trojan on my computer

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

trojan on my computer

Post by keper on Sat 07 Aug 2010, 2:27 am

trojan.generic c:/windows/jesterb.dill keeps coming up on my avira antivires thanks keper nube love your site.

keper

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-08-07
Operating System : windows professional 2002 serves pack3

View user profile

Back to top Go down

Re: trojan on my computer

Post by Sneakyone on Sat 07 Aug 2010, 6:17 am

Hi, Welcome to GeekPolice.net!

Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\*.sys
    %systemroot%\system32\drivers\*.dll
    %systemroot%\system32\drivers\*.ini
    %systemroot%\system32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    disk.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    usbstor.sys
    /md5stop
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs


  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time


Note: in the event that OTL fails to run, please use alternate download links to try again:

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: trojan on my computer

Post by keper on Sun 08 Aug 2010, 12:30 am

First and foremost thank you for helping me.Ive tried otl twice but it didn`t work for me. I ran spy hunter and super antispyware and both showed trojans
The trojans are redirecting my internet to different sites. Again thank you for your help keper. great site Going to be here for awhile.


keper

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-08-07
Operating System : windows professional 2002 serves pack3

View user profile

Back to top Go down

Re: trojan on my computer

Post by Sneakyone on Sun 08 Aug 2010, 12:56 am

Hi.

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: trojan on my computer

Post by keper on Sun 08 Aug 2010, 9:23 am

I`ve tried this twice and it didn`t work.It did not appear to scan and it did not make a log file. I left it on auto scan for three hours. .Did not understand where to put the command file. Sorry i feel like a dummy.Thanks keper I don`t give up easy Thanks again.

keper

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-08-07
Operating System : windows professional 2002 serves pack3

View user profile

Back to top Go down

Re: trojan on my computer

Post by Sneakyone on Sun 08 Aug 2010, 2:02 pm

Hi.

Could you please go into Safe Mode with Networking:

To get into Safe Mode with Networking please restart your computer and rapidly tap F8 until it asks what mode you want to boot into, please choose Safe Mode with Networking, then please run ComboFix from there.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: trojan on my computer

Post by keper on Mon 09 Aug 2010, 1:11 am

It worked in safe mode and it said I had a rootkit and it had to reboot the computer. It made a log file but I am not sure where to find the file or how to attach it or send it to you. Thanks keper

keper

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-08-07
Operating System : windows professional 2002 serves pack3

View user profile

Back to top Go down

Re: trojan on my computer

Post by Sneakyone on Mon 09 Aug 2010, 4:39 am

Hi.

Please open Windows Explorer (Right click on the Start button and go to Explore.)

Now, please go to your default drive, usually "C:"

There should be a file there called "ComboFix.txt" please double-click to open it and copy and paste the contents of that log here.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: trojan on my computer

Post by keper on Mon 09 Aug 2010, 5:31 am

ComboFix 10-08-07.01 - KEITH 08/08/2010 10:24:52.1.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.827 [GMT -3:00]
Running from: c:\documents and settings\KEITH\Desktop\commy.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\KEITH\Application Data\BITS
c:\documents and settings\KEITH\Application Data\BITS\BITS.ini
c:\documents and settings\KEITH\Application Data\BITS\DHTTable.dat
c:\documents and settings\KEITH\Application Data\BITS\ProxyList.ini
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128182855.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128182855.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128182948.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128182948.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128182949.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128182949.torrent.statistic
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128184128.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128184128.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128185147.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128185147.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128185253.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128185253.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128185327.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128185327.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128185514.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128185514.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128185629.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128185629.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128185951.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128185951.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128190032.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128190032.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128190033.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128190033.torrent.hybridlist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100128190033.torrent.statistic
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100131164346.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100131164346.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100131164441.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100131164441.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100131164442.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100131164442.torrent.hybridlist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100131164442.torrent.statistic
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203174349.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203174349.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203174614.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203174614.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203174615.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203174615.torrent.bits
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203174615.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203174615.torrent.hybridlist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203192111.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203192111.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203193855.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203193855.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203193943.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203193943.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203193944.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203193944.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203193944.torrent.statistic
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203194202.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203194202.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203194237.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203194237.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203194238.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203194238.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203194238.torrent.hybridlist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203194238.torrent.statistic
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203195108.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203195108.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203195152.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203195152.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203195153.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203195153.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203195153.torrent.hybridlist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203195153.torrent.statistic
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203195356.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203195356.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203195401.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203195401.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203195402.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203195402.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203195402.torrent.hybridlist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203195402.torrent.statistic
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205554.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205554.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205633.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205633.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205634.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205634.torrent.~tmp
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205634.torrent.bits
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205634.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205634.torrent.hybridlist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205634.torrent.seeds
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205634.torrent.statistic
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205741.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205741.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205746.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205746.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205747.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205747.torrent.~tmp
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205747.torrent.bits
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205747.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205747.torrent.hybridlist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205747.torrent.seeds
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203205747.torrent.statistic
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203210014.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203210014.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203210933.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203210933.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203210945.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203210945.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203210946.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203210946.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203210946.torrent.hybridlist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100203210946.torrent.statistic
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204081450.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204081450.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204081451.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204081451.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204081452.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204081452.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204125213.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204125213.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204125232.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204125232.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204125233.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204125233.torrent.hybridlist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204125233.torrent.statistic
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204125619.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204125619.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204125655.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204125655.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204125656.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204125656.torrent.hybridlist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204125656.torrent.statistic
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204162956.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204162956.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204164932.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204164932.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204164959.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204164959.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165000.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165000.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165000.torrent.hybridlist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165000.torrent.statistic
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165040.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165040.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165051.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165051.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165052.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165052.torrent.~tmp
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165052.torrent.bits
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165052.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165052.torrent.seeds
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165052.torrent.statistic
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165226.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165226.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165234.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165234.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165235.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165235.torrent.~tmp
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165235.torrent.bits
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165235.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165235.torrent.seeds
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204165235.torrent.statistic
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204170119.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204170119.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204170206.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204170206.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204170207.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204170207.torrent.~tmp
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204170207.torrent.bits
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204170207.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204170207.torrent.hybridlist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204170207.torrent.seeds
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204170207.torrent.statistic
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204170606.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204170606.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204170614.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204170614.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204183611.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204183611.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204183648.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100204183648.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205105926.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205105926.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205105927.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205105927.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205105928.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205105928.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205105929.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205105929.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205105930.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205105930.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205105931.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205105931.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205210407.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205210407.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205210411.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205210411.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205210419.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205210419.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205210420.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205210420.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205210420.torrent.hybridlist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100205210420.torrent.statistic
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100224200416.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100224200416.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100224201547.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100224201547.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100224201603.torrent
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100224201603.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100224201604.torrent.filelist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100224201604.torrent.hybridlist
c:\documents and settings\KEITH\Application Data\BITS\Torrent\20100224201604.torrent.statistic
c:\documents and settings\KEITH\Application Data\BITS\UPnP.ini
c:\documents and settings\KEITH\Application Data\FlashGetBHO
c:\documents and settings\KEITH\Application Data\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\KEITH\Application Data\FlashGetBHO\FlashGetHook.dll
c:\documents and settings\KEITH\Application Data\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\KEITH\Application Data\FlashGetBHO\GetUrl.htm
c:\documents and settings\KEITH\Application Data\Sexual_Secrets-Nik_Douglas__Penny_Slinger.exe
c:\windows\avihuqerofiboqa.dll
c:\windows\jestertb.dll
c:\windows\system32\secushr.dat
c:\windows\system32\secustat.dat

.
((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))
.

2010-08-06 14:36 . 2010-08-06 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-08-05 20:44 . 2010-08-05 20:44 -------- d-----w- c:\program files\Enigma Software Group
2010-08-05 20:43 . 2010-08-07 17:42 -------- d-----w- c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
2010-08-05 20:43 . 2010-08-05 20:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-04 20:08 . 2010-08-06 19:53 -------- d-----w- c:\program files\Multimedia Card Reader
2010-08-04 20:06 . 2010-08-04 20:06 -------- d-----w- c:\windows\Downloaded Installations
2010-08-04 18:30 . 2010-08-04 18:30 -------- d-----w- C:\TDSSKiller_Quarantine
2010-08-04 15:12 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 15:12 . 2010-08-04 15:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 15:12 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-03 20:50 . 2010-08-03 20:50 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-08-03 20:50 . 2010-08-03 20:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AskToolbar
2010-07-31 05:23 . 2010-07-31 05:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-28 18:52 . 2001-08-18 01:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-07-28 18:52 . 2001-08-18 01:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-07-28 18:52 . 2001-08-18 01:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-07-28 18:52 . 2001-08-18 01:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-07-28 18:52 . 2001-08-17 17:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-07-28 18:52 . 2001-08-17 17:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-07-28 18:52 . 2001-08-17 17:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-07-28 18:52 . 2001-08-17 17:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-07-28 18:52 . 2008-04-13 23:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-07-28 18:52 . 2008-04-13 23:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-07-28 18:52 . 2001-08-17 17:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-07-28 18:52 . 2001-08-17 17:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-07-24 20:09 . 2010-07-24 20:09 73216 ----a-w- c:\windows\system32\o.dat
2010-07-24 20:09 . 2010-07-24 20:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-24 05:06 . 2010-07-24 05:06 -------- d-----w- c:\documents and settings\KEITH\Local Settings\Application Data\LightScribe
2010-07-24 05:06 . 2010-07-24 05:06 -------- d-----w- c:\documents and settings\KEITH\Application Data\NeroDCTemplates
2010-07-23 16:36 . 2010-07-23 16:36 -------- d-----w- c:\documents and settings\KEITH\Local Settings\Application Data\Ahead
2010-07-21 00:46 . 2010-07-21 00:46 -------- d-----w- c:\documents and settings\KEITH\Application Data\ECBF64348F6CFA5FAC47B63B9281A5E7
2010-07-20 16:42 . 2010-07-20 16:42 17 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\jag2png.bat
2010-07-20 16:18 . 2010-07-20 16:42 -------- d-----w- c:\documents and settings\KEITH\Application Data\godzHell
2010-07-19 21:53 . 2010-08-08 13:01 0 ----a-w- c:\windows\Lgoveqodad.bin
2010-07-19 21:53 . 2010-08-07 21:23 120 ----a-w- c:\windows\Wlosefixip.dat
2010-07-19 21:53 . 2010-07-19 21:53 -------- d-----w- c:\documents and settings\KEITH\Local Settings\Application Data\{3DC5BBEC-E419-49BD-AB42-DA04BFEAE228}
2010-07-19 15:04 . 2010-07-24 20:01 -------- d-----w- c:\documents and settings\KEITH\Application Data\MSN6
2010-07-19 15:04 . 2010-07-19 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2010-07-15 13:47 . 2010-07-15 13:47 -------- d-----w- c:\documents and settings\KEITH\Application Data\Uniblue
2010-07-14 20:50 . 2010-08-05 23:05 -------- d-----w- c:\windows\system32\NtmsData
2010-07-14 20:49 . 2010-07-14 20:49 -------- d-----w- c:\documents and settings\KEITH\Application Data\Avira
2010-07-14 20:18 . 2010-03-01 13:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-14 20:18 . 2010-02-16 17:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-14 20:18 . 2009-05-11 15:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-14 20:18 . 2009-05-11 15:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-14 20:18 . 2010-07-14 20:18 -------- d-----w- c:\program files\Avira
2010-07-14 20:18 . 2010-07-14 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-07-14 18:49 . 2010-08-06 19:07 63488 ----a-w- c:\documents and settings\KEITH\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-14 18:49 . 2010-07-14 18:49 52224 ----a-w- c:\documents and settings\KEITH\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-14 18:49 . 2010-08-06 19:06 117760 ----a-w- c:\documents and settings\KEITH\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-14 18:48 . 2010-07-14 18:48 -------- d-----w- c:\documents and settings\KEITH\Application Data\SUPERAntiSpyware.com
2010-07-14 18:48 . 2010-07-14 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-14 18:48 . 2010-07-22 17:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-14 12:51 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 21:59 . 2010-07-12 21:59 -------- d--h--w- c:\windows\PIF
2010-07-12 18:36 . 2010-07-12 18:36 -------- d-----w- c:\documents and settings\KEITH\Application Data\Malwarebytes
2010-07-12 18:36 . 2010-07-12 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 13:08 . 2009-12-22 20:49 -------- d-----w- c:\documents and settings\KEITH\Application Data\uTorrent
2010-08-07 23:00 . 2010-02-22 01:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-07 17:31 . 2009-12-18 20:45 -------- d-----w- c:\program files\Lx_cats
2010-08-06 19:53 . 2009-12-17 17:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-04 13:44 . 2009-12-26 23:32 -------- d-----w- c:\documents and settings\KEITH\Application Data\Media Player Classic
2010-08-03 23:42 . 2009-12-16 21:45 13664 ----a-w- c:\documents and settings\KEITH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 23:20 . 2010-01-03 20:13 -------- d-----w- c:\program files\CCleaner
2010-07-21 13:33 . 2010-01-27 21:14 -------- d-----w- c:\program files\Vuze
2010-07-21 07:44 . 2009-12-16 21:26 0 ----a-w- c:\windows\system32\drivers\OMCI.SYS
2010-07-19 21:49 . 2010-01-27 21:15 -------- d-----w- c:\documents and settings\KEITH\Application Data\Azureus
2010-07-15 14:09 . 2009-12-28 23:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2010-07-15 13:26 . 2009-12-17 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-14 20:31 . 2010-03-12 20:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-11 21:54 . 2010-02-02 22:56 -------- d-----w- c:\documents and settings\KEITH\Application Data\vlc
2010-07-03 16:39 . 2010-07-03 16:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-06-28 14:58 . 2010-06-28 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-14 14:31 . 2009-12-16 20:16 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-05-28 16:22 . 2010-05-28 16:22 348160 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72d1e729-n\msvcr71.dll
2010-05-28 16:22 . 2010-05-28 16:22 503808 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72d1e729-n\msvcp71.dll
2010-05-28 16:22 . 2010-05-28 16:22 499712 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72d1e729-n\jmc.dll
2010-05-28 16:22 . 2010-05-28 16:22 61440 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6725dab1-n\decora-sse.dll
2010-05-28 16:22 . 2010-05-28 16:22 12800 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6725dab1-n\decora-d3d.dll
2010-05-28 14:13 . 2010-02-02 23:55 4141117 ----a-w- c:\documents and settings\KEITH\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2010-05-28 14:13 . 2010-02-02 23:55 7282688 ----a-w- c:\documents and settings\KEITH\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2004-08-10 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-04 21:04 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-22 322352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-22 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-04-27 69632]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-19 21:20 135664 ----atw- c:\documents and settings\KEITH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2010-02-11 15:51 32768 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-05-22 13:27 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxcfcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"29156:TCP"= 29156:TCP:ares

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 3:25 PM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 3:41 PM 67656]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/14/2010 5:18 PM 135336]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;c:\windows\system32\drivers\m4cxw2k3.sys [2/15/2007 9:04 AM 250752]
.
Contents of the 'Scheduled Tasks' folder

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-73586283-725345543-1004Core.job
- c:\documents and settings\KEITH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-19 21:20]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-73586283-725345543-1004UA.job
- c:\documents and settings\KEITH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-19 21:20]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\KEITH\Application Data\Mozilla\Firefox\Profiles\qyxlmfre.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL -
FF - plugin: c:\documents and settings\KEITH\Application Data\Mozilla\Firefox\Profiles\qyxlmfre.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\KEITH\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {3DC5BBEC-E419-49BD-AB42-DA04BFEAE228} - c:\documents and settings\KEITH\Local Settings\Application Data\{3DC5BBEC-E419-49BD-AB42-DA04BFEAE228}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKLM-Run-Fjudapaqekojot - c:\windows\avihuqerofiboqa.dll
SafeBoot-klmdb.sys
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-08 10:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86ED7B4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf77e4f28
\Driver\ACPI -> ACPI.sys @ 0xf7757cb8
\Driver\atapi -> atapi.sys @ 0xf76e9852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
user & kernel MBR OK
copy of MBR has been found in sector 0x0951A104
malicious code @ sector 0x0951A107 !
PE file found in sector at 0x0951A11D !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(232)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(292)
c:\windows\system32\WININET.dll
.
Completion time: 2010-08-08 10:46:22
ComboFix-quarantined-files.txt 2010-08-08 13:46

Pre-Run: 60,565,942,272 bytes free
Post-Run: 60,779,614,208 bytes free

- - End Of File - - 192F9BA5E202419DBDCAC6E799D9A1B8

HOPE i DID THIS RIGHT

keper

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-08-07
Operating System : windows professional 2002 serves pack3

View user profile

Back to top Go down

Re: trojan on my computer

Post by Sneakyone on Mon 09 Aug 2010, 6:31 am

Hi.

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    [You must be registered and logged in to see this link.]

    Killall::

    Collect::
    c:\windows\Lgoveqodad.bin
    c:\windows\Wlosefixip.dat

    Folder::
    c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
    c:\documents and settings\KEITH\Local Settings\Application Data\{3DC5BBEC-E419-49BD-AB42-DA04BFEAE228}

    Dirlook::
    c:\documents and settings\KEITH\Application Data\ECBF64348F6CFA5FAC47B63B9281A5E7
    c:\documents and settings\KEITH\Application Data\godzHell

    TDL::
    c:\windows\system32\drivers\tcpip.sys

    MBR::

    Reboot::

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: trojan on my computer

Post by keper on Mon 09 Aug 2010, 7:45 am

ComboFix 10-08-07.02 - KEITH 08/08/2010 17:22:50.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.710 [GMT -3:00]
Running from: c:\documents and settings\KEITH\Desktop\commy.exe
Command switches used :: c:\documents and settings\KEITH\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

file zipped: c:\windows\Lgoveqodad.bin
file zipped: c:\windows\Wlosefixip.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\KEITH\Local Settings\Application Data\{3DC5BBEC-E419-49BD-AB42-DA04BFEAE228}
c:\documents and settings\KEITH\Local Settings\Application Data\{3DC5BBEC-E419-49BD-AB42-DA04BFEAE228}\chrome.manifest
c:\documents and settings\KEITH\Local Settings\Application Data\{3DC5BBEC-E419-49BD-AB42-DA04BFEAE228}\chrome\content\_cfg.js
c:\documents and settings\KEITH\Local Settings\Application Data\{3DC5BBEC-E419-49BD-AB42-DA04BFEAE228}\chrome\content\overlay.xul
c:\documents and settings\KEITH\Local Settings\Application Data\{3DC5BBEC-E419-49BD-AB42-DA04BFEAE228}\install.rdf
c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP
c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP\WiseCustomCall.dll
c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP\WiseCustomCalla.dll
c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP\WiseCustomCalla17.dll
c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP\WiseCustomCalla18.exe
c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP\WiseCustomCalla19.dll
c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP\WiseCustomCalla2.dll
c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP\WiseCustomCalla20.dll
c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP\WiseCustomCalla21.dll
c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP\WiseCustomCalla21.exe
c:\windows\95431C66CF9A4913BFFF6050785AFB65.TMP\WiseData.ini
c:\windows\Lgoveqodad.bin
c:\windows\Wlosefixip.dat

Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected
Restored copy from - Kitty had a snack :p
Infected copy of c:\windows\system32\DRIVERS\tcpip.sys was found and disinfected
Restored copy from - Kitty had a snack :p
Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected
Restored copy from - Kitty had a snack :p
Infected copy of c:\windows\system32\DRIVERS\tcpip.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-07-08 to 2010-08-08 )))))))))))))))))))))))))))))))
.

2010-08-08 20:14 . 2008-06-20 11:59 361600 -c--a-w- c:\windows\system32\dllcache\tcpip.sys
2010-08-08 20:14 . 2008-06-20 11:59 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-08 20:04 . 2010-08-08 20:04 -------- d-----w- C:\commy
2010-08-06 14:36 . 2010-08-06 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-08-05 20:44 . 2010-08-05 20:44 -------- d-----w- c:\program files\Enigma Software Group
2010-08-05 20:43 . 2010-08-05 20:43 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-08-04 20:08 . 2010-08-06 19:53 -------- d-----w- c:\program files\Multimedia Card Reader
2010-08-04 20:06 . 2010-08-04 20:06 -------- d-----w- c:\windows\Downloaded Installations
2010-08-04 18:30 . 2010-08-04 18:30 -------- d-----w- C:\TDSSKiller_Quarantine
2010-08-04 15:12 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 15:12 . 2010-08-04 15:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 15:12 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-03 20:50 . 2010-08-03 20:50 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-08-03 20:50 . 2010-08-03 20:50 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AskToolbar
2010-07-31 05:23 . 2010-07-31 05:23 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-28 18:52 . 2001-08-18 01:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-07-28 18:52 . 2001-08-18 01:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-07-28 18:52 . 2001-08-18 01:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-07-28 18:52 . 2001-08-18 01:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-07-28 18:52 . 2001-08-17 17:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-07-28 18:52 . 2001-08-17 17:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-07-28 18:52 . 2001-08-17 17:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-07-28 18:52 . 2001-08-17 17:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-07-28 18:52 . 2008-04-13 23:09 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-07-28 18:52 . 2008-04-13 23:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-07-28 18:52 . 2001-08-17 17:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-07-28 18:52 . 2001-08-17 17:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-07-24 20:09 . 2010-07-24 20:09 73216 ----a-w- c:\windows\system32\o.dat
2010-07-24 20:09 . 2010-07-24 20:09 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-24 05:06 . 2010-07-24 05:06 -------- d-----w- c:\documents and settings\KEITH\Local Settings\Application Data\LightScribe
2010-07-24 05:06 . 2010-07-24 05:06 -------- d-----w- c:\documents and settings\KEITH\Application Data\NeroDCTemplates
2010-07-23 16:36 . 2010-07-23 16:36 -------- d-----w- c:\documents and settings\KEITH\Local Settings\Application Data\Ahead
2010-07-21 00:46 . 2010-07-21 00:46 -------- d-----w- c:\documents and settings\KEITH\Application Data\ECBF64348F6CFA5FAC47B63B9281A5E7
2010-07-20 16:42 . 2010-07-20 16:42 17 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\jag2png.bat
2010-07-20 16:18 . 2010-07-20 16:42 -------- d-----w- c:\documents and settings\KEITH\Application Data\godzHell
2010-07-19 15:04 . 2010-07-24 20:01 -------- d-----w- c:\documents and settings\KEITH\Application Data\MSN6
2010-07-19 15:04 . 2010-07-19 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2010-07-15 13:47 . 2010-07-15 13:47 -------- d-----w- c:\documents and settings\KEITH\Application Data\Uniblue
2010-07-14 20:50 . 2010-08-05 23:05 -------- d-----w- c:\windows\system32\NtmsData
2010-07-14 20:49 . 2010-07-14 20:49 -------- d-----w- c:\documents and settings\KEITH\Application Data\Avira
2010-07-14 20:18 . 2010-03-01 13:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-14 20:18 . 2010-02-16 17:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-14 20:18 . 2009-05-11 15:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-14 20:18 . 2009-05-11 15:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-14 20:18 . 2010-07-14 20:18 -------- d-----w- c:\program files\Avira
2010-07-14 20:18 . 2010-07-14 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-07-14 18:49 . 2010-08-06 19:07 63488 ----a-w- c:\documents and settings\KEITH\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-14 18:49 . 2010-07-14 18:49 52224 ----a-w- c:\documents and settings\KEITH\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-14 18:49 . 2010-08-06 19:06 117760 ----a-w- c:\documents and settings\KEITH\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-14 18:48 . 2010-07-14 18:48 -------- d-----w- c:\documents and settings\KEITH\Application Data\SUPERAntiSpyware.com
2010-07-14 18:48 . 2010-07-14 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-14 18:48 . 2010-07-22 17:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-14 12:51 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-12 21:59 . 2010-07-12 21:59 -------- d--h--w- c:\windows\PIF
2010-07-12 18:36 . 2010-07-12 18:36 -------- d-----w- c:\documents and settings\KEITH\Application Data\Malwarebytes
2010-07-12 18:36 . 2010-07-12 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-08 20:33 . 2009-12-22 20:49 -------- d-----w- c:\documents and settings\KEITH\Application Data\uTorrent
2010-08-08 18:57 . 2010-02-22 01:35 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-08 17:54 . 2009-12-18 20:45 -------- d-----w- c:\program files\Lx_cats
2010-08-06 19:53 . 2009-12-17 17:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-04 13:44 . 2009-12-26 23:32 -------- d-----w- c:\documents and settings\KEITH\Application Data\Media Player Classic
2010-08-03 23:42 . 2009-12-16 21:45 13664 ----a-w- c:\documents and settings\KEITH\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-22 23:20 . 2010-01-03 20:13 -------- d-----w- c:\program files\CCleaner
2010-07-21 13:33 . 2010-01-27 21:14 -------- d-----w- c:\program files\Vuze
2010-07-21 07:44 . 2009-12-16 21:26 0 ----a-w- c:\windows\system32\drivers\OMCI.SYS
2010-07-19 21:49 . 2010-01-27 21:15 -------- d-----w- c:\documents and settings\KEITH\Application Data\Azureus
2010-07-15 14:09 . 2009-12-28 23:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2010-07-15 13:26 . 2009-12-17 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-14 20:31 . 2010-03-12 20:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-11 21:54 . 2010-02-02 22:56 -------- d-----w- c:\documents and settings\KEITH\Application Data\vlc
2010-07-03 16:39 . 2010-07-03 16:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-06-28 14:58 . 2010-06-28 14:58 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-14 14:31 . 2009-12-16 20:16 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-05-28 16:22 . 2010-05-28 16:22 348160 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72d1e729-n\msvcr71.dll
2010-05-28 16:22 . 2010-05-28 16:22 503808 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72d1e729-n\msvcp71.dll
2010-05-28 16:22 . 2010-05-28 16:22 499712 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-72d1e729-n\jmc.dll
2010-05-28 16:22 . 2010-05-28 16:22 61440 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6725dab1-n\decora-sse.dll
2010-05-28 16:22 . 2010-05-28 16:22 12800 ----a-w- c:\documents and settings\KEITH\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6725dab1-n\decora-d3d.dll
2010-05-28 14:13 . 2010-02-02 23:55 4141117 ----a-w- c:\documents and settings\KEITH\Application Data\Azureus\plugins\vuzexcode\mediainfo.exe
2010-05-28 14:13 . 2010-02-02 23:55 7282688 ----a-w- c:\documents and settings\KEITH\Application Data\Azureus\plugins\vuzexcode\ffmpeg.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\KEITH\Application Data\ECBF64348F6CFA5FAC47B63B9281A5E7 ----


---- Directory of c:\documents and settings\KEITH\Application Data\godzHell ----

2010-07-20 16:42 . 2010-07-20 16:42 1 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\lastupdate.txt
2010-07-20 16:42 . 2010-07-20 16:42 99330 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\galkon.png
2010-07-20 16:42 . 2010-07-20 16:42 63685 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\zn12n
2010-07-20 16:42 . 2010-07-20 16:42 154683 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\zl3kp
2010-07-20 16:42 . 2010-07-20 16:42 98729 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\zko34
2010-07-20 16:42 . 2010-07-20 16:42 114375 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\zck35
2010-07-20 16:42 . 2010-07-20 16:42 4 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\uid.dat
2010-07-20 16:42 . 2010-07-20 16:42 354341 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\worldmap.dat
2010-07-20 16:42 . 2010-07-20 16:42 554 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS2 2.png
2010-07-20 16:42 . 2010-07-20 16:42 660 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS2 1.png
2010-07-20 16:42 . 2010-07-20 16:42 632 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS2 03.png
2010-07-20 16:42 . 2010-07-20 16:42 417 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS 9.png
2010-07-20 16:42 . 2010-07-20 16:42 628 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS2 0.png
2010-07-20 16:42 . 2010-07-20 16:42 428 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS 8.png
2010-07-20 16:42 . 2010-07-20 16:42 462 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS 6.png
2010-07-20 16:42 . 2010-07-20 16:42 638 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS 7.png
2010-07-20 16:42 . 2010-07-20 16:42 570 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS 4.png
2010-07-20 16:42 . 2010-07-20 16:42 629 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS 5.png
2010-07-20 16:42 . 2010-07-20 16:42 581 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS 3.png
2010-07-20 16:42 . 2010-07-20 16:42 474 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS 2.png
2010-07-20 16:42 . 2010-07-20 16:42 605 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS 16.png
2010-07-20 16:42 . 2010-07-20 16:42 534 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS 17.png
2010-07-20 16:42 . 2010-07-20 16:42 605 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS 14.png
2010-07-20 16:42 . 2010-07-20 16:42 563 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS 15.png
2010-07-20 16:42 . 2010-07-20 16:42 450 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS 13.png
2010-07-20 16:42 . 2010-07-20 16:42 601 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS 10.png
2010-07-20 16:42 . 2010-07-20 16:42 567 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS 11.png
2010-07-20 16:42 . 2010-07-20 16:42 524 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS 12.png
2010-07-20 16:42 . 2010-07-20 16:42 4454 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\sound4.wav
2010-07-20 16:42 . 2010-07-20 16:42 715 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS 0.png
2010-07-20 16:42 . 2010-07-20 16:42 483 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\STATICONS 1.png
2010-07-20 16:42 . 2010-07-20 16:42 4454 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\sound3.wav
2010-07-20 16:42 . 2010-07-20 16:42 11289 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\sound0.wav
2010-07-20 16:42 . 2010-07-20 16:42 41939 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\sound1.wav
2010-07-20 16:42 . 2010-07-20 16:42 68399 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\sound2.wav
2010-07-20 16:42 . 2010-07-20 16:42 513 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\SIDEICONS 8.png
2010-07-20 16:42 . 2010-07-20 16:42 765 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\SIDEICONS 9.png
2010-07-20 16:42 . 2010-07-20 16:42 861 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\SIDEICONS 6.png
2010-07-20 16:42 . 2010-07-20 16:42 613 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\SIDEICONS 7.png
2010-07-20 16:42 . 2010-07-20 16:42 1151 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\SIDEICONS 3.png
2010-07-20 16:42 . 2010-07-20 16:42 688 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\SIDEICONS 4.png
2010-07-20 16:42 . 2010-07-20 16:42 428 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\SIDEICONS 5.png
2010-07-20 16:42 . 2010-07-20 16:42 513 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\SIDEICONS 13.png
2010-07-20 16:42 . 2010-07-20 16:42 706 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\SIDEICONS 2.png
2010-07-20 16:42 . 2010-07-20 16:42 587 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\SIDEICONS 11.png
2010-07-20 16:42 . 2010-07-20 16:42 566 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\SIDEICONS 12.png
2010-07-20 16:42 . 2010-07-20 16:42 531 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\SIDEICONS 1.png
2010-07-20 16:42 . 2010-07-20 16:42 376 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\SIDEICONS 10.png
2010-07-20 16:42 . 2010-07-20 16:42 683 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\SIDEICONS 0.png
2010-07-20 16:42 . 2010-07-20 16:42 426 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\SCROLLBAR 1.png
2010-07-20 16:42 . 2010-07-20 16:42 17836 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\shared_game_unpacker.dat
2010-07-20 16:42 . 2010-07-20 16:42 1813 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\REDSTONE2 0.png
2010-07-20 16:42 . 2010-07-20 16:42 429 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\SCROLLBAR 0.png
2010-07-20 16:42 . 2010-07-20 16:42 2182 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\REDSTONE1 3.png
2010-07-20 16:42 . 2010-07-20 16:42 2156 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\REDSTONE1 1.png
2010-07-20 16:42 . 2010-07-20 16:42 2188 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\REDSTONE1 2.png
2010-07-20 16:42 . 2010-07-20 16:42 2140 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\REDSTONE1 0.png
2010-07-20 16:42 . 2010-07-20 16:42 289822 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\plam3
2010-07-20 16:42 . 2010-07-20 16:42 142383 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\mn24j
2010-07-20 16:42 . 2010-07-20 16:42 10003 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\MAPBACK 0.png
2010-07-20 16:42 . 2010-07-20 16:42 8714 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\MAPBACK 0.jag
2010-07-20 16:42 . 2010-07-20 16:42 48212 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\lam3n
2010-07-20 16:42 . 2010-07-20 16:42 37629 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\k4o2n
2010-07-20 16:42 . 2010-07-20 16:42 4990 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\k23lk
2010-07-20 16:42 . 2010-07-20 16:42 19358 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\jingle4.mid
2010-07-20 16:42 . 2010-07-20 16:42 61436 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\jingle1.mp3
2010-07-20 16:42 . 2010-07-20 16:42 19358 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\jingle2.mid
2010-07-20 16:42 . 2010-07-20 16:42 19358 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\jingle3.mid
2010-07-20 16:42 . 2010-07-20 16:42 17 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\jag2png.bat
2010-07-20 16:42 . 2010-07-20 16:42 25351 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\jingle0.mid
2010-07-20 16:42 . 2010-07-20 17:05 61436 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\jingle1.mid
2010-07-20 16:42 . 2010-07-20 16:42 65697 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\INVBACK 0.png
2010-07-20 16:42 . 2010-07-20 16:42 118176 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\g34zx
2010-07-20 16:42 . 2010-07-20 16:42 1556 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\COMPASS 0.png
2010-07-20 16:42 . 2010-07-20 16:42 10003 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\Copy of MAPBACK 0.png
2010-07-20 16:42 . 2010-07-20 16:42 1271 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\CHATBACK 0.png
2010-07-20 16:42 . 2010-07-20 16:42 226185 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\code.dat
2010-07-20 16:42 . 2010-07-20 16:42 975 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\BACKTOP1 0.png
2010-07-20 16:42 . 2010-07-20 16:42 3934 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\BACKVMID1 0.png
2010-07-20 16:42 . 2010-07-20 16:42 3578 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\BACKVMID2 0.png
2010-07-20 16:42 . 2010-07-20 16:42 5478 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\BACKVMID3 0.png
2010-07-20 16:42 . 2010-07-20 16:42 1469 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\BACKLEFT2 0.png
2010-07-20 16:42 . 2010-07-20 16:42 3910 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\BACKRIGHT1 0.png
2010-07-20 16:42 . 2010-07-20 16:42 3350 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\BACKRIGHT2 0.png
2010-07-20 16:42 . 2010-07-20 16:42 6133 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\BACKHMID2 0.png
2010-07-20 16:42 . 2010-07-20 16:42 389 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\BACKLEFT1 0.png
2010-07-20 16:42 . 2010-07-20 16:42 7292 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\BACKBASE2 0.png
2010-07-20 16:42 . 2010-07-20 16:42 8516 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\BACKHMID1 0.png
2010-07-20 16:42 . 2010-07-20 16:42 13190 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\BACKBASE1 0.png
2010-07-20 16:42 . 2010-07-20 16:42 59481 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\a2155
2010-07-20 16:42 . 2010-07-20 16:42 244467 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\94jfj
2010-07-20 16:42 . 2010-07-20 16:42 58819 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\1jfds
2010-07-20 16:18 . 2010-07-20 16:42 8340 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\main_file_cache.idx4
2010-07-20 16:18 . 2010-07-20 16:42 3876 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\main_file_cache.idx3
2010-07-20 16:18 . 2010-07-20 16:42 6264 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\main_file_cache.idx2
2010-07-20 16:18 . 2010-07-20 16:42 19991578 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\main_file_cache.dat
2010-07-20 16:18 . 2010-07-20 16:42 54 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\main_file_cache.idx0
2010-07-20 16:18 . 2010-07-20 16:42 168834 ----a-w- c:\documents and settings\KEITH\Application Data\godzHell\main_file_cache.idx1


((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-08 20:32 . 2010-08-08 20:32 16384 c:\windows\temp\Perflib_Perfdata_190.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-04 21:04 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-04 1144712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-22 322352]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-22 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-04-27 69632]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-19 21:20 135664 ----atw- c:\documents and settings\KEITH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2010-02-11 15:51 32768 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-05-22 13:27 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxcfcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"29156:TCP"= 29156:TCP:ares

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 3:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 3:41 PM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/14/2010 5:18 PM 135336]
R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;c:\windows\system32\drivers\m4cxw2k3.sys [2/15/2007 9:04 AM 250752]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-73586283-725345543-1004Core.job
- c:\documents and settings\KEITH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-19 21:20]

2010-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-73586283-725345543-1004UA.job
- c:\documents and settings\KEITH\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-19 21:20]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\KEITH\Application Data\Mozilla\Firefox\Profiles\qyxlmfre.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL -
FF - plugin: c:\documents and settings\KEITH\Application Data\Mozilla\Firefox\Profiles\qyxlmfre.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\KEITH\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-08-08 17:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86C69B4C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76e4f28
\Driver\ACPI -> ACPI.sys @ 0xf7657cb8
\Driver\atapi -> atapi.sys @ 0xf75e9852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: D-Link DGE-530T V.B1 Gigabit Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf74cabb0
PacketIndicateHandler -> NDIS.sys @ 0xf74d7a21
SendHandler -> NDIS.sys @ 0xf74b587b
user & kernel MBR OK
copy of MBR has been found in sector 0x0951A104
malicious code @ sector 0x0951A107 !
PE file found in sector at 0x0951A11D !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL

- - - - - - - > 'lsass.exe'(764)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2508)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-08 17:41:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-08 20:40
ComboFix2.txt 2010-08-08 13:46

Pre-Run: 60,567,474,176 bytes free
Post-Run: 60,556,255,232 bytes free

- - End Of File - - 60DC1934D2A310F223C6CB2BFDF9DDA3
thanks for your help keper

keper

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-08-07
Operating System : windows professional 2002 serves pack3

View user profile

Back to top Go down

Re: trojan on my computer

Post by Sneakyone on Mon 09 Aug 2010, 8:08 am

Hi.

Download MBRCheck to your desktop.
  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: trojan on my computer

Post by keper on Mon 09 Aug 2010, 8:18 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 131):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0x86E41000 \WINDOWS\system32\KDCOM.DLL
0xF7AB4000 \WINDOWS\system32\BOOTVID.dll
0xF7651000 ACPI.sys
0xF7BA0000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7640000 pci.sys
0xF76A0000 isapnp.sys
0xF7C68000 PCIIde.sys
0xF7920000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF7BA2000 intelide.sys
0xF76B0000 MountMgr.sys
0xF7621000 ftdisk.sys
0xF7BA4000 dmload.sys
0xF75FB000 dmio.sys
0xF7928000 PartMgr.sys
0xF76C0000 VolSnap.sys
0xF75E3000 atapi.sys
0xF7930000 cercsr6.sys
0xF75CB000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF76D0000 disk.sys
0xF76E0000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF75AB000 fltmgr.sys
0xF7599000 sr.sys
0xF76F0000 PxHelp20.sys
0xF7582000 KSecDD.sys
0xF756F000 WudfPf.sys
0xF74E2000 Ntfs.sys
0xF74B5000 NDIS.sys
0xF749B000 Mup.sys
0xF7830000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF79F8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF742F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7A00000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7351000 \SystemRoot\System32\DRIVERS\HCF_MSFT.sys
0xF7A08000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7313000 \SystemRoot\system32\DRIVERS\m4cxw2k3.sys
0xF7A10000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7840000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7B58000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7A18000 \SystemRoot\System32\DRIVERS\irsir.sys
0xF7B5C000 \SystemRoot\System32\DRIVERS\irenum.sys
0xF72FF000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7850000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7B60000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
0xF7A20000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7860000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF7870000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF7880000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF72DC000 \SystemRoot\System32\DRIVERS\ks.sys
0xF70AB000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF7087000 \SystemRoot\system32\drivers\portcls.sys
0xF7890000 \SystemRoot\system32\drivers\drmk.sys
0xF78A0000 \SystemRoot\system32\drivers\povrtdev.sys
0xF7DB9000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7A28000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF7A30000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF78B0000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7B70000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF7070000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF78C0000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF78D0000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7037000 \SystemRoot\System32\DRIVERS\psched.sys
0xF78E0000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7A38000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7A40000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7007000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF78F0000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7A48000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7BBC000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF6F09000 \SystemRoot\System32\DRIVERS\update.sys
0xF7B94000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7900000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7910000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BBE000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7A50000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7BE4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7DED000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BE6000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A60000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF7A68000 \SystemRoot\System32\drivers\vga.sys
0xF6ECD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF7BE8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BEA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A70000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A78000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B40000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF6E72000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF6E19000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF6DF1000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF6DCF000 \SystemRoot\System32\drivers\afd.sys
0xF7750000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF7A80000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF6DAD000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7A88000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF6D82000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF6D12000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF7770000 \SystemRoot\System32\Drivers\Fips.SYS
0xF6CEC000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7780000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF6CCA000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7BEE000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF77B0000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7A90000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7050000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF77C0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7A98000 \SystemRoot\system32\DRIVERS\LHidKE.Sys
0xF704C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF6BF1000 \SystemRoot\system32\DRIVERS\LMouKE.Sys
0xF6BD9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7BF4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6EF9000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7AA8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D0A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF6924000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF672E000 \SystemRoot\System32\DRIVERS\irda.sys
0xF6838000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF6521000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF64FD000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF6420000 \SystemRoot\system32\drivers\wdmaud.sys
0xF65D6000 \SystemRoot\system32\drivers\sysaudio.sys
0xF6282000 \??\C:\WINDOWS\system32\drivers\Haspnt.sys
0xF7C04000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF6174000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xF60F5000 \SystemRoot\System32\DRIVERS\srv.sys
0xF5E0C000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 29):
0 System Idle Process
4 System
604 C:\WINDOWS\system32\smss.exe
668 csrss.exe
700 C:\WINDOWS\system32\winlogon.exe
748 C:\WINDOWS\system32\services.exe
760 C:\WINDOWS\system32\lsass.exe
936 C:\WINDOWS\system32\svchost.exe
1020 svchost.exe
1120 C:\WINDOWS\system32\svchost.exe
1168 C:\WINDOWS\system32\svchost.exe
1432 svchost.exe
1628 svchost.exe
1692 C:\WINDOWS\explorer.exe
1916 C:\WINDOWS\system32\spoolsv.exe
1972 C:\Program Files\Avira\AntiVir Desktop\sched.exe
2044 svchost.exe
352 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
368 C:\Program Files\uTorrent\uTorrent.exe
376 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
1564 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1660 C:\Program Files\Java\jre6\bin\jqs.exe
1780 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
176 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
264 C:\WINDOWS\system32\svchost.exe
2720 alg.exe
3504 C:\WINDOWS\system32\svchost.exe
3428 C:\Program Files\Mozilla Firefox\firefox.exe
3308 C:\Documents and Settings\KEITH\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGSP0802N, Rev: TK100-30

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 3DD27C7EE9B2D8B2CB511843C79460E5DB3CA995


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

keper

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-08-07
Operating System : windows professional 2002 serves pack3

View user profile

Back to top Go down

Re: trojan on my computer

Post by Sneakyone on Mon 09 Aug 2010, 8:21 am

Hi.

Run MBRCheck.exe
  • Run MBRCheck.exe
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter 2 and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter 1 for Windows XP, and then press Enter.
  • When asked Do you want to fix the MBR code? type in YES and press enter
  • Restart your PC.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: trojan on my computer

Post by keper on Mon 09 Aug 2010, 9:52 am

I ran mbrcheck.exe and everything worked. Should I now run malwarebytes or superantispyware or avira or all of the above. Thank you very much for all your help sneakyone I really appricate it keper.

keper

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-08-07
Operating System : windows professional 2002 serves pack3

View user profile

Back to top Go down

Re: trojan on my computer

Post by Sneakyone on Mon 09 Aug 2010, 9:54 am

Hi.

Could you please run MBRCheck again without doing any fixes and post the log here.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: trojan on my computer

Post by keper on Tue 10 Aug 2010, 8:01 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 131):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0x86E0A000 \WINDOWS\system32\KDCOM.DLL
0xF7AB4000 \WINDOWS\system32\BOOTVID.dll
0xF7651000 ACPI.sys
0xF7BA0000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7640000 pci.sys
0xF76A0000 isapnp.sys
0xF7C68000 PCIIde.sys
0xF7920000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF7BA2000 intelide.sys
0xF76B0000 MountMgr.sys
0xF7621000 ftdisk.sys
0xF7BA4000 dmload.sys
0xF75FB000 dmio.sys
0xF7928000 PartMgr.sys
0xF76C0000 VolSnap.sys
0xF75E3000 atapi.sys
0xF7930000 cercsr6.sys
0xF75CB000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF76D0000 disk.sys
0xF76E0000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF75AB000 fltmgr.sys
0xF7599000 sr.sys
0xF76F0000 PxHelp20.sys
0xF7582000 KSecDD.sys
0xF756F000 WudfPf.sys
0xF74E2000 Ntfs.sys
0xF74B5000 NDIS.sys
0xF749B000 Mup.sys
0xF7800000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF79E0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF742F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79E8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7351000 \SystemRoot\System32\DRIVERS\HCF_MSFT.sys
0xF79F0000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7313000 \SystemRoot\system32\DRIVERS\m4cxw2k3.sys
0xF79F8000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7810000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7B54000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7A00000 \SystemRoot\System32\DRIVERS\irsir.sys
0xF7B58000 \SystemRoot\System32\DRIVERS\irenum.sys
0xF72FF000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7820000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7B5C000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
0xF7A08000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7830000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF7840000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF7850000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF72DC000 \SystemRoot\System32\DRIVERS\ks.sys
0xF70AB000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF7087000 \SystemRoot\system32\drivers\portcls.sys
0xF7860000 \SystemRoot\system32\drivers\drmk.sys
0xF7870000 \SystemRoot\system32\drivers\povrtdev.sys
0xF7DA8000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7A10000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF7A18000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7880000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7B6C000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF7070000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7890000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF78A0000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7037000 \SystemRoot\System32\DRIVERS\psched.sys
0xF78B0000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7A20000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7A28000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7007000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF78C0000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7A30000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7BBE000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF6F09000 \SystemRoot\System32\DRIVERS\update.sys
0xF7B90000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF78D0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF78E0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BC0000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7A50000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7BF2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7DF7000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BF4000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A60000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF7A68000 \SystemRoot\System32\drivers\vga.sys
0xF6ECD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF7BF6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BF8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A70000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A78000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B48000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF6E72000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF6E19000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF6DF1000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF6DCF000 \SystemRoot\System32\drivers\afd.sys
0xF7750000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF7A80000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF6DAD000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7A88000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF6D82000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF6D12000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF7770000 \SystemRoot\System32\Drivers\Fips.SYS
0xF6CEC000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7790000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF6CCA000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7C04000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF7AA8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF77C0000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF6EF1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF77E0000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7960000 \SystemRoot\system32\DRIVERS\LHidKE.Sys
0xF6EED000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF6BF1000 \SystemRoot\system32\DRIVERS\LMouKE.Sys
0xF6BD9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C08000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF745B000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7978000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D3A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF6884000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF672E000 \SystemRoot\System32\DRIVERS\irda.sys
0xF682C000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF652A000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF6475000 \SystemRoot\system32\drivers\wdmaud.sys
0xF649A000 \SystemRoot\system32\drivers\sysaudio.sys
0xF63D2000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF6F97000 \??\C:\WINDOWS\system32\drivers\Haspnt.sys
0xF7C0C000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF6174000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xF60F5000 \SystemRoot\System32\DRIVERS\srv.sys
0xF5D94000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 29):
0 System Idle Process
4 System
604 C:\WINDOWS\system32\smss.exe
668 csrss.exe
700 C:\WINDOWS\system32\winlogon.exe
748 C:\WINDOWS\system32\services.exe
760 C:\WINDOWS\system32\lsass.exe
936 C:\WINDOWS\system32\svchost.exe
1008 svchost.exe
1228 C:\WINDOWS\system32\svchost.exe
1432 svchost.exe
1652 svchost.exe
1660 C:\WINDOWS\explorer.exe
1904 C:\WINDOWS\system32\spoolsv.exe
1960 C:\Program Files\Avira\AntiVir Desktop\sched.exe
304 svchost.exe
364 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
380 C:\Program Files\uTorrent\uTorrent.exe
388 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
436 C:\WINDOWS\system32\ctfmon.exe
1548 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1608 C:\Program Files\Java\jre6\bin\jqs.exe
1972 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1244 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
264 C:\WINDOWS\system32\svchost.exe
2788 alg.exe
3628 C:\WINDOWS\system32\svchost.exe
3836 C:\WINDOWS\system32\svchost.exe
2704 C:\Documents and Settings\KEITH\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGSP0802N, Rev: TK100-30

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 3DD27C7EE9B2D8B2CB511843C79460E5DB3CA995


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

keper

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-08-07
Operating System : windows professional 2002 serves pack3

View user profile

Back to top Go down

Re: trojan on my computer

Post by Sneakyone on Tue 10 Aug 2010, 8:31 am

Hi.

Please download TDSSKiller from here and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: trojan on my computer

Post by keper on Tue 10 Aug 2010, 8:45 am

2010/08/09 18:44:30.0093 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/09 18:44:30.0093 ================================================================================
2010/08/09 18:44:30.0093 SystemInfo:
2010/08/09 18:44:30.0093
2010/08/09 18:44:30.0093 OS Version: 5.1.2600 ServicePack: 3.0
2010/08/09 18:44:30.0093 Product type: Workstation
2010/08/09 18:44:30.0093 ComputerName: KEITH-ROF6TH9D8
2010/08/09 18:44:30.0093 UserName: KEITH
2010/08/09 18:44:30.0093 Windows directory: C:\WINDOWS
2010/08/09 18:44:30.0093 System windows directory: C:\WINDOWS
2010/08/09 18:44:30.0109 Processor architecture: Intel x86
2010/08/09 18:44:30.0109 Number of processors: 1
2010/08/09 18:44:30.0109 Page size: 0x1000
2010/08/09 18:44:30.0109 Boot type: Normal boot
2010/08/09 18:44:30.0109 ================================================================================
2010/08/09 18:44:30.0578 Initialize success
2010/08/09 18:44:37.0406 ================================================================================
2010/08/09 18:44:37.0406 Scan started
2010/08/09 18:44:37.0406 Mode: Manual;
2010/08/09 18:44:37.0406 ================================================================================
2010/08/09 18:44:38.0062 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/09 18:44:38.0203 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/09 18:44:38.0406 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/08/09 18:44:38.0609 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/08/09 18:44:38.0968 ALCXWDM (933933288df5ed26d1928215c97d05c7) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2010/08/09 18:44:39.0703 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/09 18:44:39.0859 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/09 18:44:39.0984 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/09 18:44:40.0093 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/09 18:44:40.0250 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2010/08/09 18:44:40.0390 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2010/08/09 18:44:40.0515 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2010/08/09 18:44:40.0687 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/09 18:44:40.0828 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/09 18:44:41.0015 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/09 18:44:41.0156 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/09 18:44:41.0296 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/09 18:44:41.0437 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2010/08/09 18:44:41.0984 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/09 18:44:42.0171 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/09 18:44:42.0375 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys
2010/08/09 18:44:42.0515 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/09 18:44:42.0687 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/09 18:44:42.0875 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/09 18:44:43.0281 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/09 18:44:43.0421 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/09 18:44:43.0515 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/09 18:44:43.0625 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/09 18:44:43.0750 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/08/09 18:44:43.0937 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/09 18:44:44.0046 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/09 18:44:44.0187 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/09 18:44:44.0328 Hardlock (ed32d389f8b0e74e400932e020bcfbdf) C:\WINDOWS\system32\drivers\hardlock.sys
2010/08/09 18:44:44.0625 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
2010/08/09 18:44:44.0750 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
2010/08/09 18:44:45.0031 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/09 18:44:45.0250 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/09 18:44:45.0546 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/09 18:44:45.0750 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/09 18:44:45.0953 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/08/09 18:44:46.0031 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/08/09 18:44:46.0156 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/08/09 18:44:46.0234 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/09 18:44:46.0312 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/09 18:44:46.0390 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/09 18:44:46.0515 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/09 18:44:46.0671 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2010/08/09 18:44:46.0765 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/09 18:44:46.0937 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2010/08/09 18:44:47.0062 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/09 18:44:47.0203 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/09 18:44:47.0296 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/09 18:44:47.0390 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/09 18:44:47.0562 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/09 18:44:47.0687 L8042Kbd (1554d5168e9d3d9dd26d88f1ab72a1b4) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2010/08/09 18:44:47.0765 L8042mou (70674a18915b0125c54d49a3cef7e7ea) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2010/08/09 18:44:48.0015 LHidKe (daf45f0a91a508e24f0df886618e2a80) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
2010/08/09 18:44:48.0234 LMouKE (695cad01ccdac6f8ddb80375ea80e4a6) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2010/08/09 18:44:48.0390 m4cxw2k3 (59e32e07b7a362532a9c80774bca8c28) C:\WINDOWS\system32\DRIVERS\m4cxw2k3.sys
2010/08/09 18:44:48.0578 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/09 18:44:48.0687 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/09 18:44:48.0781 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/09 18:44:48.0937 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/09 18:44:49.0062 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/09 18:44:49.0234 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/09 18:44:49.0375 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/09 18:44:49.0593 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/09 18:44:49.0718 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/09 18:44:49.0781 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/09 18:44:49.0828 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/09 18:44:49.0953 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/09 18:44:50.0046 msvad_simple (ba03a176197d06ecaf0da86942375156) C:\WINDOWS\system32\drivers\povrtdev.sys
2010/08/09 18:44:50.0125 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/09 18:44:50.0234 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/09 18:44:50.0390 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/09 18:44:50.0546 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/09 18:44:50.0640 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/09 18:44:50.0750 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/09 18:44:50.0859 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/09 18:44:51.0000 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/09 18:44:51.0281 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/09 18:44:51.0375 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/09 18:44:51.0546 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/09 18:44:51.0640 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/09 18:44:51.0750 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/09 18:44:51.0828 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/09 18:44:51.0906 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/09 18:44:51.0984 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/09 18:44:52.0078 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/09 18:44:52.0265 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2010/08/09 18:44:52.0343 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/09 18:44:52.0843 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/09 18:44:52.0953 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/09 18:44:53.0062 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/09 18:44:53.0125 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/09 18:44:53.0218 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2010/08/09 18:44:53.0671 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/09 18:44:53.0828 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2010/08/09 18:44:53.0890 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/09 18:44:53.0968 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/09 18:44:54.0109 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/09 18:44:54.0218 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/09 18:44:54.0328 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/09 18:44:54.0421 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/09 18:44:54.0609 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/09 18:44:54.0765 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/09 18:44:55.0078 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/08/09 18:44:55.0140 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/08/09 18:44:55.0375 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/09 18:44:55.0500 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/09 18:44:55.0609 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/09 18:44:55.0859 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/09 18:44:56.0156 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/09 18:44:56.0312 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/09 18:44:56.0484 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/09 18:44:56.0640 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2010/08/09 18:44:56.0875 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/09 18:44:56.0984 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/09 18:44:57.0296 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/09 18:44:57.0453 Tcpip (ad978a1b783b5719720cff204b666c8e) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/09 18:44:57.0578 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/09 18:44:57.0671 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/09 18:44:57.0765 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/09 18:44:58.0046 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/09 18:44:58.0203 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/09 18:44:58.0421 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/09 18:44:58.0546 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/09 18:44:58.0625 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/09 18:44:58.0734 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/09 18:44:58.0812 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/09 18:44:58.0921 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/09 18:44:59.0015 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/08/09 18:44:59.0109 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/08/09 18:44:59.0265 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/09 18:44:59.0421 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/09 18:44:59.0625 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/09 18:45:00.0015 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2010/08/09 18:45:00.0234 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/08/09 18:45:00.0390 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/08/09 18:45:00.0531 ================================================================================
2010/08/09 18:45:00.0531 Scan finished
2010/08/09 18:45:00.0531 ================================================================================

keper

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-08-07
Operating System : windows professional 2002 serves pack3

View user profile

Back to top Go down

Re: trojan on my computer

Post by Sneakyone on Tue 10 Aug 2010, 8:55 am

Hi.

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: [You must be registered and logged in to see this link.]
  • After extracing remover.exe to your Desktop, and run this:

    Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:
    Code:
    @ECHO OFF
    START remover.exe fix \\.\PhysicalDrive0
    EXIT
    Save this as fix.bat Choose to "Save type as - All Files"
    It should look like this:
    Double click on fix.bat & allow it to run

  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL C
  • Open a Notepad and press CTRL V
  • Post the output back here.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: trojan on my computer

Post by keper on Tue 10 Aug 2010, 11:21 am

I downloaded bootkit remover and I extracted to desktop and than ran it.
I than opened note pad and copied text and pasted into quote box.I saved it as fix.bat and saved it to all files an icon appeared and I double clicked on the icon.I right clicked in black box and selected all than I press ctrl c at the same time and the black box disappeared. I than clicked on note pad and clicked ctrl v and nothing happened.I am sure I am doing something wrong. Thanks for all your help Keper

keper

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-08-07
Operating System : windows professional 2002 serves pack3

View user profile

Back to top Go down

Re: trojan on my computer

Post by Sneakyone on Tue 10 Aug 2010, 4:50 pm

Hi.

Please run MBRCheck again and post the log here.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: trojan on my computer

Post by keper on Tue 10 Aug 2010, 9:46 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 131):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0x86C6F000 \WINDOWS\system32\KDCOM.DLL
0xF7AB4000 \WINDOWS\system32\BOOTVID.dll
0xF7651000 ACPI.sys
0xF7BA0000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7640000 pci.sys
0xF76A0000 isapnp.sys
0xF7C68000 PCIIde.sys
0xF7920000 \WINDOWS\System32\Drivers\PCIIDEX.SYS
0xF7BA2000 intelide.sys
0xF76B0000 MountMgr.sys
0xF7621000 ftdisk.sys
0xF7BA4000 dmload.sys
0xF75FB000 dmio.sys
0xF7928000 PartMgr.sys
0xF76C0000 VolSnap.sys
0xF75E3000 atapi.sys
0xF7930000 cercsr6.sys
0xF75CB000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF76D0000 disk.sys
0xF76E0000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF75AB000 fltmgr.sys
0xF7599000 sr.sys
0xF76F0000 PxHelp20.sys
0xF7582000 KSecDD.sys
0xF756F000 WudfPf.sys
0xF74E2000 Ntfs.sys
0xF74B5000 NDIS.sys
0xF749B000 Mup.sys
0xF7820000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF79C8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF742F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79D0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7351000 \SystemRoot\System32\DRIVERS\HCF_MSFT.sys
0xF79D8000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7313000 \SystemRoot\system32\DRIVERS\m4cxw2k3.sys
0xF79E0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7830000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7B60000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF79E8000 \SystemRoot\System32\DRIVERS\irsir.sys
0xF7B64000 \SystemRoot\System32\DRIVERS\irenum.sys
0xF72FF000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7840000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7B68000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
0xF79F0000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7850000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF7860000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF7870000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF72DC000 \SystemRoot\System32\DRIVERS\ks.sys
0xF70AB000 \SystemRoot\system32\drivers\ALCXWDM.SYS
0xF7087000 \SystemRoot\system32\drivers\portcls.sys
0xF7880000 \SystemRoot\system32\drivers\drmk.sys
0xF7890000 \SystemRoot\system32\drivers\povrtdev.sys
0xF7DC0000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF79F8000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF7A00000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF78A0000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7B78000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF7070000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF78B0000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF78C0000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7037000 \SystemRoot\System32\DRIVERS\psched.sys
0xF78D0000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7A08000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7A10000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7007000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF78E0000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7A18000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7BC8000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF6F09000 \SystemRoot\System32\DRIVERS\update.sys
0xF7B9C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF78F0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7730000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7BCA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7A40000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7BF8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CA6000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BFA000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7A60000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF7A68000 \SystemRoot\System32\drivers\vga.sys
0xF6ECD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF7BFC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BFE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7A70000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7A78000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF706C000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF6E72000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF6E19000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF6DF1000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF6DCF000 \SystemRoot\System32\drivers\afd.sys
0xF7780000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF7A80000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xF6DAD000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF7A88000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF6D82000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF6D12000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF77A0000 \SystemRoot\System32\Drivers\Fips.SYS
0xF6CEC000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF77C0000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF6C2A000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7C02000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xF77F0000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7A90000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF6EF9000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF7800000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7A98000 \SystemRoot\system32\DRIVERS\LHidKE.Sys
0xF6EF5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF6BF1000 \SystemRoot\system32\DRIVERS\LMouKE.Sys
0xF6BD9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C06000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7B54000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7958000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7D49000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF6924000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xF67C0000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF6692000 \SystemRoot\System32\DRIVERS\irda.sys
0xF67A4000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF640D000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF63D0000 \SystemRoot\system32\drivers\wdmaud.sys
0xF657A000 \SystemRoot\system32\drivers\sysaudio.sys
0xF6222000 \??\C:\WINDOWS\system32\drivers\Haspnt.sys
0xF7BB2000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF60FC000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xF607D000 \SystemRoot\System32\DRIVERS\srv.sys
0xF5C39000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 34):
0 System Idle Process
4 System
604 C:\WINDOWS\system32\smss.exe
668 csrss.exe
700 C:\WINDOWS\system32\winlogon.exe
748 C:\WINDOWS\system32\services.exe
760 C:\WINDOWS\system32\lsass.exe
936 C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
968 C:\WINDOWS\system32\svchost.exe
1052 svchost.exe
1180 C:\WINDOWS\system32\svchost.exe
1284 C:\WINDOWS\system32\svchost.exe
1528 C:\WINDOWS\explorer.exe
1560 svchost.exe
1708 svchost.exe
1944 C:\WINDOWS\system32\spoolsv.exe
2000 C:\Program Files\Avira\AntiVir Desktop\sched.exe
220 svchost.exe
388 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
440 C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
468 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
492 C:\WINDOWS\system32\ctfmon.exe
1780 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1072 C:\Program Files\Java\jre6\bin\jqs.exe
1640 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
264 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1156 C:\WINDOWS\system32\svchost.exe
3380 alg.exe
4068 C:\WINDOWS\system32\svchost.exe
2548 C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
2508 C:\Program Files\Java\jre6\bin\javaw.exe
2860 C:\Program Files\Java\jre6\bin\javaw.exe
3284 C:\Program Files\Mozilla Firefox\firefox.exe
3468 C:\Documents and Settings\KEITH\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGSP0802N, Rev: TK100-30

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 3DD27C7EE9B2D8B2CB511843C79460E5DB3CA995


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

keper

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-08-07
Operating System : windows professional 2002 serves pack3

View user profile

Back to top Go down

Re: trojan on my computer

Post by Sneakyone on Wed 11 Aug 2010, 7:55 am

Hi.

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: [You must be registered and logged in to see this link.]
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator.
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL C
  • Open a Notepad and press CTRL V
  • Post the output back here.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: trojan on my computer

Post by keper on Wed 11 Aug 2010, 9:09 am

VVVcry for the bad man

keper

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-08-07
Operating System : windows professional 2002 serves pack3

View user profile

Back to top Go down

Re: trojan on my computer

Post by Sponsored content Today at 12:44 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum