explorer: NoInstrumentation = 1 (0x1)

IE: Free YouTube to MP3 Converter - c:\documents and settings\cengi\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm

IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files\ghosteryieplugin\GhosteryBrowserHelperObjec.dll

DPF: {10000000-1000-1000-1000-100000000000} - hxxp://cdn.betteradvertising.com/ghostery/addons/ie/WebInstall/ghostery.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: {873C4CB0-FAD3-46F0-BC44-56278B568E5C} = 156.154.70.22,156.154.71.22

Filter: text/html - {4459DC76-1FDE-4B16-BAD0-E4F8E7647555} - c:\program files\ghosteryieplugin\GhosteryMimeFilter.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: AtiExtEvent - Ati2evxx.dll

AppInit_DLLs: c:\windows\system32\guard32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\cengi\applic~1\mozilla\firefox\profiles\x7lhttr8.default\

FF - plugin: c:\documents and settings\cengi\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\veetle\player\npvlc.dll

FF - plugin: c:\program files\veetle\plugins\npVeetle.dll

.

---- FIREFOX POLICIES ----

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.xul.error_pages.enabled - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2011-3-1 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2011-3-1 192984]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2011-5-6 13496]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2011-3-1 102232]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-1 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-1 307288]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 242472]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 29400]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-3-21 21464]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-5-13 98392]

R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2011-3-21 212568]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-4-22 352656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-1 19544]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-1 42184]

R2 avast! Firewall;avast! Firewall;c:\program files\avast software\avast\afwServ.exe [2011-3-1 121000]

R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-5-2 1779280]

R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-2-22 821592]

R2 SBPIMSvc;SB Recovery Service;c:\program files\sunbelt software\vipre\SBPIMSvc.exe [2010-8-20 181584]

S2 gupdate;Google Updateservice (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176]

S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-3-21 69976]

S3 BCASPROT;Advanced System Protector;\??\c:\program files\systweak\advanced system protector\sasprot32.sys --> c:\program files\systweak\advanced system protector\sasprot32.sys [?]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-29 136176]

S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2011-4-3 30368]

S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2011-4-3 16080]

S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-4-3 239472]

.

=============== Created Last 30 ================

.

2011-05-07 11:08:34 -------- d-----w- c:\docume~1\cengi\applic~1\Malwarebytes

2011-05-07 11:08:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-07 11:08:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-05-07 11:08:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-07 11:08:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-07 00:22:40 -------- d--h--r- c:\documents and settings\cengi\Onlangs geopend

2011-05-06 22:05:14 -------- d--h--w- C:\VritualRoot

2011-05-06 10:08:38 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-05-05 22:14:53 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-05-05 22:14:53 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2011-05-02 18:36:54 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-05-02 18:36:52 242472 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-05-02 18:36:52 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-05-02 18:36:04 284744 ----a-w- c:\windows\system32\guard32.dll

2011-04-23 09:34:58 -------- d-----w- c:\windows\system32\wbem\repository\FS

2011-04-23 09:34:58 -------- d-----w- c:\windows\system32\wbem\Repository

2011-04-23 09:34:46 -------- d-----w- C:\3b9bc65ed6f8131e7cf9191f

2011-04-22 11:32:16 -------- d-----w- c:\windows\system32\GroupPolicy

2011-04-22 11:32:11 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2011-04-22 11:30:54 -------- d-----w- c:\windows\system32\XPSViewer

2011-04-22 10:37:27 -------- d-----w- c:\docume~1\cengi\applic~1\TuneUp Software

2011-04-22 10:36:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\TuneUp Software

2011-04-22 10:36:38 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

2011-04-20 23:23:08 -------- d-----w- c:\program files\CCleaner

2011-04-16 13:52:21 21840 ----atw- c:\windows\system32\SIntfNT.dll

2011-04-16 13:52:21 17212 ----atw- c:\windows\system32\SIntf32.dll

2011-04-16 13:52:21 12067 ----atw- c:\windows\system32\SIntf16.dll

2011-04-12 10:07:35 69632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP82.DLL

2011-04-12 10:07:35 27136 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD82.DLL

2011-04-12 10:07:34 198656 ----a-w- c:\windows\system32\CNMLM82.DLL

2011-04-12 10:06:10 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2011-04-12 10:06:10 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2011-04-12 09:56:01 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2011-04-12 09:56:01 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2011-04-10 20:20:03 207488 ----a-r- c:\windows\system32\drivers\vinyl97.sys

2011-04-10 20:15:32 47616 ----a-w- c:\windows\system32\drivers\SiSRaid2.sys

2011-04-10 20:15:32 163840 ----a-w- c:\windows\system32\property.dll

2011-04-10 20:10:15 -------- d-----w- c:\docume~1\cengi\locals~1\applic~1\Innovative Solutions

2011-04-10 20:10:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Innovative Solutions

.

==================== Find3M ====================

.

2011-04-18 17:25:12 40112 ----a-w- c:\windows\avastSS.scr

2011-04-04 16:31:06 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-04-04 16:31:05 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-03-21 17:56:22 59904 ----a-w- c:\windows\system32\OVDecode.dll

2011-03-21 17:56:06 51712 ----a-w- c:\windows\system32\OpenCL.dll

2011-03-21 17:55:46 12385792 ----a-w- c:\windows\system32\amdocl.dll

2011-03-11 14:10:38 471552 ----a-w- c:\windows\apppatch\aclayers.dll

2011-03-07 05:31:39 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:36:55 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:52:10 1867008 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:07:58 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:07:58 43520 ------w- c:\windows\system32\licmgr10.dll

2011-02-22 23:07:58 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:43:15 385024 ------w- c:\windows\system32\html.iec

2011-02-17 16:24:08 5632 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:54:04 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:54:04 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33:59 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33:59 974848 ----a-w- c:\windows\system32\mfc42u.dll

.

============= FINISH: 16:47:44,76 ===============

Link to comment
Share on other sites

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*******************************************************

It would appear from the DDS logs that you're running two Anti-virus and two firewall programs on your computer; COMODO Internet Security and Sunbelt VIPRE . You should only have one AV and one firewall active on your computer at all times. Running more than one of each can cause all kinds of conflicting problems.

*************************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Unzip SecurityCheck.zip and a folder named Security Check should appear.

* Open the Security Check folder and double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

************************************************************

Please download ComboFix http://img7.imageshack.us/img7/4930/combofix.gif from BleepingComputer.com

 

Alternate link: GeeksToGo.com

 

and save it to your Desktop.

It would be easiest to download using Internet Explorer.

If you insist on using Firefox, make sure that your download settings are as follows:

 

* Tools->Options->Main tab

* Set to "Always ask me where to Save the files".

 

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here

Double click ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

http://i424.photobucket.com/albums/pp322/digistar/Query_RC.gif

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i424.photobucket.com/albums/pp322/digistar/RC_successful.gif

 

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

 

If you have problems with ComboFix usage, see How to use ComboFix

Link to comment
Share on other sites

Combofix log

 

ComboFix 11-05-07.02 - Cengi 08-05-2011 12:29:45.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3071.2546 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Cengi\Bureaublad\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Sunbelt VIPRE *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-04-08 to 2011-05-08 ))))))))))))))))))))))))))))))

.

.

2011-05-07 11:08 . 2011-05-07 11:08 -------- d-----w- c:\documents and settings\Cengi\Application Data\Malwarebytes

2011-05-07 11:08 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-07 11:08 . 2011-05-07 11:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-05-07 11:08 . 2011-05-07 11:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-05-07 11:08 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-07 00:22 . 2011-05-07 15:26 -------- d--h--r- c:\documents and settings\Cengi\Onlangs geopend

2011-05-06 22:05 . 2011-05-06 22:05 -------- d-----w- C:\VritualRoot

2011-05-06 10:08 . 2011-05-06 10:08 12872 ----a-w- c:\windows\system32\bootdelete.exe

2011-05-05 22:14 . 2011-02-23 15:04 13496 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2011-05-05 22:14 . 2011-02-23 14:54 29520 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2011-05-02 18:36 . 2011-05-02 18:36 96608 ----a-w- c:\windows\system32\drivers\inspect.sys

2011-05-02 18:36 . 2011-05-02 18:36 29400 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2011-05-02 18:36 . 2011-05-02 18:36 242472 ----a-w- c:\windows\system32\drivers\cmdGuard.sys

2011-05-02 18:36 . 2011-05-02 18:36 17416 ----a-w- c:\windows\system32\drivers\cmderd.sys

2011-05-02 18:36 . 2011-05-02 18:36 284744 ----a-w- c:\windows\system32\guard32.dll

2011-05-01 17:54 . 2011-05-01 17:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp

2011-04-23 09:34 . 2011-04-23 09:34 -------- d-----w- c:\windows\system32\wbem\Repository

2011-04-23 09:34 . 2011-04-23 09:34 -------- d-----w- C:\3b9bc65ed6f8131e7cf9191f

2011-04-22 11:32 . 2011-04-22 11:32 -------- d-----w- c:\windows\system32\GroupPolicy

2011-04-22 11:32 . 2011-04-23 09:34 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$

2011-04-22 11:30 . 2011-04-22 11:30 -------- d-----w- c:\windows\system32\XPSViewer

2011-04-22 10:38 . 2011-04-22 10:38 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-04-22 10:37 . 2011-04-22 10:37 -------- d-----w- c:\documents and settings\Cengi\Application Data\TuneUp Software

2011-04-22 10:36 . 2011-04-22 10:53 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2011-04-22 10:36 . 2011-04-22 10:36 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

2011-04-20 23:23 . 2011-04-20 23:23 -------- d-----w- c:\program files\CCleaner

2011-04-16 13:52 . 2011-04-18 22:15 21840 ----atw- c:\windows\system32\SIntfNT.dll

2011-04-16 13:52 . 2011-04-18 22:15 17212 ----atw- c:\windows\system32\SIntf32.dll

2011-04-16 13:52 . 2011-04-18 22:15 12067 ----atw- c:\windows\system32\SIntf16.dll

2011-04-16 12:09 . 2011-05-03 09:37 -------- d-----w- c:\documents and settings\Cengi\Application Data\DAEMON Tools Lite

2011-04-16 12:09 . 2011-05-03 09:37 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2011-04-16 11:56 . 2011-05-03 09:44 -------- d-----w- c:\documents and settings\Cengi\Application Data\uTorrent

2011-04-12 10:07 . 2006-09-12 18:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP82.DLL

2011-04-12 10:07 . 2006-09-12 18:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD82.DLL

2011-04-12 10:07 . 2008-04-02 18:00 198656 ----a-w- c:\windows\system32\CNMLM82.DLL

2011-04-12 10:06 . 2008-04-13 21:17 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2011-04-12 10:06 . 2008-04-13 21:17 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2011-04-12 09:56 . 2008-04-13 21:15 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

2011-04-12 09:56 . 2008-04-13 21:15 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2011-04-10 20:20 . 2007-06-27 12:42 207488 ----a-r- c:\windows\system32\drivers\vinyl97.sys

2011-04-10 20:15 . 2011-04-10 20:19 -------- dc----w- c:\windows\system32\DRVSTORE

2011-04-10 20:15 . 2008-08-07 02:59 47616 ----a-w- c:\windows\system32\drivers\SiSRaid2.sys

2011-04-10 20:15 . 2008-08-07 02:59 163840 ----a-w- c:\windows\system32\property.dll

2011-04-10 20:10 . 2011-04-10 20:10 -------- d-----w- c:\documents and settings\Cengi\Local Settings\Application Data\Innovative Solutions

2011-04-10 20:10 . 2011-04-10 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-06 09:58 . 2011-03-09 18:52 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-04-18 17:25 . 2011-03-01 17:25 40112 ----a-w- c:\windows\avastSS.scr

2011-04-18 17:25 . 2011-03-01 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe

2011-04-18 17:18 . 2011-03-01 17:26 102232 ----a-w- c:\windows\system32\drivers\aswFW.sys

2011-04-18 17:17 . 2011-03-01 17:26 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-04-18 17:17 . 2011-03-01 17:26 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys

2011-04-18 17:17 . 2011-03-01 17:26 192984 ----a-w- c:\windows\system32\drivers\aswNdis2.sys

2011-04-18 17:16 . 2011-03-01 17:26 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2011-04-18 17:16 . 2011-03-01 17:26 102488 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2011-04-18 17:16 . 2011-03-01 17:26 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys

2011-04-18 17:13 . 2011-03-01 17:26 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2011-04-18 17:13 . 2011-03-01 17:26 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2011-04-18 17:12 . 2011-03-01 17:26 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2011-04-04 16:31 . 2011-04-04 16:31 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-04-04 16:31 . 2011-01-27 22:54 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-03-21 17:56 . 2011-03-21 17:56 59904 ----a-w- c:\windows\system32\OVDecode.dll

2011-03-21 17:56 . 2011-03-21 17:56 51712 ----a-w- c:\windows\system32\OpenCL.dll

2011-03-21 17:55 . 2011-03-21 17:55 12385792 ----a-w- c:\windows\system32\amdocl.dll

2011-03-11 14:10 . 2008-04-15 11:00 471552 ----a-w- c:\windows\apppatch\aclayers.dll

2011-03-07 05:31 . 2011-01-27 20:01 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:36 . 2009-01-19 17:09 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:52 . 2009-01-19 17:09 1867008 ----a-w- c:\windows\system32\win32k.sys

2011-02-23 13:34 . 2011-03-01 17:25 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys

2011-02-22 23:07 . 2009-01-19 17:10 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:07 . 2009-01-19 17:10 43520 ------w- c:\windows\system32\licmgr10.dll

2011-02-22 23:07 . 2008-04-15 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:43 . 2009-01-19 17:10 385024 ------w- c:\windows\system32\html.iec

2011-02-17 16:24 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-17 13:19 . 2009-01-19 17:08 457472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-02-17 13:19 . 2009-01-19 17:09 357888 ----a-w- c:\windows\system32\drivers\srv.sys

2011-02-15 12:56 . 2008-04-15 11:00 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-09 13:54 . 2008-04-15 11:00 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:54 . 2008-04-15 11:00 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33 . 2008-04-15 11:00 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33 . 2008-04-15 11:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-03-18 18:03 . 2011-03-26 14:35 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

.

[-] 2009-01-19 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7}]

2010-05-14 13:10 561400 ----a-w- c:\program files\GhosteryIEplugin\GhosteryBrowserHelperObjec.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AADAC261-4EE9-473A-AB95-D8E153424C38}]

2011-03-02 18:28 984056 ----a-w- c:\program files\G Data\G Data CloudSecurity\CloudSecurityIE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{AADAC261-4EE9-473A-AB95-D8E153424C38}"= "c:\program files\G Data\G Data CloudSecurity\CloudSecurityIE.dll" [2011-03-02 984056]

.

[HKEY_CLASSES_ROOT\clsid\{aadac261-4ee9-473a-ab95-d8e153424c38}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-02 2560840]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="shell32" [X]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\guard32.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]

@="Service"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-01-30 15:45 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-10-29 12:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Steam\\steamapps\\caykarali_rambo\\counter-strike source\\hl2.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [1-3-2011 19:25 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [1-3-2011 19:26 192984]

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [6-5-2011 0:14 13496]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [1-3-2011 19:26 102232]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1-3-2011 19:26 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1-3-2011 19:26 307288]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2-5-2011 20:36 242472]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2-5-2011 20:36 29400]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-2-2010 20:25 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10-5-2010 20:41 67656]

R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [21-3-2011 18:18 21464]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [13-5-2010 8:56 98392]

R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [21-3-2011 12:06 212568]

R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\IObit\Advanced SystemCare 4\ASCService.exe [22-4-2011 12:57 352656]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1-3-2011 19:26 19544]

R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [22-2-2011 22:15 821592]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [1-3-2011 19:25 121000]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29-1-2011 16:46 136176]

S2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [21-3-2011 18:18 69976]

S2 SBPIMSvc;SB Recovery Service;"c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe" --> c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [?]

S3 BCASPROT;Advanced System Protector;\??\c:\program files\Systweak\Advanced System Protector\sasprot32.sys --> c:\program files\Systweak\Advanced System Protector\sasprot32.sys [?]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29-1-2011 16:46 136176]

S3 IObitUnlocker;IObitUnlocker;c:\program files\IObit\IObit Unlocker\IObitUnlocker.sys [7-5-2011 17:15 26248]

S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [3-4-2011 2:40 30368]

S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [3-4-2011 2:40 16080]

S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [3-4-2011 2:40 239472]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-04-22 c:\windows\Tasks\ASC4_AutoCare.job

- c:\program files\IObit\Advanced SystemCare 4\AutoCare.exe [2011-04-22 13:08]

.

2011-05-08 c:\windows\Tasks\ASC4_AutoSweep.job

- c:\program files\IObit\Advanced SystemCare 4\AutoSweep.exe [2011-04-22 13:08]

.

2011-05-07 c:\windows\Tasks\ASC4_AutoUpdate.job

- c:\program files\IObit\Advanced SystemCare 4\AutoUpdate.exe [2011-04-22 13:08]

.

2011-05-08 c:\windows\Tasks\ASC4_PerformanceMonitor.job

- c:\program files\IObit\Advanced SystemCare 4\PMonitor.exe [2011-04-22 13:08]

.

2011-05-08 c:\windows\Tasks\Game_Booster_Startup.job

- c:\program files\IObit\Game Booster\gbtray.exe [2011-03-01 14:46]

.

2011-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc0828da626fa0.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 20:51]

.

2011-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-29 20:51]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyServer = socks=

IE: Free YouTube to MP3 Converter - c:\documents and settings\Cengi\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: {{237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - {237EB6DA-3FEA-4DD2-8A61-A901B5C489D7} - c:\program files\GhosteryIEplugin\GhosteryBrowserHelperObjec.dll

TCP: {873C4CB0-FAD3-46F0-BC44-56278B568E5C} = 156.154.70.22,156.154.71.22

FF - ProfilePath - c:\documents and settings\Cengi\Application Data\Mozilla\Firefox\Profiles\x7lhttr8.default\

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.urlbar.autofill - true

FF - user.js: browser.xul.error_pages.enabled - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 3000000

FF - user.js: content.maxtextrun - 8191

FF - user.js: content.notify.backoffcount - 5

FF - user.js: content.notify.interval - 750000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: network.http.max-connections - 32

FF - user.js: network.http.max-connections-per-server - 8

FF - user.js: network.http.max-persistent-connections-per-proxy - 8

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: network.http.pipelining - true

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.proxy.pipelining - true

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: nglayout.initialpaint.delay - 0

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

SafeBoot-SBAMSvc

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-08 12:36

Windows 5.1.2600 Service Pack 3 NTFS

.

detected NTDLL code modification:

ZwClose, ZwOpenFile

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

.

C:\## aswSnx private storage

.

Scan succesvol afgerond

verborgen bestanden: 1

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(1296)

c:\windows\system32\guard32.dll

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'lsass.exe'(1400)

c:\windows\system32\guard32.dll

.

- - - - - - - > 'explorer.exe'(444)

c:\windows\system32\guard32.dll

c:\windows\system32\msi.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

Voltooingstijd: 2011-05-08 12:40:30

ComboFix-quarantined-files.txt 2011-05-08 10:40

.

Pre-Run: 181.848.956.928 bytes beschikbaar

Post-Run: 181.807.435.776 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

.

- - End Of File - - 998768879B902F03B154FD2F3EE0F426

Link to comment
Share on other sites

I installed vipre once just to scan my computer with it. I did uninstall it so it is a leftover. I don't use it. My both AV and FW are from Avast!. I dont use the AV of Comodo nor the FW, but I only use the defence+ hips.

 

 

Results of screen317's Security Check version 0.99.10

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

avast! Internet Security

ESET Online Scanner v3

VIPRE Antivirus

Antivirus up to date! (On Access scanning disabled!)

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner

Java 6 Update 24

Adobe Flash Player 10.2.153.1

Adobe Reader X (10.0.1) - Nederlands

Mozilla Firefox (x86 nl..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Comodo Firewall cmdagent.exe

IObit IObit Malware Fighter IMFsrv.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast avastUI.exe

``````````End of Log````````````

Link to comment
Share on other sites

It's still on your computer. You can try uninstalling it again. If that doesn't work, you can remove it by running this Removal Tool below.

 

VIPRE Antivirus + Antispyware - Sunbelt Software CS&VClean.exe

****************************************************

Update Your Java (JRE)

 

Old versions of Java have vulnerabilities that malware can use to infect your system.

 

First Verify your Java Version

 

If there are any other version(s) installed then update now.

 

Get the new version (if needed)

 

If your version is out of date install the newest version of the Sun Java Runtime Environment.

 

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

 

Be sure to close ALL open web browsers before starting the installation.

 

Remove any old versions

 

1. Download JavaRa and unzip the file to your Desktop.

2. Open JavaRA.exe and choose Remove Older Versions

3. Once complete exit JavaRA.

 

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

****************************************************

SysProt Antirootkit

 

Download

SysProt Antirootkit from the link below (you will find it at the bottom

of the page under attachments, or you can get it from one of the

mirrors).

 

http://sites.google.com/site/sysprotantirootkit/

 

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.
    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

    [*]At the bottom of the page

    • Hidden Objects Only << Selected

    [*]Click on the Create Log button on the bottom right.

    [*]After a few seconds a new window should appear.

    [*]Select Scan Root Drive. Click on the Start button.

    [*]When it is complete a new window will appear to indicate that the scan is finished.

    [*]The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Link to comment
Share on other sites

The link which you gave me to uninstal Vipri is the direct link for the uninstal program. So I searched for it my self and I did manage to find it. Also java is now updated to.

 

But the SysProt failed 3 times. After starting the Root Drive scan, the whole program freezes. When I pres start, the start button becomes the stop button, but than that whole window disappears and all freezes. I cant press x nor minimize or move it and when I kill the procces it says that this program does not work. Tried 3 times and same happens

Link to comment
Share on other sites

Ok. That happens sometimes. Let's try this one.

 

* Download the following tool: RootRepeal - Rootkit Detector

* Direct download link is here: RootRepeal.zip

 

* Close all programs and temporarily disable your anti-virus, Firewall and any anti-malware real-time protection before performing a scan.

* Click this link to see a list of such programs and how to disable them.

 

* Extract the program file to a new folder such as C:\RootRepeal

* Run the program RootRepeal.exe and go to the REPORT tab and click on the Scan button.

* Select ALL of the checkboxes and then click OK and it will start scanning your system.

* If you have multiple drives you only need to check the C: drive or the one Windows is installed on.

* When done, click on Save Report

* Save it to the same location where you ran it from, such as C:RootRepeal

* Save it as rootrepeal.txt

* Then open that log and select all and copy/paste it back on your next reply please.

* Close RootRepeal.

Link to comment
Share on other sites

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2011/05/09 13:24

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

 

Drivers

-------------------

Name: atapi.sys

Image Path: atapi.sys

Address: 0xB9F0A000 Size: 96512 File Visible: - Signed: -

Status: Hidden from the Windows API!

 

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xA516C000 Size: 49152 File Visible: No Signed: -

Status: -

 

Hidden/Locked Files

-------------------

Path: C:\## aswSnx private storage

Status: Invisible to the Windows API!

 

Path: C:\Documents and Settings\Cengi\Local Settings\Application Data\Comodo\Dragon\User Data\Local State

Status: Could not get file information (Error 0xc0000008)

 

Path: C:\Documents and Settings\Cengi\Local Settings\Application Data\Comodo\Dragon\User Data\chrome_shutdown_ms.txt

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\Cengi\Local Settings\Apps\2.0\77B99QK2.927\19JWVM94.XAP\manifests\clickonce_bootstrap.exe.cdf-ms

Status: Locked to the Windows API!

 

Path: C:\Documents and Settings\Cengi\Local Settings\Apps\2.0\77B99QK2.927\19JWVM94.XAP\manifests\clickonce_bootstrap.exe.manifest

Status: Locked to the Windows API!

 

SSDT

-------------------

#: 009 Function Name: NtAddBootEntry

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8815202

 

#: 011 Function Name: NtAdjustPrivilegesToken

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a958b2

 

#: 017 Function Name: NtAllocateVirtualMemory

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa887bc48

 

#: 025 Function Name: NtClose

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa88396a1

 

#: 031 Function Name: NtConnectPort

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a94e48

 

#: 035 Function Name: NtCreateEvent

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa88177f0

 

#: 036 Function Name: NtCreateEventPair

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8817848

 

#: 037 Function Name: NtCreateFile

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a95518

 

#: 038 Function Name: NtCreateIoCompletion

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa881795e

 

#: 041 Function Name: NtCreateKey

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8839055

 

#: 043 Function Name: NtCreateMutant

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8817746

 

#: 046 Function Name: NtCreatePort

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a94d28

 

#: 050 Function Name: NtCreateSection

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8817898

 

#: 051 Function Name: NtCreateSemaphore

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa881779a

 

#: 052 Function Name: NtCreateSymbolicLinkObject

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a98568

 

#: 053 Function Name: NtCreateThread

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a94714

 

#: 054 Function Name: NtCreateTimer

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa881790c

 

#: 061 Function Name: NtDeleteBootEntry

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8815226

 

#: 063 Function Name: NtDeleteKey

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8839d67

 

#: 065 Function Name: NtDeleteValueKey

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa883a01d

 

#: 068 Function Name: NtDuplicateObject

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8817be2

 

#: 071 Function Name: NtEnumerateKey

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8839bd2

 

#: 073 Function Name: NtEnumerateValueKey

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8839a3d

 

#: 083 Function Name: NtFreeVirtualMemory

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa887bcf8

 

#: 097 Function Name: NtLoadDriver

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8814ff0

 

#: 105 Function Name: NtMakeTemporaryObject

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a95110

 

#: 109 Function Name: NtModifyBootEntry

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa881524a

 

#: 111 Function Name: NtNotifyChangeKey

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8817d56

 

#: 112 Function Name: NtNotifyChangeMultipleKeys

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8815cda

 

#: 114 Function Name: NtOpenEvent

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8817820

 

#: 115 Function Name: NtOpenEventPair

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8817870

 

#: 116 Function Name: NtOpenFile

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a956f4

 

#: 117 Function Name: NtOpenIoCompletion

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8817988

 

#: 119 Function Name: NtOpenKey

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa88393b1

 

#: 120 Function Name: NtOpenMutant

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8817772

 

#: 122 Function Name: NtOpenProcess

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8817a1a

 

#: 125 Function Name: NtOpenSection

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa88178d8

 

#: 126 Function Name: NtOpenSemaphore

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa88177c8

 

#: 128 Function Name: NtOpenThread

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8817afe

 

#: 131 Function Name: NtOpenTimer

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8817936

 

#: 137 Function Name: NtProtectVirtualMemory

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa887bd90

 

#: 160 Function Name: NtQueryKey

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa88398b8

 

#: 161 Function Name: NtQueryMultipleValueKey

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a9711c

 

#: 163 Function Name: NtQueryObject

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8815ba0

 

#: 177 Function Name: NtQueryValueKey

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa883970a

 

#: 192 Function Name: NtRenameKey

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa8884cae

 

#: 200 Function Name: NtRequestWaitReplyPort

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a9768c

 

#: 204 Function Name: NtRestoreKey

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa88386c8

 

#: 210 Function Name: NtSecureConnectPort

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a97940

 

#: 211 Function Name: NtSetBootEntryOrder

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa881526e

 

#: 212 Function Name: NtSetBootOptions

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8815292

 

#: 237 Function Name: NtSetSecurityObject

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a95eee

 

#: 240 Function Name: NtSetSystemInformation

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa881504a

 

#: 241 Function Name: NtSetSystemPowerState

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8815186

 

#: 247 Function Name: NtSetValueKey

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8839e6e

 

#: 249 Function Name: NtShutdownSystem

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa8815162

 

#: 255 Function Name: NtSystemDebugControl

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa88151aa

 

#: 257 Function Name: NtTerminateProcess

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a94b2a

 

#: 258 Function Name: NtTerminateThread

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a94918

 

#: 268 Function Name: NtVdmControl

Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSnx.SYS" at address 0xa88152b6

 

Shadow SSDT

-------------------

#: 013 Function Name: NtGdiBitBlt

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a9a788

 

#: 122 Function Name: NtGdiDeleteObjectApp

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a9b034

 

#: 227 Function Name: NtGdiMaskBlt

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a9a8c8

 

#: 233 Function Name: NtGdiOpenDCW

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a9aeee

 

#: 237 Function Name: NtGdiPlgBlt

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a9aa14

 

#: 292 Function Name: NtGdiStretchBlt

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a9ab54

 

#: 310 Function Name: NtUserBlockInput

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a9a600

 

#: 319 Function Name: NtUserCallHwndParamLock

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a99648

 

#: 383 Function Name: NtUserGetAsyncKeyState

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a9a2a6

 

#: 389 Function Name: NtUserGetClipboardData

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a9ac9a

 

#: 414 Function Name: NtUserGetKeyboardState

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a99fee

 

#: 416 Function Name: NtUserGetKeyState

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a9a142

 

#: 460 Function Name: NtUserMessageCall

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a99c78

 

#: 465 Function Name: NtUserMoveWindow

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a99344

 

#: 475 Function Name: NtUserPostMessage

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a99902

 

#: 476 Function Name: NtUserPostThreadMessage

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a99abc

 

#: 490 Function Name: NtUserRegisterHotKey

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a9adbe

 

#: 491 Function Name: NtUserRegisterRawInputDevices

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a9a40a

 

#: 502 Function Name: NtUserSendInput

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a99e80

 

#: 509 Function Name: NtUserSetClipboardViewer

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a9a508

 

#: 529 Function Name: NtUserSetParent

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a994d4

 

#: 549 Function Name: NtUserSetWindowsHookEx

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a9b072

 

#: 552 Function Name: NtUserSetWinEventHook

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a9b308

 

#: 559 Function Name: NtUserSystemParametersInfo

Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xa8a997e6

 

==EOF==

Link to comment
Share on other sites

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites

That's good. If there are no other issues, let's do some cleanup.

 

To uninstall ComboFix

 

  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall

 

http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg

 

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

 

  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

**************************************************

Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

 

Double-click TFC.exe to run it.

 

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

 

TFC will close all programs when run, so make sure you have saved all your work before you begin.

 

* Click the Start button to begin the cleaning process.

* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.

* Please let TFC run uninterrupted until it is finished.

 

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

***********************************************

Use the Secunia Software Inspector to check for out of date software.

 

•Click Start Now

 

•Check the box next to Enable thorough system inspection.

 

•Click Start

 

•Allow the scan to finish and scroll down to see if any updates are needed.

•Update anything listed.

.

----------

 

Go to Microsoft Windows Update and get all critical updates.

 

----------

 

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

 

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.

* Using SpywareBlaster to protect your computer from Spyware and Malware

* If you don't know what ActiveX controls are, see here

 

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

 

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

 

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.

Safe Surfing!

******************************************************

* Open IObit Security 360.

* Click the Update button and download any available updates.

* Choose Quarantine threats when removing them in Scan Parameters of Scan Setting in Options.

* Click Apply and OK buttons.

* Next (on the left) click the Scan button.

* Choose the Full Scan (Scan all hard drives in your computer) option to begin the scan.

* Once the scan has completed click Remove

* Next click Save a Report

* Post the IObit Security 360.log in your next reply.

Link to comment
Share on other sites

Let's run a few more scans to see what turns up.

 

Please download aswMBR.exe ( 511KB ) to your desktop.

 

Double click the aswMBR.exe to run it

 

http://i62.servimg.com/u/f62/15/92/84/26/aswmbr14.jpg

 

Click the "Scan" button to start scan

 

http://i62.servimg.com/u/f62/15/92/84/26/aswmbr10.png

 

On completion of the scan click save log, save it to your desktop and post in your next reply

Link to comment
Share on other sites

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software

Run date: 2011-05-14 02:00:34

-----------------------------

02:00:34.093 OS Version: Windows 5.1.2600 Service Pack 3

02:00:34.093 Number of processors: 2 586 0x4B02

02:00:34.093 ComputerName: CENGII UserName: Cengi

02:00:34.640 Initialize success

02:01:02.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\SiSRaid21Port2Path0Target1Lun0

02:01:02.125 Disk 0 Vendor: ExcelSto 1.00 Size: 238475MB BusType: 1

02:01:02.140 Disk 0 MBR read successfully

02:01:02.140 Disk 0 MBR scan

02:01:02.140 Disk 0 unknown MBR code

02:01:02.140 Disk 0 scanning sectors +488376000

02:01:02.187 Disk 0 scanning C:\WINDOWS\system32\drivers

02:01:06.718 Service scanning

02:01:07.593 Disk 0 trace - called modules:

02:01:07.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS SiSRaid2.sys

02:01:07.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4fb910]

02:01:07.609 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8a4fd920]

02:01:07.609 5 ACPI.sys[b9f7e620] -> nt!IofCallDriver -> \Device\Scsi\SiSRaid21Port2Path0Target1Lun0[0x8a4fca38]

02:01:07.609 Scan finished successfully

02:01:27.984 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Cengi\Bureaublad\MBR.dat"

02:01:27.984 The log file has been saved successfully to "C:\Documents and Settings\Cengi\Bureaublad\aswMBR.txt"

 

Scan was complete in just 2 seconds?

Link to comment
Share on other sites

Please download 7-Zip and install it. If you already have it, no need to reinstall.

 

Then, download RootkitUnhooker and save the setup to your Desktop.

 

  • Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"
  • Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.
  • Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)
  • It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.
  • Once inside the interface, do not fix anything. Click on the Report tab.
  • Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.
  • It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.
  • When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.

Note: You may get this warning while running Rootkit Unhooker. It is OK so just ignore it:

 

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to comment
Share on other sites

Since you didn't mentioned something about disabling the realtime protection of my AV I kept it on, but while it was scanning avast popped up. See attachment. I clicked okay and continued the scanning.

 

So I don't know if I should scan it again but now the realtime being disabled. And also the log was VERY huge and if I post it it will be devided in surely 7-10 posts. Also the log was ended with this '!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)'

Link to comment
Share on other sites

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory..

Link to comment
Share on other sites

Nothing found

 

2011/05/15 20:20:08.0687 3236 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29

2011/05/15 20:20:10.0687 3236 ================================================================================

2011/05/15 20:20:10.0687 3236 SystemInfo:

2011/05/15 20:20:10.0687 3236

2011/05/15 20:20:10.0687 3236 OS Version: 5.1.2600 ServicePack: 3.0

2011/05/15 20:20:10.0687 3236 Product type: Workstation

2011/05/15 20:20:10.0687 3236 ComputerName: CENGII

2011/05/15 20:20:10.0687 3236 UserName: Cengi

2011/05/15 20:20:10.0687 3236 Windows directory: C:\WINDOWS

2011/05/15 20:20:10.0687 3236 System windows directory: C:\WINDOWS

2011/05/15 20:20:10.0687 3236 Processor architecture: Intel x86

2011/05/15 20:20:10.0687 3236 Number of processors: 2

2011/05/15 20:20:10.0687 3236 Page size: 0x1000

2011/05/15 20:20:10.0687 3236 Boot type: Normal boot

2011/05/15 20:20:10.0687 3236 ================================================================================

2011/05/15 20:20:11.0156 3236 Initialize success

2011/05/15 20:20:30.0343 2164 ================================================================================

2011/05/15 20:20:30.0343 2164 Scan started

2011/05/15 20:20:30.0343 2164 Mode: Manual;

2011/05/15 20:20:30.0343 2164 ================================================================================

2011/05/15 20:20:30.0609 2164 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys

2011/05/15 20:20:30.0687 2164 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/05/15 20:20:30.0750 2164 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/05/15 20:20:30.0828 2164 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/05/15 20:20:30.0968 2164 AFD (38d7b715504da4741df35e3594fe2099) C:\WINDOWS\System32\drivers\afd.sys

2011/05/15 20:20:31.0203 2164 ALCXWDM (dd8520280304b6145a6be31008748c7c) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2011/05/15 20:20:31.0484 2164 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys

2011/05/15 20:20:31.0531 2164 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys

2011/05/15 20:20:31.0687 2164 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011/05/15 20:20:31.0750 2164 aswFW (7c561e8e168bcf8d834b7d4a6a40dcbf) C:\WINDOWS\system32\drivers\aswFW.sys

2011/05/15 20:20:31.0843 2164 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys

2011/05/15 20:20:31.0859 2164 aswNdis (7b948e3657bea62e437bc46ca6ef6012) C:\WINDOWS\system32\DRIVERS\aswNdis.sys

2011/05/15 20:20:31.0906 2164 aswNdis2 (5cb9cc0220a9522b449b56e2260d9020) C:\WINDOWS\system32\drivers\aswNdis2.sys

2011/05/15 20:20:31.0937 2164 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys

2011/05/15 20:20:32.0000 2164 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys

2011/05/15 20:20:32.0015 2164 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys

2011/05/15 20:20:32.0046 2164 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys

2011/05/15 20:20:32.0093 2164 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/05/15 20:20:32.0171 2164 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/05/15 20:20:32.0312 2164 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/05/15 20:20:32.0531 2164 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/05/15 20:20:32.0593 2164 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/05/15 20:20:32.0703 2164 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/05/15 20:20:32.0921 2164 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/05/15 20:20:33.0015 2164 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/05/15 20:20:33.0078 2164 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/05/15 20:20:33.0093 2164 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/05/15 20:20:33.0171 2164 cmdGuard (cc56fa45ba18904cb04382ae9f52b1a5) C:\WINDOWS\system32\DRIVERS\cmdguard.sys

2011/05/15 20:20:33.0203 2164 cmdHlp (3a70948ab6e966bdaef2baec1f8ef9d1) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys

2011/05/15 20:20:33.0312 2164 cmuda (53f4cc55f3c255439c5973e31f0adce7) C:\WINDOWS\system32\drivers\cmuda.sys

2011/05/15 20:20:33.0500 2164 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/05/15 20:20:33.0593 2164 dmboot (dec123e0c75971d0cc7a6c6a75e28429) C:\WINDOWS\system32\drivers\dmboot.sys

2011/05/15 20:20:33.0640 2164 dmio (7268e66259722f6228c730685b201092) C:\WINDOWS\system32\drivers\dmio.sys

2011/05/15 20:20:33.0703 2164 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/05/15 20:20:33.0781 2164 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/05/15 20:20:33.0812 2164 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/05/15 20:20:33.0890 2164 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/05/15 20:20:33.0921 2164 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/05/15 20:20:34.0109 2164 FileMonitor (105df2089fea245e8f80984ae91158dc) C:\Program Files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys

2011/05/15 20:20:34.0265 2164 Fips (8bfffb5ac954e19dfdb96d56512aa518) C:\WINDOWS\system32\drivers\Fips.sys

2011/05/15 20:20:34.0296 2164 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/05/15 20:20:34.0359 2164 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/05/15 20:20:34.0437 2164 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/05/15 20:20:34.0484 2164 Ftdisk (fa8ca22e70245c81ff29c36af56292fc) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/05/15 20:20:34.0640 2164 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/05/15 20:20:34.0703 2164 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/05/15 20:20:34.0765 2164 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/05/15 20:20:34.0859 2164 i8042prt (c43372d0682f8e32e4ec21117e089ec0) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/05/15 20:20:34.0890 2164 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/05/15 20:20:35.0062 2164 Inspect (890b8c4a85517820abe539d6629fc1da) C:\WINDOWS\system32\DRIVERS\inspect.sys

2011/05/15 20:20:35.0250 2164 IObitUnlocker (72fbf98f0347b63c8d86d087b02c2992) C:\Program Files\IObit\IObit Unlocker\IObitUnlocker.sys

2011/05/15 20:20:35.0390 2164 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/05/15 20:20:35.0421 2164 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/05/15 20:20:35.0437 2164 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/05/15 20:20:35.0484 2164 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/05/15 20:20:35.0531 2164 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/05/15 20:20:35.0562 2164 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/05/15 20:20:35.0609 2164 isapnp (0b78e1a31340e1fb1e389d5633f7c3a0) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/05/15 20:20:35.0671 2164 Kbdclass (380397621e94b32c744e7b2cc1330390) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/05/15 20:20:35.0750 2164 kbdhid (b833b70fe639f01fb36cedabe57ef031) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/05/15 20:20:35.0781 2164 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/05/15 20:20:35.0843 2164 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/05/15 20:20:35.0937 2164 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/05/15 20:20:36.0000 2164 Modem (8114eeac353f549331ab73e9af4219ed) C:\WINDOWS\system32\drivers\Modem.sys

2011/05/15 20:20:36.0093 2164 Mouclass (1a4e2214dd63e4a876463d3427ee8261) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/05/15 20:20:36.0156 2164 mouhid (18017899254e01371e1a39754d6bf98c) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/05/15 20:20:36.0203 2164 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/05/15 20:20:36.0281 2164 MRxDAV (0a25b866933d126d1e831fd025a278c2) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/05/15 20:20:36.0390 2164 MRxSmb (fb7dfd15d760ad339837a470f0e780d3) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/05/15 20:20:36.0437 2164 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/05/15 20:20:36.0484 2164 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/05/15 20:20:36.0515 2164 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/05/15 20:20:36.0531 2164 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/05/15 20:20:36.0578 2164 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/05/15 20:20:36.0640 2164 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys

2011/05/15 20:20:36.0671 2164 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/05/15 20:20:36.0687 2164 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/05/15 20:20:36.0750 2164 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/05/15 20:20:36.0765 2164 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/05/15 20:20:36.0828 2164 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/05/15 20:20:36.0875 2164 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/05/15 20:20:36.0953 2164 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/05/15 20:20:37.0000 2164 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/05/15 20:20:37.0031 2164 Ntfs (a0857c97770034fd2af17dc4014b5abd) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/05/15 20:20:37.0109 2164 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/05/15 20:20:37.0234 2164 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/05/15 20:20:37.0250 2164 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/05/15 20:20:37.0312 2164 Parport (e3934ccc20a4d24f1924e13d36d2a5bd) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/05/15 20:20:37.0328 2164 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/05/15 20:20:37.0359 2164 ParVdm (1eade28746a64c21e0a808bb12a63326) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/05/15 20:20:37.0375 2164 PCI (3b166f9f753c21aedaa9a6bd76b49655) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/05/15 20:20:37.0421 2164 PCIIde (b31edeba4da28283f6b8dc4756fb9585) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/05/15 20:20:37.0468 2164 Pcmcia (2137ffd65f8e609a3a5acd487c56cce0) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/05/15 20:20:37.0750 2164 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/05/15 20:20:37.0765 2164 Processor (82a17eca34d801590a67c0a2244965ed) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/05/15 20:20:37.0781 2164 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/05/15 20:20:37.0828 2164 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/05/15 20:20:37.0953 2164 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/05/15 20:20:38.0062 2164 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/05/15 20:20:38.0078 2164 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/05/15 20:20:38.0093 2164 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/05/15 20:20:38.0140 2164 Rdbss (9629383f70db691cb6aa5bbd828cd9a9) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/05/15 20:20:38.0156 2164 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/05/15 20:20:38.0234 2164 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/05/15 20:20:38.0296 2164 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/05/15 20:20:38.0359 2164 redbook (4173bc66e485fd77a03c4819f60bd0da) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/05/15 20:20:38.0515 2164 RegFilter (3bc05ec17f0a2bf4f141cb3d3390515e) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\regfilter.sys

2011/05/15 20:20:38.0656 2164 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys

2011/05/15 20:20:38.0718 2164 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2011/05/15 20:20:38.0812 2164 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/05/15 20:20:38.0843 2164 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS

2011/05/15 20:20:39.0015 2164 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/05/15 20:20:39.0093 2164 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/05/15 20:20:39.0109 2164 Serial (92c21762653bb2ce51147eb8a9aa654f) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/05/15 20:20:39.0156 2164 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/05/15 20:20:39.0234 2164 SiSRaid2 (5ddfc6750d2d65a3d43aa7021c4efc28) C:\WINDOWS\system32\DRIVERS\SiSRaid2.sys

2011/05/15 20:20:39.0312 2164 SmartDefragDriver (972dea0d8149d73c5b7a2c97b2e749e3) C:\WINDOWS\system32\Drivers\SmartDefragDriver.sys

2011/05/15 20:20:39.0390 2164 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/05/15 20:20:39.0453 2164 sr (64d2a7640e0767ecd3bcb38d3200e7ce) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/05/15 20:20:39.0531 2164 Srv (9b390283569ea58d43d2586032b892f5) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/05/15 20:20:39.0671 2164 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/05/15 20:20:39.0734 2164 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/05/15 20:20:39.0859 2164 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/05/15 20:20:40.0125 2164 Tcpip (367de8e5f638c091f49273144274f629) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/05/15 20:20:40.0187 2164 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/05/15 20:20:40.0203 2164 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/05/15 20:20:40.0250 2164 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/05/15 20:20:40.0312 2164 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/05/15 20:20:40.0375 2164 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/05/15 20:20:40.0562 2164 UrlFilter (6a65cd6761337d339001959232233f0d) C:\Program Files\IObit\IObit Malware Fighter\drivers\wxp_x86\UrlFilter.sys

2011/05/15 20:20:40.0703 2164 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/05/15 20:20:40.0734 2164 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/05/15 20:20:40.0750 2164 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/05/15 20:20:40.0765 2164 usbohci (c5e11cd822adf0019a5a862d9c4e2222) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/05/15 20:20:40.0812 2164 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/05/15 20:20:40.0843 2164 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/05/15 20:20:40.0968 2164 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/05/15 20:20:41.0031 2164 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/05/15 20:20:41.0109 2164 VIAudio (fece79a9aef62ad5f11a3f4a14f1dead) C:\WINDOWS\system32\drivers\vinyl97.sys

2011/05/15 20:20:41.0156 2164 VolSnap (8ab662b3c4691e6ddf61c96bb5b7d103) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/15 20:20:41.0218 2164 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/05/15 20:20:41.0375 2164 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/05/15 20:20:41.0484 2164 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/05/15 20:20:41.0531 2164 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/05/15 20:20:41.0546 2164 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/05/15 20:20:41.0703 2164 ================================================================================

2011/05/15 20:20:41.0703 2164 Scan finished

2011/05/15 20:20:41.0703 2164 ================================================================================

 

So no need to rescan with rootkitunhooker? It mentioned about an possible rootkit activity.

Link to comment
Share on other sites

RKU log

 

I tried to copy and post a small fraction of the log but still it was to big. See attachment. How do you want me to post it? I also saved it as a .txt file but stil it to big 'RKU.txt:

Your file of 569.7 KB bytes exceeds the forum's limit of 50.0 KB for this filetype.'

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...