TechSpot

[Closed- Piracy] Internet Reconnect/Disconnect Virus Issue

By mycomputerssick
Dec 15, 2010
  1. Hi, Ive been having virus issues with my computer over the last 8 months or so and finally decided to get some online help after i tried so many things on my own with no luck, to the point where i just flat out bought another computer,but have decided to give it a try again. I'll leave it to the pros from here on out.

    Im running superantispyware and malwarebytes as we speak and its not bringing up anymore viruses. It takes literally 30 minutes for my desktop screen to load after i restart, and i get all types of error message during the process. I reinstalled my drivers and was finally able to get on the internet after doing so, but its staying connected for 30 seconds and then disconnecting.

    I am running Windows XP on a Dell E1505 laptop. I am sure its a virus because this isnt the only issue im having, its just the first that i would like to get fixed. Ill be back in the morning to check and see if ive receive any responses.

    Thanks
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! A reconnect/disconnect isn't a typical malware-caused problem. But if you
    would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    About this:
    Please describe these issues.

    Additionally, a call to you ISP and having them check your settings is also suggested.
     
  3. mycomputerssick

    mycomputerssick TS Rookie Topic Starter

    This is my malwarebytes log

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5317

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.2180

    12/15/2010 9:22:45 AM
    mbam-log-2010-12-15 (09-22-45).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 331665
    Time elapsed: 2 hour(s), 45 minute(s), 17 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 8

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\rp880\a0340672.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{69247c71-ad4b-4f02-979d-fa6c95bdeea8}\rp1029\a0390592.exe (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{69247c71-ad4b-4f02-979d-fa6c95bdeea8}\rp1029\a0390593.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{69247c71-ad4b-4f02-979d-fa6c95bdeea8}\rp1029\a0390594.exe (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{69247c71-ad4b-4f02-979d-fa6c95bdeea8}\rp1029\a0390595.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{69247c71-ad4b-4f02-979d-fa6c95bdeea8}\rp1029\a0390596.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{69247c71-ad4b-4f02-979d-fa6c95bdeea8}\RP1029\A0390599.exe (Trojan.Swisyn) -> Quarantined and deleted successfully.
    c:\system volume information\_restore{69247c71-ad4b-4f02-979d-fa6c95bdeea8}\RP1030\A0390603.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
     
  4. mycomputerssick

    mycomputerssick TS Rookie Topic Starter

    This is my malwarebytes log from 2 days ago

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5214

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.2180

    12/13/2010 3:26:56 PM
    mbam-log-2010-12-13 (15-26-56).txt

    Scan type: Quick scan
    Objects scanned: 208685
    Time elapsed: 13 minute(s), 5 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 1
    Files Infected: 60

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe logon.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.

    Folders Infected:
    c:\WINDOWS\system32\xmldm (Stolen.Data) -> Quarantined and deleted successfully.

    Files Infected:
    c:\documents and settings\aaron carpenter\Desktop\KEYGEN.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
    c:\documents and settings\aaron carpenter.aaroncarpenter\local settings\Temp\Rar$EX02.250\MAM v 1.50\Keygen\patrick.exe (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    c:\documents and settings\aaron carpenter.aaroncarpenter\local settings\Temp\Rar$EX03.078\MAM v 1.50\Keygen\patrick.exe (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
    c:\documents and settings\localservice\local settings\temporary internet files\Content.IE5\MPBWBRR2\packupdate_build107_302[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@2o7[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@adbrite[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@admonkey.dapper[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@apmebf[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@atdmt[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@casalemedia[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@cdn4.specificclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@content.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@content.yieldmanager[3].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@doubleclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@ehg-players.hitbox[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@ehg-wss.hitbox[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@googleads.g.doubleclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@highbeam.122.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@hitbox[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@homestore.122.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@nbcuniversal.122.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@revsci[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@server.iad.liveperson[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@specificclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@statse.webtrendslive[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@tribalfusion[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@waterfrontmedia.112.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@www.adbrite[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\****\aaron_carpenter@zedo[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\warnings.html (Malware.Trace) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125733_aaron_carpenter@ehg-players.hitbox[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125734_aaron_carpenter@2o7[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125734_aaron_carpenter@doubleclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125734_aaron_carpenter@ehg-wss.hitbox[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125734_aaron_carpenter@googleads.g.doubleclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125734_aaron_carpenter@highbeam.122.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125734_aaron_carpenter@hitbox[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125734_aaron_carpenter@homestore.122.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125734_aaron_carpenter@nbcuniversal.122.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125734_aaron_carpenter@waterfrontmedia.112.2o7[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125735_aaron_carpenter@adbrite[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125735_aaron_carpenter@admonkey.dapper[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125735_aaron_carpenter@apmebf[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125735_aaron_carpenter@atdmt[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125735_aaron_carpenter@revsci[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125735_aaron_carpenter@server.iad.liveperson[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125735_aaron_carpenter@statse.webtrendslive[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125735_aaron_carpenter@tribalfusion[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125735_aaron_carpenter@www.adbrite[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125736_aaron_carpenter@ad.yieldmanager[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125736_aaron_carpenter@advertising[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125736_aaron_carpenter@casalemedia[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125736_aaron_carpenter@cdn4.specificclick[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125736_aaron_carpenter@content.yieldmanager[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125736_aaron_carpenter@content.yieldmanager[3].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125736_aaron_carpenter@specificclick[1].txt (Stolen.Data) -> Quarantined and deleted successfully.
    c:\WINDOWS\system32\xmldm\netbanke_2010.05.16.125736_aaron_carpenter@zedo[2].txt (Stolen.Data) -> Quarantined and deleted successfully.
     
  5. mycomputerssick

    mycomputerssick TS Rookie Topic Starter

    ill be back to post the rest later today
     
  6. mycomputerssick

    mycomputerssick TS Rookie Topic Starter

    Some of the issues im having

    Okay so these are the issues ive been experiencing over the last 8 months or so:

    * Once i shut down and restart my computer, it takes 20-30 minutes to load. Once it loads, everything loads all at once. If i try and open anything up on my own before its ready, it'll complete freeze until its ready to load everything else up.

    * Not recognizing my ac adapter-it works but i get that as soon as i start before the windows xp screen with the flag loads.

    * Various error codes and errors when i try to open certain programs.
    -SQL Server could not find the name instance (SONY_Mediamgr)-please specify the name of an existing instance on the invocation of sqlservr.exe
    -Please set registry key HKLM\Sofware\Microsoft\.NETFramework\InstallRoot to point to the .NET Framework install location

    *Internet Trouble- It never shows any signals in range and i have wireless all around this place. I installed new drivers on my desktop and transferred via usb to my laptop just recently thinking it would fix the issue,which it kinda did, now the issue is the internet connect/disconnect issue.

    *Firewall Issues-It keeps bringing up a balloon saying that my firewall is turned off when i didnt turn it off.

    *Roxsniffer9 Module-"Encountered a problem and needed to close----------Have no idea what that is!

    *Malwarebytes Issue-I had malwarebytes before you asked me to d/l it and its saying occasionally in a pop up ballon that it has blocked acces to a certain site (93.120.0.0.0.)just an example..not sure if that is a virus or if that is a benefit of the app.

    *When i try to open certain programs,it says that they arent valid Win 32 applications

    I have made the mistake of doing a reformat and having my computer die in the middle of it, i had windows home and i was using a windows pro xp cd. I also think i may have tried to put it on the wrong drive and did even more damage. I had no idea what i was doing and am just now thinking of getting help. I took bits and pieces from various websites (majorgeeks,techspot,techsupport) but realize now that every computer is different as is every situation.

    Im lost and am willing to take it step by step with you!
     
  7. mycomputerssick

    mycomputerssick TS Rookie Topic Starter

    gmer log

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-15 18:35:03
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 FUJITSU_MHV2060BH rev.0085002A
    Running: gmer.exe; Driver: C:\DOCUME~1\AARONC~1.AA~\LOCALS~1\Temp\uxrdqaod.sys

    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA5AF9CAE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA5B169A5]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA5AFBB34]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA5AFBB8C]
    SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwCreateFile [0xA5A2736A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA5AFBCA2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA5B16359]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA5AFBA8A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA5AFBBDC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA5AFBADE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA5AFBC50]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA5AF9CD2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA5B1706B]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA5B17321]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA5AFC3D4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA5B16ED6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA5B16D41]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA5AF9ADA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA5AF9CF6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA5AFC548]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA5AFA7F8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA5AFBB64]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA5AFBBB4]
    SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwOpenFile [0xA5A27CD8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA5AFBCCC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA5B166B5]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA5AFBAB6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA5AFC20C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA5AFBC1C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA5AFBB0C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA5AFC2F0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA5AFBC7A]
    SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwQueryDirectoryFile [0xA5A27842]
    SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwQueryInformationProcess [0xA5A241E0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA5B16BBC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA5AFA6BE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA5B16A0E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA5B4A22E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePort [0xA5AFC57E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwReplyWaitReceivePortEx [0xA5AFC142]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA5B159CC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA5AF9D1A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA5AF9D3E]
    SSDT \??\C:\WINDOWS\system32\windrvNT.sys ZwSetInformationFile [0xA5A28142]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA5AF9B34]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA5B17172]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA5AF9C44]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA5AF9C56]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA5B56BAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 23F8 80501C30 16 Bytes [34, BB, AF, A5, 8C, BB, AF, ...]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2534 80501D6C 16 Bytes [64, BB, AF, A5, B4, BB, AF, ...]
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CEE 5 Bytes JMP A5B525D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805B8B66 5 Bytes JMP A5B53FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73F8 7 Bytes JMP A5B56BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    ? cuowhtf.sys The system cannot find the file specified. !
    .rsrc C:\WINDOWS\system32\DRIVERS\ipsec.sys entry point in ".rsrc" section [0xA8A4F614]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\Explorer.EXE[740] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
    .text C:\WINDOWS\Explorer.EXE[740] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A
    .text C:\WINDOWS\Explorer.EXE[740] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
    .text C:\WINDOWS\System32\svchost.exe[956] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0090000A
    .text C:\WINDOWS\System32\svchost.exe[956] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes JMP 0091000A
    .text C:\WINDOWS\System32\svchost.exe[956] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 1 Byte [84]
    .text C:\WINDOWS\System32\svchost.exe[956] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 008F000C
    .text C:\WINDOWS\System32\svchost.exe[956] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0219000A
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1828] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\WINDOWS\system32\CSHelper.exe[1948] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
    .text C:\WINDOWS\system32\CSHelper.exe[1948] USER32.dll!GetDC 7E4186C7 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\CSHelper.exe[1948] USER32.dll!GetDC + 4 7E4186CB 2 Bytes [1A, 5F]
    .text C:\WINDOWS\system32\CSHelper.exe[1948] USER32.dll!GetWindowDC 7E419021 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\CSHelper.exe[1948] USER32.dll!GetWindowDC + 4 7E419025 2 Bytes [1D, 5F]
    .text C:\WINDOWS\system32\CSHelper.exe[1948] USER32.dll!PrintWindow 7E423810 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\CSHelper.exe[1948] USER32.dll!PrintWindow + 4 7E423814 2 Bytes [23, 5F]
    .text C:\WINDOWS\system32\CSHelper.exe[1948] USER32.dll!EnumDisplayDevicesA 7E428A74 6 Bytes JMP 5F0A0F5A
    .text C:\WINDOWS\system32\CSHelper.exe[1948] USER32.dll!GetDCEx 7E42C595 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\CSHelper.exe[1948] USER32.dll!GetDCEx + 4 7E42C599 2 Bytes [20, 5F]
    .text C:\WINDOWS\system32\CSHelper.exe[1948] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 5F040F5A
    .text C:\WINDOWS\system32\CSHelper.exe[1948] GDI32.dll!MaskBlt 77F1A0C1 6 Bytes JMP 5F100F5A
    .text C:\WINDOWS\system32\CSHelper.exe[1948] GDI32.dll!StretchBlt 77F1B6D0 6 Bytes JMP 5F0D0F5A
    .text C:\WINDOWS\system32\CSHelper.exe[1948] GDI32.dll!CreateDCA 77F1B7D2 6 Bytes JMP 5F130F5A
    .text C:\WINDOWS\system32\CSHelper.exe[1948] GDI32.dll!CreateDCW 77F1BE38 6 Bytes JMP 5F160F5A
    .text C:\WINDOWS\system32\CSHelper.exe[1948] GDI32.dll!PlgBlt 77F453B3 6 Bytes JMP 5F250F5A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2692] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 011C000A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2692] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 011D000A
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2692] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 011B000C
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2692] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[500] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003A0002
    IAT C:\WINDOWS\system32\services.exe[500] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003A0000
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [00677F18] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00678239] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [00677B23] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] [006782BC] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileMappingW] [0067805A] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [006778D4] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!OpenFile] [00678742] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileSize] [00677FE6] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!_lclose] [00678876] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SearchPathW] [006779FA] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetFilePointer] [00677FA2] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [00678282] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [006781A0] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] [006785AD] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [00677F3F] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!UnmapViewOfFile] [00678492] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [00677B71] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileMappingA] [0067801E] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!MapViewOfFile] [00678453] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00678096] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00678384] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetFileAttributesW] [00677E4A] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FindClose] [006786EE] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [00677B71] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00678096] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!UnmapViewOfFile] [00678492] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [006781A0] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00678384] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CloseHandle] [00677F18] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] [006785AD] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [006778D4] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] [006782BC] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [006778D4] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00678096] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] [006782BC] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [00677B71] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CloseHandle] [00677F18] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [006781A0] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00678384] C:\Program Files\WinRAR\WinRAR.exe
    IAT C:\Program Files\WinRAR\WinRAR.exe[1648] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] [006785AD]
     
  8. mycomputerssick

    mycomputerssick TS Rookie Topic Starter

    DDS Log

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Aaron Carpenter at 18:42:01.46 on Wed 12/15/2010
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1408 [GMT -6:00]

    AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CSHelper.exe
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\SUPERAntiSpyware\5e53eaae-03fe-4c6c-a3f1-fb5bf7597e52.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\DOCUME~1\AARONC~1.AA~\LOCALS~1\Temp\Rar$EX02.625\gmer.exe
    C:\Documents and Settings\Aaron Carpenter.AARONCARPENTER\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\5e53eaae-03fe-4c6c-a3f1-fb5bf7597e52.exe
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wireless-g notebook adapter\Gcc.exe
    dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
    IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

    ============= SERVICES / DRIVERS ===============

    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2009-8-24 26120]
    R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2009-8-24 20616]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-12-13 340048]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-13 165584]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-3-23 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 67656]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-13 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-13 40384]
    R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2008-4-13 192512]
    R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2009-9-29 16400]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-4-24 363344]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-13 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-13 40384]
    R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2009-8-24 122504]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-4-24 20952]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 12872]
    S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
    S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2009-9-29 97808]
    S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2009-8-24 14216]
    S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2009-9-29 21648]
    S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2009-9-29 21904]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-1-8 27064]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-12-7 11520]
    S3 Wotydisop;Wotydisop; [x]

    =============== Created Last 30 ================

    2010-12-13 22:00:46 -------- d-----w- c:\docume~1\aaronc~1.aa~\locals~1\applic~1\PCHealth
    2010-12-13 20:29:14 -------- d-----w- c:\docume~1\aaronc~1.aa~\applic~1\Malwarebytes
    2010-12-13 12:32:21 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2010-12-13 12:28:56 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-13 12:28:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-12-13 12:01:19 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2010-12-13 12:01:15 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2010-12-13 12:01:14 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2010-12-13 12:01:10 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2010-12-13 12:01:05 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2010-12-13 12:01:00 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
    2010-12-13 11:59:58 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys
    2010-12-13 11:58:59 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
    2010-12-13 11:57:58 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
    2010-12-13 11:56:56 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
    2010-12-13 11:55:58 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
    2010-12-13 11:54:56 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys
    2010-12-13 11:53:59 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
    2010-12-13 11:52:58 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
    2010-12-13 11:51:57 82432 ----a-w- c:\windows\system32\dllcache\rwia450.dll
    2010-12-13 11:50:58 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys
    2010-12-13 11:49:59 259328 ----a-w- c:\windows\system32\dllcache\perm3dd.dll
    2010-12-13 11:48:59 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys
    2010-12-13 11:47:59 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
    2010-12-13 11:46:59 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
    2010-12-13 11:45:58 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
    2010-12-13 11:44:59 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll
    2010-12-13 11:43:57 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
    2010-12-13 11:42:58 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll
    2010-12-13 11:41:56 907456 ----a-w- c:\windows\system32\dllcache\hcf_msft.sys
    2010-12-13 11:40:58 16074 ----a-w- c:\windows\system32\dllcache\fa312nd5.sys
    2010-12-13 11:39:59 171520 ----a-w- c:\windows\system32\dllcache\el99xn51.sys
    2010-12-13 11:38:59 131156 ----a-w- c:\windows\system32\dllcache\digidbp.dll
    2010-12-13 11:37:58 272640 ----a-w- c:\windows\system32\dllcache\cinemclc.sys
    2010-12-13 11:36:59 36128 ----a-w- c:\windows\system32\dllcache\banshee.sys
    2010-12-13 11:35:54 16384 ----a-w- c:\windows\system32\dllcache\tcptsat.dll
    2010-12-13 10:34:41 416 ----a-w- c:\windows\system32\vcredist_x86.bat
    2010-12-13 10:34:41 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
    2010-12-13 10:34:37 2183168 ----a-w- c:\windows\system32\WLTRAY.EXE

    ==================== Find3M ====================


    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: FUJITSU_MHV2060BH rev.0085002A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x83FECCEC]<<
    _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x83728846; SUB DWORD [EBP-0x4], 0x8372812e; PUSH EDI; CALL 0xffffffffffffe10c; }
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskFUJITSU_MHV2060BH_______________________0085002A#5&19c84639&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x83FECAEA
    user & kernel MBR OK
    sectors 114270343 (+255): user != kernel
    Warning: possible TDL3 rootkit infection !

    ============= FINISH: 18:44:24.10 ===============

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Aaron Carpenter at 18:42:01.46 on Wed 12/15/2010
    Internet Explorer: 6.0.2900.2180
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1408 [GMT -6:00]

    AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CSHelper.exe
    C:\Program Files\Digidesign\Drivers\MMERefresh.exe
    C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\SUPERAntiSpyware\5e53eaae-03fe-4c6c-a3f1-fb5bf7597e52.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
    C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\DOCUME~1\AARONC~1.AA~\LOCALS~1\Temp\Rar$EX02.625\gmer.exe
    C:\Documents and Settings\Aaron Carpenter.AARONCARPENTER\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\5e53eaae-03fe-4c6c-a3f1-fb5bf7597e52.exe
    mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wdsmar~1.lnk - c:\program files\western digital\wd smartware\front parlor\WDSmartWare.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wireless-g notebook adapter\Gcc.exe
    dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
    dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
    IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

    ============= SERVICES / DRIVERS ===============

    R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2009-8-24 26120]
    R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2009-8-24 20616]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2010-12-13 340048]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-13 165584]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-3-23 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 67656]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-13 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-13 40384]
    R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2008-4-13 192512]
    R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2009-9-29 16400]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-4-24 363344]
    R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-13 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-13 40384]
    R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [2009-8-24 122504]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-4-24 20952]
    R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 12872]
    S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
    S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [2009-9-29 97808]
    S3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2009-8-24 14216]
    S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [2009-9-29 21648]
    S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [2009-9-29 21904]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-1-8 27064]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-12-7 11520]
    S3 Wotydisop;Wotydisop; [x]

    =============== Created Last 30 ================

    2010-12-13 22:00:46 -------- d-----w- c:\docume~1\aaronc~1.aa~\locals~1\applic~1\PCHealth
    2010-12-13 20:29:14 -------- d-----w- c:\docume~1\aaronc~1.aa~\applic~1\Malwarebytes
    2010-12-13 12:32:21 340048 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2010-12-13 12:28:56 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-13 12:28:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-12-13 12:01:19 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2010-12-13 12:01:15 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2010-12-13 12:01:14 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2010-12-13 12:01:10 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2010-12-13 12:01:05 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2010-12-13 12:01:00 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
    2010-12-13 11:59:58 35871 ----a-w- c:\windows\system32\dllcache\wbfirdma.sys
    2010-12-13 11:58:59 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
    2010-12-13 11:57:58 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
    2010-12-13 11:56:56 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
    2010-12-13 11:55:58 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
    2010-12-13 11:54:56 58368 ----a-w- c:\windows\system32\dllcache\smiminib.sys
    2010-12-13 11:53:59 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
    2010-12-13 11:52:58 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
    2010-12-13 11:51:57 82432 ----a-w- c:\windows\system32\dllcache\rwia450.dll
    2010-12-13 11:50:58 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys
    2010-12-13 11:49:59 259328 ----a-w- c:\windows\system32\dllcache\perm3dd.dll
    2010-12-13 11:48:59 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys
    2010-12-13 11:47:59 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
    2010-12-13 11:46:59 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
    2010-12-13 11:45:58 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
    2010-12-13 11:44:59 48640 ----a-w- c:\windows\system32\dllcache\kdsui.dll
    2010-12-13 11:43:57 154496 ----a-w- c:\windows\system32\dllcache\icam4usb.sys
    2010-12-13 11:42:58 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll
    2010-12-13 11:41:56 907456 ----a-w- c:\windows\system32\dllcache\hcf_msft.sys
    2010-12-13 11:40:58 16074 ----a-w- c:\windows\system32\dllcache\fa312nd5.sys
    2010-12-13 11:39:59 171520 ----a-w- c:\windows\system32\dllcache\el99xn51.sys
    2010-12-13 11:38:59 131156 ----a-w- c:\windows\system32\dllcache\digidbp.dll
    2010-12-13 11:37:58 272640 ----a-w- c:\windows\system32\dllcache\cinemclc.sys
    2010-12-13 11:36:59 36128 ----a-w- c:\windows\system32\dllcache\banshee.sys
    2010-12-13 11:35:54 16384 ----a-w- c:\windows\system32\dllcache\tcptsat.dll
    2010-12-13 10:34:41 416 ----a-w- c:\windows\system32\vcredist_x86.bat
    2010-12-13 10:34:41 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe
    2010-12-13 10:34:37 2183168 ----a-w- c:\windows\system32\WLTRAY.EXE

    ==================== Find3M ====================


    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600 Disk: FUJITSU_MHV2060BH rev.0085002A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x83FECCEC]<<
    _asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x50; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x83728846; SUB DWORD [EBP-0x4], 0x8372812e; PUSH EDI; CALL 0xffffffffffffe10c; }
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskFUJITSU_MHV2060BH_______________________0085002A#5&19c84639&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    \Driver\atapi DriverStartIo -> 0x83FECAEA
    user & kernel MBR OK
    sectors 114270343 (+255): user != kernel
    Warning: possible TDL3 rootkit infection !

    ============= FINISH: 18:44:24.10 ===============
     
  9. mycomputerssick

    mycomputerssick TS Rookie Topic Starter

    That concludes the logs you asked for. Thanks in advance for the help.
     
  10. mycomputerssick

    mycomputerssick TS Rookie Topic Starter

    no help yet?
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm not sure what you did but the Mbam log from 12/13 shows a long list of Tracking Cookie in the System 32 folder. Tracking cookies , or any cookies , are not removed with Malwarebytes scans They were of xmldm\netbanke origin. This is Win32/Spy.Banker.UEP- a trojan that steals passwords and other sensitive information. The trojan can send the information to a remote machine. The trojan contains a backdoor. It can be controlled remotely

    The Mbam log from 12/15/2010 9:22:45 AM only shows entries in System Volume Those are System Restore points and not active in the system. We have you remove old restore points at the end of cleaning and state in our directions not to do a system restore while cleaning.

    Your passwords have been stolen and there is a Backdoor on the system. You need to change those passwords- don't set new ones until you're working from a clean computer. Monitor any online financial transactions.

    There is also a rootkit infection on the system plus entries indicating pirated programs..

    I'd like to see the results from these 2 scans:

    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click [b/]Save List To File.[/b]
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
      in your next reply.
    =================================
    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ====================================
    My best guess is that you are going to end up having to reformat/reinstall> carefully!
     
  12. mycomputerssick

    mycomputerssick TS Rookie Topic Starter

    ckscanner

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\documents and settings\aaron carpenter\my documents\downloads\ik.multimedia.sampletron.vsti.rtas.v1.0.incl.keygen-air.part2.rar
    c:\documents and settings\aaron carpenter\my documents\downloads\ik_multimedia_sampletron_vsti_rtas_v1_0_incl_keygen_air.torrent
    c:\documents and settings\aaron carpenter\my documents\downloads\keygen.rar
    c:\documents and settings\aaron carpenter\my documents\downloads\propellerhead recycle 2.1\patch & keygen.exe
    c:\documents and settings\aaron carpenter\my documents\extracted files\fl studio 6.0.8 + crack.aka fruity loops+all plugins unlocked!(xxl edition)(2).zip
    c:\documents and settings\all users\start menu\programs\waves\documents\xcrackle.lnk
    c:\program files\common files\digidesign\dae\plug-in settings\eq 3.0\snare\emphasize crack 2.tfx
    c:\program files\common files\digidesign\dae\plug-in settings\eq 3.0\snare\emphasize crack.tfx
    c:\program files\common files\digidesign\dae\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack 2.tfx
    c:\program files\common files\digidesign\dae\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack.tfx
    c:\program files\common files\digidesign\dae\plug-in settings\funk logic mastererizer\mc dj yuppie cracker.tfx
    c:\program files\common files\native instruments\kontakt 4\presets\effects\convolution\05 drum reverbs\0.4s firecracker snare orven.nkp
    c:\program files\common files\native instruments\shared content\sounds\absynth 5\absynth 3\crackling water bottles.ksd
    c:\program files\common files\native instruments\shared content\sounds\absynth 5\instruments\tin crackling.ksd
    c:\program files\incomplete\t-135949080-fl studio 6.0.8 + crack.aka fruity loops+all plugins unlocked!(xxl edition)(2).zip
    c:\program files\incomplete\t-96720678-fl studio 6.0.8 + crack.aka fruity loops+all plugins unlocked!(xxl edition)(1) 2.zip
    c:\program files\waves\plug-ins\xcrackle.dll
    c:\program files\waves\plug-ins\xcrackle.dll.rsr
    c:\program files\waves\plug-ins\documents\xcrackle.pdf
    c:\program files\waves\plug-ins\plug-in settings\x-crackle settings.xps
    c:\windows\prefetch\keygen.exe-2f041a39.pf
    scanner sequence 3.ZZ.11
    ----- EOF -----
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The system is full of programs, files and folders that have been obtained using cracks or keygens> in other words, pirated. In order for support to continue, all of these files would have to be removed. In light of the fact that you had malware which steals information and passwords and leaves a backdoor on the system, I recommend that you reformat/reinstall. Leave all the pirates programs and files out and don't try to steal something that requires money to get it.

    You will find excellent reformat/reinstall instructions here:
    http://www.tech-101.com/tutorials/356-tutorial-windows-install-repair-xp-vista.html

    You should realize that in the effort to save yourself a few $$$, you have gotten malware that has basically corrupted the system and stolen your information.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...