Solved I Have the Browswer Redirect Problem

Status
Not open for further replies.
H

heavystrato

Posts: 56   +0
It looks like now im on the same boat as other people. This problem is really anoying.I would really appreciate any help on how to remove these redirections.

I have posted the MalwareBites Log also GMER Log and the 2 DDS logs.

Tanks in advance for the help guys.


MALWAREBITES
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4432

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

8/15/2010 12:01:43 PM
mbam-log-2010-08-15 (12-01-43).txt

Scan type: Quick scan
Objects scanned: 140909
Time elapsed: 6 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-15 15:50:43
Windows 5.1.2600 Service Pack 2
Running: v35jg8yr.exe; Driver: C:\DOCUME~1\Eduardo\LOCALS~1\Temp\ugrdifod.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
DDS

DDS (Ver_10-03-17.01) - NTFSx86
Run by Eduardo at 15:14:34.09 on Sun 08/15/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2402 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\xampp\apache\bin\apache.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\xampp\mysql\bin\mysqld.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHGLDCS.EXE
C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\xampp\apache\bin\apache.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\PayPal Payment Request Wizard\Outlook Wizard\OEHook.exe
C:\xampp\mysql\bin\winmysqladmin.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Eduardo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: GP Bar: {c3538050-face-11de-8a39-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\sharedcom8\RoxWatchTray.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ConnectionManager] c:\program files\winsim\connectionmanager\Simply.SystemTrayIcon.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\docume~1\eduardo\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\eduardo\startm~1\programs\startup\winmys~1.lnk - c:\xampp\mysql\bin\winmysqladmin.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\outloo~1.lnk - c:\program files\paypal payment request wizard\outlook wizard\OEHook.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\paloal~1.lnk - c:\program files\common files\palo alto software\9.0\PAS9_Update.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\eduardo\applic~1\mozilla\firefox\profiles\b7rhrs75.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\eduardo\application data\mozilla\firefox\profiles\b7rhrs75.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-8-15 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-2-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 55024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-8-15 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-8-15 267432]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [2008-12-9 24636]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-8-15 60936]
R2 OKI OPHG DCS Loader;OKI OPHG DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHGLDCS.EXE [2009-5-29 24576]
R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2009-8-23 29992]
S3 block_reader;MPR DRV;c:\documents and settings\eduardo\desktop\portablesoftware\mpr_1.1.9\multi_password_recovery_1.1.9_portable\multi password recovery 1.1.9 portable\block_reader.sys [2010-1-10 1920]
S3 PD1030VID;Creative WebCam Pro;c:\windows\system32\drivers\p1030vid.sys [2009-10-3 167673]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 7408]
S3 Simply Accounting Transaction Manager 2010 - CDN;Simply Accounting Transaction Manager 2010 - CDN;c:\program files\winsim\transactionmanager2010 - cdn\Sage_SA.TransactionManager.exe [2009-12-10 42280]

=============== Created Last 30 ================

2010-08-15 14:37:52 0 d-----w- c:\windows\system32\NtmsData
2010-08-15 14:36:29 0 d-----w- c:\docume~1\eduardo\applic~1\Avira
2010-08-15 14:33:53 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-15 14:33:20 0 d-----w- c:\program files\Avira
2010-08-15 14:33:20 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-08-15 14:27:14 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-15 05:28:08 0 d-sha-r- C:\cmdcons
2010-08-15 05:24:25 98816 ----a-w- c:\windows\sed.exe
2010-08-15 05:24:25 77312 ----a-w- c:\windows\MBR.exe
2010-08-15 05:24:25 256512 ----a-w- c:\windows\PEV.exe
2010-08-15 05:24:25 161792 ----a-w- c:\windows\SWREG.exe
2010-08-15 04:47:49 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-08-15 04:47:49 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-08-15 04:47:49 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-08-15 04:47:49 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-08-15 04:47:49 153088 ----a-w- c:\windows\system32\UNRAR3.dll

==================== Find3M ====================


============= FINISH: 15:15:03.87 ===============
 
DDS ATTACH
DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/7/2005 11:24:05 AM
System Uptime: 8/15/2010 2:02:56 PM (1 hours ago)

Motherboard: ASUSTek Computer INC. | | Buckeye
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Socket 775 | 1866/266mhz
Processor: Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz | Socket 775 | 1866/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 233 GiB total, 43.729 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
K: is FIXED (NTFS) - 466 GiB total, 216.619 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 8/14/2010 12:52:01 PM - System Checkpoint
RP2: 8/15/2010 10:22:23 AM - Avira AntiVir Personal - 8/15/2010 10:22
RP3: 8/15/2010 10:26:51 AM - Installed Java(TM) 6 Update 21

==== Installed Programs ======================

Video4Web Converter version 1.2.0.1
Acrobat.com
Adobe Acrobat 9 Pro - English, FranÁais, Deutsch
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge 1.0
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Common File Installer
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe Encore CS4 Library
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Center 1.0
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS2
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11.5
Adobe SING CS4
Adobe Soundbooth CS4 Codecs
Adobe Stock Photos 1.0
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced DHTML Popup Pro
AV Bros. Page Curl Pro 2.2 (Remove Only)
Avira AntiVir Personal - Free Antivirus
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
BitLord 1.1
Business Plan Pro 2007 (CAN)
C3400 UserGuide
CamStudio
CCleaner (remove only)
CDDRV_Installer
CDisplay 1.8
Classic Menu 3.9x for Office 2007
CoffeeCup Flash Form Builder - Registered
Color Efex Pro 3.0 Complete
Connect
CTI 2009
CuteFTP 8 Professional
Data Fax SoftModem with SmartCP
Demo Builder 7.2 ( 15-day Trial )
DigiDelivery
EZ Mask v1.5 for Adobe Photoshop & Photoshop Elements
Facebook FriendAdder Pro
FBP - Facebook Blaster Pro
FFB - Facebook Friend Bomber
Flash Decompiler Trillix
Flash Optimizer 2
FoldUP!3D v. 1.5
FontExpert 2007
Free Video to Flash Converter version 4.1
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
Genuine Fractals 5.0
GPL Ghostscript 8.71
GraphixCALC Pro 2.0
GSview 4.9
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
I-Faker Desktop Pro
IBP 10.0.3
IBP 11.5
Intel(R) PRO Network Connections Drivers
InterLok Driver Kit
Java Auto Updater
Java(TM) 6 Update 21
JoomlaPack Native Tools 2009.4
KhalInstallWrapper
Kodak DIGITAL GEM Airbrush Professional Plug-In
Kodak DIGITAL GEM Professional Plug-In
Kodak DIGITAL ROC Professional Plug-In
Kodak DIGITAL SHO Professional Plug-In
kuler
LizardTech DjVu Control
Logitech Registration
Logitech SetPoint
LucisArt 3 ED/SE
M2007 Ink Mixing System
Malwarebytes' Anti-Malware
Media Lab SiteGrinder 2 (Basic & Pro)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Runtime (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.0.19)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
MSXML 6 Service Pack 2 (KB973686)
MySQL Connector/ODBC 3.51
NVIDIA Drivers
OKI C3300_3400 Status Monitor
PayPal Payment Request Wizard For Outlook
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
Poser 8 (8.0.0.10157)
Price Perfect
QuickTime
RankEnhancer
RealPlayer
Realtek High Definition Audio Driver
Roland SP-300V
Roland VersaWorks
Roxio RecordNow Premier
Sage Invoicing and Start-up
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
 
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Segoe UI
SENuke
Silver Efex Pro
Simply Accounting by Sage 2009
Simply Accounting by Sage 2010
Sothink SWF Decompiler
Spybot - Search & Destroy
SpywareBlaster 4.2
Suite Shared Configuration CS4
Super-AlexaBooster v1.10
SUPERAntiSpyware Free Edition
SWF to MP3 Converter 2.3 build 171
Swift 3D v5.00
Template Manager
TransType Pro
TwitterBlasterPro
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB957244)
Update for Microsoft Office Access 2007 Help (KB957241)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office InfoPath 2007 Help (KB957243)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vertus Fluid Mask 3 3.0.10
Victoria 4.2 Base
Viveza
VLC media player 1.0.2
VueRite
WebFldrs XP
Windows Driver Package - AMD System (04/06/2006 1.0.1.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format Runtime
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB973768
WinRAR archiver
WriteExpress 4,001 Business, Sales & Personal Letters
XAMPP 1.7.0

==== Event Viewer Messages From Past Week ========

8/15/2010 3:13:50 PM, error: System Error [1003] - Error code 0000004e, parameter1 00000007, parameter2 0002532e, parameter3 00000001, parameter4 00000000.
8/15/2010 11:16:49 AM, error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
8/15/2010 11:16:49 AM, error: Service Control Manager [7034] - The Simply Accounting Database Connection Manager service terminated unexpectedly. It has done this 1 time(s).
8/15/2010 11:16:49 AM, error: Service Control Manager [7034] - The Roxio Hard Drive Watcher service terminated unexpectedly. It has done this 1 time(s).
8/15/2010 11:16:49 AM, error: Service Control Manager [7034] - The OKI OPHG DCS Loader service terminated unexpectedly. It has done this 1 time(s).
8/15/2010 11:16:49 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
8/15/2010 11:16:49 AM, error: Service Control Manager [7034] - The mysql service terminated unexpectedly. It has done this 1 time(s).
8/15/2010 11:16:49 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
8/15/2010 11:16:49 AM, error: Service Control Manager [7034] - The Apache2.2 service terminated unexpectedly. It has done this 1 time(s).
8/15/2010 10:21:03 AM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
8/15/2010 10:21:03 AM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\Eduardo\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
8/15/2010 10:21:03 AM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
8/15/2010 1:50:09 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
8/15/2010 1:35:24 PM, error: System Error [1003] - Error code 0000004e, parameter1 00000007, parameter2 00006844, parameter3 00000002, parameter4 00000000.
8/14/2010 12:42:05 PM, error: Service Control Manager [7034] - The ResultDns Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Be patient. We 're just volunteers and we're not here 24/7.

=======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Hi Broni, thank you so much for helping out. I am sorry if I seemed a bit impatient is just this thing is driving me nuts.
Anyway, i will run these two things and post them Asap
 
I understand your frustration, but you're not the only one, who got bitten by bad guys :)
....and we need to eat, sleep, work and go for a walk too...
 
I Know, Broni. :eek:
Here the the two logs. When i run Combofix it found something and it restarted my computer.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000004fc

Kernel Drivers (total 141):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 ohci1394.sys
0xBA0B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA0C8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltMgr.sys
0xB9ED9000 sr.sys
0xB9EC3000 DRVMCDB.SYS
0xBA118000 PxHelp20.sys
0xB9EB2000 TPkd.sys
0xB9E9B000 KSecDD.sys
0xB9E0E000 Ntfs.sys
0xB9DE1000 NDIS.sys
0xB9DC6000 Mup.sys
0xBA198000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB90DD000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB90C9000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB9091000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA478000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB906E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA480000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9049000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9004000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0xB8FE1000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8EEA000 \SystemRoot\system32\DRIVERS\HSX_DP.sys
0xB8E34000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xBA488000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA1A8000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA5EA000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xBA1C8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA74B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9D92000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8E1D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA208000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA490000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8E0C000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA218000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA498000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8DDB000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA238000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5F0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8D5A000 \SystemRoot\system32\DRIVERS\update.sys
0xBA548000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA258000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA268000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5F2000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB6324000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB6302000 \SystemRoot\system32\drivers\portcls.sys
0xBA278000 \SystemRoot\system32\drivers\drmk.sys
0xBA5F6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7C7000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5F8000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA390000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xBA398000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3A0000 \SystemRoot\System32\drivers\vga.sys
0xBA5FA000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5FC000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3A8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3B0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8DD7000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB62A7000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB624F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB6206000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB61DE000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA298000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB61BC000 \SystemRoot\System32\drivers\afd.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB619B000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xBA3C0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB6170000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB6101000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA2C8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB60DF000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA606000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xBA318000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA3D0000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA3E8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB62FE000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB9535000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA3F8000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xB9525000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB5FC4000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB62FA000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB62F6000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA400000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xB5F84000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA664000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6237000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA430000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA6C1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xB514E000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xBA2F8000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA747000 \SystemRoot\System32\DLA\DLADResN.SYS
0xB5110000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xB5267000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xBA5C6000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xBA438000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xB50A8000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xB5092000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xB5146000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB4636000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB45FD000 \SystemRoot\System32\Drivers\adfs.SYS
0xB3CF8000 \SystemRoot\system32\drivers\wdmaud.sys
0xB4712000 \SystemRoot\system32\drivers\sysaudio.sys
0xB3A4A000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xB3A27000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB4555000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB39A8000 \SystemRoot\system32\DRIVERS\srv.sys
0xB2060000 \SystemRoot\System32\Drivers\HTTP.sys
0xAEEEF000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 58):
0 System Idle Process
4 System
668 C:\WINDOWS\system32\smss.exe
724 csrss.exe
748 C:\WINDOWS\system32\winlogon.exe
796 C:\WINDOWS\system32\services.exe
808 C:\WINDOWS\system32\lsass.exe
1024 C:\WINDOWS\system32\svchost.exe
1128 svchost.exe
1224 C:\WINDOWS\system32\svchost.exe
1292 svchost.exe
1468 svchost.exe
1624 C:\WINDOWS\system32\spoolsv.exe
1668 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1744 svchost.exe
1836 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1860 C:\xampp\apache\bin\apache.exe
1960 C:\WINDOWS\ehome\ehRecvr.exe
164 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
204 C:\WINDOWS\ehome\ehSched.exe
288 C:\Program Files\Java\jre6\bin\jqs.exe
412 sqlservr.exe
480 C:\xampp\mysql\bin\mysqld.exe
504 C:\WINDOWS\system32\nvsvc32.exe
536 C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHGLDCS.EXE
1188 SP-300MC.EXE
632 C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe
1912 C:\WINDOWS\explorer.exe
1996 sqlbrowser.exe
1888 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2068 C:\WINDOWS\system32\svchost.exe
2204 C:\xampp\apache\bin\apache.exe
3652 C:\WINDOWS\system32\dllhost.exe
3932 C:\WINDOWS\ehome\ehtray.exe
4040 alg.exe
148 C:\WINDOWS\ehome\ehmsas.exe
176 C:\WINDOWS\system32\rundll32.exe
532 C:\WINDOWS\RTHDCPL.exe
1572 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2064 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
2400 C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
2280 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
1256 C:\Program Files\QuickTime\qttask.exe
1052 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
596 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
1120 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3824 C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
3944 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
512 C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
2404 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
3832 C:\WINDOWS\system32\ctfmon.exe
1056 C:\Program Files\Messenger\msmsgs.exe
1952 C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
4352 C:\Program Files\Logitech\SetPoint\SetPoint.exe
4376 C:\Program Files\PayPal Payment Request Wizard\Outlook Wizard\OEHook.exe
4432 C:\xampp\mysql\bin\winmysqladmin.exe
4536 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
5564 C:\Documents and Settings\Eduardo\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\K: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3250824AS, Rev: 3.AHH
PhysicalDrive5 Model Number: SeagateFreeAgent Pro, Rev: 400A

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive5 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
ComboFix 10-08-15.01 - Eduardo 08/16/2010 0:14.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2332 [GMT -4:00]
Running from: c:\documents and settings\Eduardo\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe . . . is infected!!

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-16 to 2010-08-16 )))))))))))))))))))))))))))))))
.

2010-08-15 14:37 . 2010-08-15 23:23 -------- d-----w- c:\windows\system32\NtmsData
2010-08-15 14:36 . 2010-08-15 14:36 -------- d-----w- c:\documents and settings\Eduardo\Application Data\Avira
2010-08-15 14:33 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-15 14:33 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-15 14:33 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-15 14:33 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-15 14:33 . 2010-08-15 14:33 -------- d-----w- c:\program files\Avira
2010-08-15 14:33 . 2010-08-15 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-15 14:27 . 2010-08-15 14:27 -------- d-----w- c:\program files\Common Files\Java
2010-08-15 14:27 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-15 04:47 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-08-15 04:47 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-08-15 04:47 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-08-15 04:47 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-08-15 04:47 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 03:31 . 2009-03-08 16:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-15 14:31 . 2009-04-20 18:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-15 14:27 . 2010-08-15 14:27 503808 ----a-w- c:\documents and settings\Eduardo\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-36f87ce3-n\msvcp71.dll
2010-08-15 14:27 . 2010-08-15 14:27 499712 ----a-w- c:\documents and settings\Eduardo\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-36f87ce3-n\jmc.dll
2010-08-15 14:27 . 2010-08-15 14:27 348160 ----a-w- c:\documents and settings\Eduardo\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-36f87ce3-n\msvcr71.dll
2010-08-15 14:27 . 2010-08-15 14:27 61440 ----a-w- c:\documents and settings\Eduardo\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6227762b-n\decora-sse.dll
2010-08-15 14:27 . 2010-08-15 14:27 12800 ----a-w- c:\documents and settings\Eduardo\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6227762b-n\decora-d3d.dll
2010-08-15 14:27 . 2009-03-26 22:14 -------- d-----w- c:\program files\Java
2010-08-15 05:46 . 2009-10-26 14:17 -------- d-----w- c:\documents and settings\Eduardo\Application Data\vlc
2010-08-15 05:08 . 2009-09-16 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-14 17:12 . 2010-08-14 17:11 52224 ----a-w- c:\documents and settings\Eduardo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-14 17:12 . 2009-09-15 16:59 117760 ----a-w- c:\documents and settings\Eduardo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-12 10:04 . 2009-03-08 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-07 11:59 . 2010-07-09 21:04 452104 ----a-w- c:\documents and settings\Eduardo\Application Data\Real\Update\setup3.12\setup.exe
2010-08-02 23:14 . 2009-03-09 01:20 189000 ----a-w- c:\documents and settings\Eduardo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-28 16:03 . 2010-05-27 23:40 -------- d-----w- c:\program files\Facebook FriendAdder Pro
2010-07-21 12:08 . 2009-03-08 11:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-11 00:21 . 2010-07-10 23:55 -------- d-----w- c:\program files\Super_DVD_Creator_9.8
2010-07-02 21:03 . 2010-04-13 20:59 439816 ----a-w- c:\documents and settings\Eduardo\Application Data\Real\Update\setup3.10\setup.exe
2010-06-14 14:30 . 2009-03-08 11:12 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.

------- Sigcheck -------

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
[-] 2004-12-02 . 91FDA1B9369FCA7100532DBF82E138B4 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe
[-] 2007-06-13 . 7EA18D33626880BD22CFEF224451871F . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-12-02 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 133576]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-12-02 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"nwiz"="nwiz.exe" [2006-10-31 1622016]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2006-01-20 163840]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-01-03 122940]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-03-21 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-19 198160]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ConnectionManager"="c:\program files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [2009-08-23 91432]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\Eduardo\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
WinMySQLadmin.lnk - c:\xampp\mysql\bin\winmysqladmin.exe [2007-12-20 936448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-2 813584]
Outlook Plugin.lnk - c:\program files\PayPal Payment Request Wizard\Outlook Wizard\OEHook.exe [2010-5-17 888987]
Palo Alto Software Update Manager 9.0.lnk - c:\program files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe [2006-9-5 122880]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Eduardo^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Eduardo\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-06-22 12:45 133576 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-03-21 17:36 155648 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-04-19 21:37 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Electric Rain\\Swift 3D\\Version 5.00\\Program\\Swift3D.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\IBP 10\\IBP.exe"=
"c:\\Program Files\\Adobe\\Adobe Illustrator CS4\\Support Files\\Contents\\Windows\\Illustrator.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS4\\Flash.exe"=
"c:\\Program Files\\Smith Micro\\Poser 8\\Poser.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\winsim\\ConnectionManager\\MySqlBinary\\5.0.38\\mysql\\mysqld-nt.exe"=
"c:\\Program Files\\winsim\\ConnectionManager\\SimplyConnectionManager.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2009 11:43 AM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 55024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/15/2010 10:33 AM 135336]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [12/9/2008 7:10 PM 24636]
R2 OKI OPHG DCS Loader;OKI OPHG DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHGLDCS.EXE [5/29/2009 10:30 PM 24576]
R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [8/23/2009 1:00 AM 29992]
S3 block_reader;MPR DRV;c:\documents and settings\Eduardo\Desktop\PORTABLESOFTWARE\MPR_1.1.9\Multi_Password_Recovery_1.1.9_Portable\Multi Password Recovery 1.1.9 Portable\block_reader.sys [1/10/2010 11:00 PM 1920]
S3 PD1030VID;Creative WebCam Pro;c:\windows\system32\drivers\p1030vid.sys [10/3/2009 11:31 AM 167673]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 7408]
S3 Simply Accounting Transaction Manager 2010 - CDN;Simply Accounting Transaction Manager 2010 - CDN;c:\program files\winsim\TransactionManager2010 - CDN\Sage_SA.TransactionManager.exe [12/10/2009 4:00 AM 42280]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/8/2009 12:26 PM 685816]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\documents and settings\Eduardo\Application Data\Mozilla\Firefox\Profiles\b7rhrs75.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\Eduardo\Application Data\Mozilla\Firefox\Profiles\b7rhrs75.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-16 00:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Eduardo\LOCALS~1\Temp\Acrobat Distiller 9\00000BF0
c:\docume~1\Eduardo\LOCALS~1\Temp\Acrobat Distiller 9\00000BF0\dirlock.tmp 0 bytes
c:\docume~1\Eduardo\LOCALS~1\Temp\Acrobat Distiller 9\00000BF0\Temp.msg

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Sagekey Software\ *{9756-3768}]
"D-Code"="0000000000"
"U-Code"="Demo"
"S-Code"="0000000000"
"C-Code"="4353753922274815"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(4044)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\eHome\ehRecvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\xampp\mysql\bin\mysqld.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\SP-300MC.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\eHome\ehmsas.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2010-08-16 00:39:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-16 04:38
ComboFix2.txt 2010-08-15 13:57
ComboFix3.txt 2010-08-15 06:02

Pre-Run: 47,856,824,320 bytes free
Post-Run: 47,849,684,992 bytes free

- - End Of File - - CD1B6A9693DC9E94D2134C80B8E2C233
 
What is drive K?

I see, you ran Combofix TWICE already.
You shouldn't be doing it on your own. It's a very powerful tool.

Please, go to C:\Qoobox and attach ComboFix2.txt and ComboFix3.txt files to your next reply
 
Broni,
yea I tired running it before trying to solve this problem by my own and then I realized I should just ask for some help. Drive K is and External drive I have attached to my computer Via USB. I have attached the logs
 

Attachments

  • ComboFix2.txt
    15.3 KB · Views: 1
  • ComboFix3.txt
    16.8 KB · Views: 1
Just never run Combofix on your own.

Run MBRCheck again.

When it's done you'll see the following line:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Pres the Y key and then press Enter

When the program asks you to Enter your choice, enter 2 and press the Enter key.

Next the program will ask you to Enter the physical disk number to fix (0-99, -1 to cancel):
Enter 5 and press the Enter key.

Next the program will show Available MBR codes:, followed by a list of operating systems.
Please enter 1 for Windows XP, and then press Enter.

Next the program will prompt for confirmation.
Type YES and hit Enter.

When it's done there should be a text file with the results on your desktop.
Please copy and paste it back here.

Then reboot, run MBRCheck again and post new log.
 
Broni,
here is the log
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000004fc

Kernel Drivers (total 144):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 ohci1394.sys
0xBA0B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA0C8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltMgr.sys
0xB9ED9000 sr.sys
0xB9EC3000 DRVMCDB.SYS
0xBA118000 PxHelp20.sys
0xB9EB2000 TPkd.sys
0xB9E9B000 KSecDD.sys
0xB9E0E000 Ntfs.sys
0xB9DE1000 NDIS.sys
0xB9DC6000 Mup.sys
0xBA198000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB90D9000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB90C5000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB908D000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA488000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB906A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA490000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB9045000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB9000000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0xB8FDD000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8EE6000 \SystemRoot\system32\DRIVERS\HSX_DP.sys
0xB8E30000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xBA498000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA1A8000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA5E8000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xBA1C8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA759000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9D96000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8E19000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA208000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8E08000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA218000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA340000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8DD7000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA228000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA370000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA378000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5EA000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8D56000 \SystemRoot\system32\DRIVERS\update.sys
0xBA544000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA248000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA258000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5EC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB6320000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB62FE000 \SystemRoot\system32\drivers\portcls.sys
0xBA268000 \SystemRoot\system32\drivers\drmk.sys
0xBA5F0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7DA000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5F2000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA3A0000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xBA3A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA3B0000 \SystemRoot\System32\drivers\vga.sys
0xBA5F4000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3B8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3C0000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8DD3000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB62A3000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB624B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB6202000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB61DA000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA288000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB61B8000 \SystemRoot\System32\drivers\afd.sys
0xBA298000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA2A8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB6197000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xBA3D0000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB616C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB60FD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA2B8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB60DB000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA5FA000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xBA2D8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA3E0000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA3F0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB677E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA3F8000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB5FC0000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB677A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB6776000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA400000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xB5F80000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA61C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB62EA000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA428000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA750000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB514A000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xBA178000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA6DD000 \SystemRoot\System32\DLA\DLADResN.SYS
0xB510C000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xB5263000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xBA62C000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xBA430000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xB50A4000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xB508E000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xB5082000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB4632000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB45F9000 \SystemRoot\System32\Drivers\adfs.SYS
0xB4463000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xB4440000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB4616000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB43E9000 \SystemRoot\system32\DRIVERS\srv.sys
0xB3094000 \SystemRoot\system32\drivers\wdmaud.sys
0xBA168000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA408000 \??\C:\DOCUME~1\Eduardo\LOCALS~1\Temp\mbr.sys
0xB2C51000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA438000 \??\C:\ComboFix\catchme.sys
0xBA666000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xAEC0A000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 58):
0 System Idle Process
4 System
660 C:\WINDOWS\system32\smss.exe
724 csrss.exe
748 C:\WINDOWS\system32\winlogon.exe
796 C:\WINDOWS\system32\services.exe
808 C:\WINDOWS\system32\lsass.exe
1032 C:\WINDOWS\system32\svchost.exe
1136 svchost.exe
1232 C:\WINDOWS\system32\svchost.exe
1320 svchost.exe
1488 svchost.exe
1616 C:\WINDOWS\system32\spoolsv.exe
1656 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1728 svchost.exe
1816 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1832 C:\xampp\apache\bin\apache.exe
1864 C:\WINDOWS\ehome\ehRecvr.exe
1904 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1920 C:\WINDOWS\ehome\ehSched.exe
1968 C:\Program Files\Java\jre6\bin\jqs.exe
2024 sqlservr.exe
120 C:\xampp\mysql\bin\mysqld.exe
156 C:\WINDOWS\system32\nvsvc32.exe
200 C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHGLDCS.EXE
1288 C:\xampp\apache\bin\apache.exe
2856 C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe
2868 SP-300MC.EXE
2980 sqlbrowser.exe
3000 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3060 C:\WINDOWS\system32\svchost.exe
3420 C:\WINDOWS\system32\dllhost.exe
3548 alg.exe
3824 C:\WINDOWS\ehome\ehtray.exe
4064 C:\WINDOWS\system32\rundll32.exe
584 C:\WINDOWS\ehome\ehmsas.exe
3676 C:\WINDOWS\RTHDCPL.exe
3744 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3240 C:\WINDOWS\system32\ctfmon.exe
672 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
708 C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
700 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
3260 C:\Program Files\QuickTime\qttask.exe
3104 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
964 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3948 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3652 C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
3788 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3856 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
4200 C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
4308 C:\Program Files\Logitech\SetPoint\SetPoint.exe
4404 C:\Program Files\PayPal Payment Request Wizard\Outlook Wizard\OEHook.exe
4492 C:\xampp\mysql\bin\winmysqladmin.exe
4520 C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
4744 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
124 C:\Program Files\Mozilla Firefox\firefox.exe
5176 C:\WINDOWS\explorer.exe
5304 C:\Documents and Settings\Eduardo\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\K: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3250824AS, Rev: 3.AHH
PhysicalDrive5 Model Number: SeagateFreeAgent Pro, Rev: 400A

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive5 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 5Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 1
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: yes
RE: Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!
 
I really appreciate you helping me, Broni.
Also I notice that now sometimes I'm getting a WINDOWS EXPLORER ERROR . When Click to see what this is it give me this

AppName: explorer.exe AppVer: 6.0.2900.3156 ModName: dtproapi.dll
ModVer: 4.10.215.0 Offset: 00003698

Any idea what this could be?
-----------------------------------
Here is the new MBR Log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000004fc

Kernel Drivers (total 146):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 ohci1394.sys
0xBA0B8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA0C8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9F23000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9F0B000 atapi.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9EEB000 fltMgr.sys
0xB9ED9000 sr.sys
0xB9EC3000 DRVMCDB.SYS
0xBA118000 PxHelp20.sys
0xB9EB2000 TPkd.sys
0xB9E9B000 KSecDD.sys
0xB9E0E000 Ntfs.sys
0xB9DE1000 NDIS.sys
0xB9DC6000 Mup.sys
0xBA188000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB918A000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB9176000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB913E000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA470000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB911B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA478000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB90F6000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB90B1000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0xB908E000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8F97000 \SystemRoot\system32\DRIVERS\HSX_DP.sys
0xB8EE1000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xBA480000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA198000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA5E4000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xBA1B8000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\redbook.sys
0xBA74C000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9D92000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8ECA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA488000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8EB9000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA208000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA498000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8E88000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xBA218000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA4A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5E6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8E07000 \SystemRoot\system32\DRIVERS\update.sys
0xBA548000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA238000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA248000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5E8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB63D1000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB63AF000 \SystemRoot\system32\drivers\portcls.sys
0xBA258000 \SystemRoot\system32\drivers\drmk.sys
0xBA5EC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA7C2000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5EE000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA388000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xBA390000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA398000 \SystemRoot\System32\drivers\vga.sys
0xBA5F0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5F2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA3A0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA3A8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8E80000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB6354000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB62FC000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB62AC000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB628B000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA278000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB6269000 \SystemRoot\System32\drivers\afd.sys
0xBA288000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB6248000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xBA298000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA3B8000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB621D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB61AE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA2A8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB618C000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA5F8000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xBA2C8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBA3C8000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA3D8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB683B000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA3E0000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xBA2F8000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB6071000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB6837000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB6833000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xB6031000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA606000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB681F000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3F0000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA72C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xB51FB000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xBA178000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xBA78F000 \SystemRoot\System32\DLA\DLADResN.SYS
0xB51BD000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xB531C000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xBA614000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xBA3F8000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB5155000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xB513F000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xB51F3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB46E3000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB46AA000 \SystemRoot\System32\Drivers\adfs.SYS
0xB453C000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xB4519000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB46BF000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB449A000 \SystemRoot\system32\DRIVERS\srv.sys
0xB320D000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3AC2000 \SystemRoot\system32\drivers\sysaudio.sys
0xBA62A000 \SystemRoot\system32\drivers\splitter.sys
0xB31EA000 \SystemRoot\system32\drivers\aec.sys
0xB3D1A000 \SystemRoot\system32\drivers\swmidi.sys
0xB3BCA000 \SystemRoot\system32\drivers\DMusic.sys
0xB31BF000 \SystemRoot\system32\drivers\kmixer.sys
0xBA785000 \SystemRoot\system32\drivers\drmkaud.sys
0xB2D30000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 59):
0 System Idle Process
4 System
660 C:\WINDOWS\system32\smss.exe
724 csrss.exe
748 C:\WINDOWS\system32\winlogon.exe
796 C:\WINDOWS\system32\services.exe
808 C:\WINDOWS\system32\lsass.exe
1020 C:\WINDOWS\system32\svchost.exe
1140 svchost.exe
1236 C:\WINDOWS\system32\svchost.exe
1400 svchost.exe
1480 svchost.exe
1612 C:\WINDOWS\system32\spoolsv.exe
1660 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1728 svchost.exe
1812 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1828 C:\xampp\apache\bin\apache.exe
1860 C:\WINDOWS\ehome\ehRecvr.exe
1904 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1928 C:\WINDOWS\ehome\ehSched.exe
1960 C:\Program Files\Java\jre6\bin\jqs.exe
160 sqlservr.exe
208 C:\xampp\mysql\bin\mysqld.exe
256 C:\WINDOWS\system32\nvsvc32.exe
596 C:\xampp\apache\bin\apache.exe
2588 C:\WINDOWS\system32\spool\drivers\w32x86\3\OPHGLDCS.EXE
2604 SP-300MC.EXE
2932 C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe
3020 sqlbrowser.exe
3048 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
3088 C:\WINDOWS\system32\svchost.exe
3384 C:\WINDOWS\system32\dllhost.exe
3548 alg.exe
3268 C:\WINDOWS\ehome\ehtray.exe
184 C:\WINDOWS\ehome\ehmsas.exe
3824 C:\WINDOWS\system32\rundll32.exe
3792 C:\WINDOWS\RTHDCPL.exe
1168 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
3764 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
4088 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
284 C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
544 C:\WINDOWS\system32\DLA\DLACTRLW.EXE
2668 C:\Program Files\QuickTime\qttask.exe
2788 C:\WINDOWS\system32\ctfmon.exe
3192 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3640 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
152 C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
3888 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3416 C:\Program Files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
4144 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
4216 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
4292 C:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
4344 C:\Program Files\Logitech\SetPoint\SetPoint.exe
4364 C:\Program Files\PayPal Payment Request Wizard\Outlook Wizard\OEHook.exe
4444 C:\xampp\mysql\bin\winmysqladmin.exe
4528 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
4932 C:\WINDOWS\system32\notepad.exe
5200 C:\WINDOWS\explorer.exe
5400 C:\Documents and Settings\Eduardo\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\K: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3250824AS, Rev: 3.AHH
PhysicalDrive5 Model Number: SeagateFreeAgent Pro, Rev: 400A

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
465 GB \\.\PhysicalDrive5 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!
 
dtproapi.dll is a process belonging to the DAEMON Tools Pro.
You may need to uninstall/reinstall.

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- c:\windows\explorer.exe
- c:\windows\system32\winlogon.exe
If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.
 
Hi Broni, Thanks again for your help!
here is the scan of the explorer.exe file


Antivirus Version Last update Result

AhnLab-V3 2010.08.17.00 2010.08.16 -

AntiVir 8.2.4.34 2010.08.16 -

Antiy-AVL 2.0.3.7 2010.08.16 -

Authentium 5.2.0.5 2010.08.17 -

Avast 4.8.1351.0 2010.08.16 -

Avast5 5.0.332.0 2010.08.16 -

AVG 9.0.0.851 2010.08.16 -

BitDefender 7.2 2010.08.17 Gen:Trojan.Heur.TP.@q0@bq1fXSb

CAT-QuickHeal 11.00 2010.08.16 -

ClamAV 0.96.0.3-git 2010.08.17 -

Comodo 5765 2010.08.17 -

DrWeb 5.0.2.03300 2010.08.17 -

Emsisoft 5.0.0.37 2010.08.16 -

eSafe 7.0.17.0 2010.08.16 -

eTrust-Vet 36.1.7794 2010.08.16 Win32/Patcher.F

F-Prot 4.6.1.107 2010.08.17 -

F-Secure 9.0.15370.0 2010.08.17 Gen:Trojan.Heur.TP.@q0@bq1fXSb

Fortinet 4.1.143.0 2010.08.16 -

GData 21 2010.08.17 Gen:Trojan.Heur.TP.@q0@bq1fXSb

Ikarus T3.1.1.88.0 2010.08.16 -

Jiangmin 13.0.900 2010.08.16 -

Kaspersky 7.0.0.125 2010.08.16 -

McAfee 5.400.0.1158 2010.08.17 -

McAfee-GW-Edition 2010.1 2010.08.16 -

NOD32 5371 2010.08.16 -

Norman 6.05.11 2010.08.16 -

nProtect 2010-08-16.02 2010.08.16 -

Panda 10.0.2.7 2010.08.16 -

PCTools 7.0.3.5 2010.08.17 -

Prevx 3.0 2010.08.17 -

Rising 22.61.00.04 2010.08.16 -

Sophos 4.56.0 2010.08.17 Troj/Patched-O

Sunbelt 6743 2010.08.17 -

SUPERAntiSpyware 4.40.0.1006 2010.08.17 -

Symantec 20101.1.1.7 2010.08.17 Suspicious.Mystic

TheHacker 6.5.2.1.349 2010.08.16 -

TrendMicro 9.120.0.1004 2010.08.16 -

TrendMicro-HouseCall 9.120.0.1004 2010.08.17 -

VBA32 3.12.14.0 2010.08.13 -

ViRobot 2010.8.16.3990 2010.08.16 Win32.Patched.AF

VirusBuster 5.0.27.0 2010.08.16 -

MD5: 7ea18d33626880bd22cfef224451871f

SHA1: 6e2998d9ca91843e4b008c1cf628c3e94ebf705c

SHA256: 136dcd676b33b51baba4ecc80cef25284931d56758c33d7676b6243b2181e900

File size: 1033216 bytes

Scan date: 2010-08-17 00:11:01 (UTC)


and this is the scan for the Winlog.exe



Antivirus Version Last update Result

AhnLab-V3 2010.08.17.00 2010.08.16 -

AntiVir 8.2.4.34 2010.08.16 -

Antiy-AVL 2.0.3.7 2010.08.16 -

Authentium 5.2.0.5 2010.08.17 -

Avast 4.8.1351.0 2010.08.16 -

Avast5 5.0.332.0 2010.08.16 -

AVG 9.0.0.851 2010.08.16 -

BitDefender 7.2 2010.08.17 Gen:Trojan.Heur.TP.Em0@bmZ1Zpb

CAT-QuickHeal 11.00 2010.08.16 -

ClamAV 0.96.0.3-git 2010.08.17 -

Comodo 5765 2010.08.17 -

DrWeb 5.0.2.03300 2010.08.17 -

Emsisoft 5.0.0.37 2010.08.16 -

eSafe 7.0.17.0 2010.08.16 -

eTrust-Vet 36.1.7794 2010.08.16 Win32/Patcher.F

F-Prot 4.6.1.107 2010.08.17 -

F-Secure 9.0.15370.0 2010.08.17 Gen:Trojan.Heur.TP.Em0@bmZ1Zpb

Fortinet 4.1.143.0 2010.08.16 -

GData 21 2010.08.17 Gen:Trojan.Heur.TP.Em0@bmZ1Zpb

Ikarus T3.1.1.88.0 2010.08.16 -

Jiangmin 13.0.900 2010.08.16 TrojanDownloader.Small.aswj

Kaspersky 7.0.0.125 2010.08.16 -

McAfee 5.400.0.1158 2010.08.17 -

McAfee-GW-Edition 2010.1 2010.08.16 -

Microsoft 1.6004 2010.08.16 Virus:Win32/Bamital.C

NOD32 5371 2010.08.16 -

Norman 6.05.11 2010.08.16 -

nProtect 2010-08-16.02 2010.08.16 Trojan-Downloader/W32.Small.502272.B

Panda 10.0.2.7 2010.08.16 -

PCTools 7.0.3.5 2010.08.17 -

Prevx 3.0 2010.08.17 -

Rising 22.61.00.04 2010.08.16 -

Sophos 4.56.0 2010.08.17 Troj/Patched-O

Sunbelt 6743 2010.08.17 -

SUPERAntiSpyware 4.40.0.1006 2010.08.17 -

Symantec 20101.1.1.7 2010.08.17 -

TheHacker 6.5.2.1.349 2010.08.16 Trojan/Downloader.Small.atqr

TrendMicro 9.120.0.1004 2010.08.16 -

TrendMicro-HouseCall 9.120.0.1004 2010.08.17 -

VBA32 3.12.14.0 2010.08.13 -

ViRobot 2010.8.16.3990 2010.08.16 Win32.Patched.AF

VirusBuster 5.0.27.0 2010.08.16 -

MD5: 91fda1b9369fca7100532dbf82e138b4

SHA1: 136228c05ac0a75087f26200c6eeb128d6589631

SHA256: 31031226e3c0acc8b6d5b303a600867b46b0232ce3c7177aec51f6cd7a88be33

File size: 502272 bytes

Scan date: 2010-08-17 00:21:28 (UTC)

Also, wanted to note that my anti virus, Avira, has given me 2 warnings today of a trojan, Twise i have hit delete. Im not sure if it will keep popping up
 
Well, no wonder.
As you can see from the scan, you have two crucial Windows files, winlogon.exe and explorer.exe, infected.

======================================================================

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box into the main textfield:
    Code: 
    :filefind
winlogon.exe
explorer.exe
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

=======================================================================

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
Folder::
c:\docume~1\Eduardo\LOCALS~1\Temp\Acrobat Distiller 9\00000BF0


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Alrite, done
here is the System Look log
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 20:37 on 16/08/2010 by Eduardo (Administrator - Elevation successful)

========== filefind ==========

Searching for "winlogon.exe"
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe --a--- 507904 bytes [12:15 08/03/2009] [00:12 14/04/2008] ED0EF0A136DEC83DF69F04118870003E
C:\WINDOWS\system32\winlogon.exe --a--- 502272 bytes [10:00 02/12/2004] [10:00 02/12/2004] 91FDA1B9369FCA7100532DBF82E138B4

Searching for "explorer.exe"
C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe --a--- 1033216 bytes [11:26 13/06/2007] [11:26 13/06/2007] 7712DF0CDDE3A5AC89843E61CD5B3658
C:\WINDOWS\$NtUninstallKB938828$\explorer.exe -----c 1032192 bytes [11:06 21/04/2009] [10:00 02/12/2004] A0732187050030AE399B241436565E64
C:\WINDOWS\explorer.exe --a--- 1033216 bytes [10:00 02/12/2004] [11:26 13/06/2007] 7EA18D33626880BD22CFEF224451871F
C:\WINDOWS\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe --a--- 1033728 bytes [12:13 08/03/2009] [00:12 14/04/2008] 12896823FB95BFB3DC9B46BCAEDC9923

-=End Of File=-
 
Here is the new combofiixlog. It restarted the computer
ComboFix 10-08-16.03 - Eduardo 08/16/2010 20:53:13.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2320 [GMT -4:00]
Running from: c:\documents and settings\Eduardo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Eduardo\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Eduardo\.exe

c:\windows\system32\winlogon.exe . . . is infected!!

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-15 14:37 . 2010-08-15 23:23 -------- d-----w- c:\windows\system32\NtmsData
2010-08-15 14:36 . 2010-08-15 14:36 -------- d-----w- c:\documents and settings\Eduardo\Application Data\Avira
2010-08-15 14:33 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-15 14:33 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-15 14:33 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-15 14:33 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-15 14:33 . 2010-08-15 14:33 -------- d-----w- c:\program files\Avira
2010-08-15 14:33 . 2010-08-15 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-15 14:27 . 2010-08-15 14:27 -------- d-----w- c:\program files\Common Files\Java
2010-08-15 14:27 . 2010-08-15 14:27 503808 ----a-w- c:\documents and settings\Eduardo\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-36f87ce3-n\msvcp71.dll
2010-08-15 14:27 . 2010-08-15 14:27 499712 ----a-w- c:\documents and settings\Eduardo\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-36f87ce3-n\jmc.dll
2010-08-15 14:27 . 2010-08-15 14:27 348160 ----a-w- c:\documents and settings\Eduardo\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-36f87ce3-n\msvcr71.dll
2010-08-15 14:27 . 2010-08-15 14:27 61440 ----a-w- c:\documents and settings\Eduardo\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6227762b-n\decora-sse.dll
2010-08-15 14:27 . 2010-08-15 14:27 12800 ----a-w- c:\documents and settings\Eduardo\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6227762b-n\decora-d3d.dll
2010-08-15 14:27 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-15 04:47 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-08-15 04:47 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-08-15 04:47 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-08-15 04:47 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-08-15 04:47 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-08-14 17:11 . 2010-08-14 17:12 52224 ----a-w- c:\documents and settings\Eduardo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-16 13:03 . 2009-04-20 18:03 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-16 03:31 . 2009-03-08 16:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-15 14:27 . 2009-03-26 22:14 -------- d-----w- c:\program files\Java
2010-08-15 05:46 . 2009-10-26 14:17 -------- d-----w- c:\documents and settings\Eduardo\Application Data\vlc
2010-08-15 05:08 . 2009-09-16 00:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-14 17:12 . 2009-09-15 16:59 117760 ----a-w- c:\documents and settings\Eduardo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-12 10:04 . 2009-03-08 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-07 11:59 . 2010-07-09 21:04 452104 ----a-w- c:\documents and settings\Eduardo\Application Data\Real\Update\setup3.12\setup.exe
2010-08-02 23:14 . 2009-03-09 01:20 189000 ----a-w- c:\documents and settings\Eduardo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-28 16:03 . 2010-05-27 23:40 -------- d-----w- c:\program files\Facebook FriendAdder Pro
2010-07-21 12:08 . 2009-03-08 11:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-11 00:21 . 2010-07-10 23:55 -------- d-----w- c:\program files\Super_DVD_Creator_9.8
2010-07-02 21:03 . 2010-04-13 20:59 439816 ----a-w- c:\documents and settings\Eduardo\Application Data\Real\Update\setup3.10\setup.exe
2010-06-14 14:30 . 2009-03-08 11:12 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
.

------- Sigcheck -------

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
[-] 2004-12-02 . 91FDA1B9369FCA7100532DBF82E138B4 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe

[-] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\explorer.exe
[-] 2007-06-13 . 7EA18D33626880BD22CFEF224451871F . 1033216 . . [6.00.2900.3156] . . c:\windows\explorer.exe
[7] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-12-02 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 133576]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-12-02 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-31 7634944]
"nwiz"="nwiz.exe" [2006-10-31 1622016]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2006-01-20 163840]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-01-03 122940]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-03-21 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-19 198160]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ConnectionManager"="c:\program files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [2009-08-23 91432]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\Eduardo\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
WinMySQLadmin.lnk - c:\xampp\mysql\bin\winmysqladmin.exe [2007-12-20 936448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-2 813584]
Outlook Plugin.lnk - c:\program files\PayPal Payment Request Wizard\Outlook Wizard\OEHook.exe [2010-5-17 888987]
Palo Alto Software Update Manager 9.0.lnk - c:\program files\Common Files\Palo Alto Software\9.0\PAS9_Update.exe [2006-9-5 122880]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Eduardo^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Eduardo\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-06-22 12:45 133576 ----a-w- c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-03-21 17:36 155648 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-04-19 21:37 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\xampp\\apache\\bin\\apache.exe"=
"c:\\Program Files\\Electric Rain\\Swift 3D\\Version 5.00\\Program\\Swift3D.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\IBP 10\\IBP.exe"=
"c:\\Program Files\\Adobe\\Adobe Illustrator CS4\\Support Files\\Contents\\Windows\\Illustrator.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS4\\Flash.exe"=
"c:\\Program Files\\Smith Micro\\Poser 8\\Poser.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\winsim\\ConnectionManager\\MySqlBinary\\5.0.38\\mysql\\mysqld-nt.exe"=
"c:\\Program Files\\winsim\\ConnectionManager\\SimplyConnectionManager.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2009 11:43 AM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 55024]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/15/2010 10:33 AM 135336]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\apache.exe [12/9/2008 7:10 PM 24636]
R2 OKI OPHG DCS Loader;OKI OPHG DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHGLDCS.EXE [5/29/2009 10:30 PM 24576]
R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [8/23/2009 1:00 AM 29992]
S3 block_reader;MPR DRV;c:\documents and settings\Eduardo\Desktop\PORTABLESOFTWARE\MPR_1.1.9\Multi_Password_Recovery_1.1.9_Portable\Multi Password Recovery 1.1.9 Portable\block_reader.sys [1/10/2010 11:00 PM 1920]
S3 PD1030VID;Creative WebCam Pro;c:\windows\system32\drivers\p1030vid.sys [10/3/2009 11:31 AM 167673]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 7408]
S3 Simply Accounting Transaction Manager 2010 - CDN;Simply Accounting Transaction Manager 2010 - CDN;c:\program files\winsim\TransactionManager2010 - CDN\Sage_SA.TransactionManager.exe [12/10/2009 4:00 AM 42280]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/8/2009 12:26 PM 685816]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\documents and settings\Eduardo\Application Data\Mozilla\Firefox\Profiles\b7rhrs75.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\documents and settings\Eduardo\Application Data\Mozilla\Firefox\Profiles\b7rhrs75.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-16 21:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Sagekey Software\ *{9756-3768}]
"D-Code"="0000000000"
"U-Code"="Demo"
"S-Code"="0000000000"
"C-Code"="4353753922274815"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(6028)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\mshtml.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\eHome\ehRecvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\xampp\mysql\bin\mysqld.exe
c:\windows\system32\nvsvc32.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\SP-300MC.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\dllhost.exe
c:\windows\RTHDCPL.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-16 21:26:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-17 01:26
ComboFix2.txt 2010-08-16 04:39
ComboFix3.txt 2010-08-15 13:57
ComboFix4.txt 2010-08-15 06:02

Pre-Run: 47,294,402,560 bytes free
Post-Run: 47,283,855,360 bytes free

- - End Of File - - D074C846316BC256A4765B6DFC5098F8
 
Now...you'll have to be extremely careful while performing the following.
Disregard Windows warning(s), if any.

1. Create new restore point (important!)
2. Download zipped winlogon.exe from here: http://www.smartestcomputing.us.com/index.php?app=core&module=attach&section=attach&attach_id=61856
3. Unzip the file and paste winlogon.exe into your C:\ folder

Then....

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
FCopy::
c:\winlogon.exe | c:\windows\system32\winlogon.exe
c:\windows\$NtUninstallKB938828$\explorer.exe | c:\windows\explorer.exe


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Ok now again Combofix rebooted and now windows is not starting,:(

it gives me this error

Aproblem is preventing windows from accuratelely cheking the licence of this computer Error code 0X80004005
 
Restart computer and keep tapping F8 key until menu appears.
Using keyboard keys, select "Last Known Good Configuration".
See, if it'll help.

Do you have Windows CD?
 
Status
Not open for further replies.

Similar threads

C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
B
Solved MachineLearning/Anomalous.94%
2
Replies
29
Views
11K
Broni
Broni

Latest posts

Back