The computer informes by sound that a USB is connected but does not open an explorer window. If I open myself a window the computer thinks that the USB is not formated and suggests to do so. (The USB works fine in another computer)
.
**************
My pervious thread
http://forums.spybot.info/showthread.php?p=412728#post412728

*************************************
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Zecharia Nacson at 19:27:23 on 2011-09-29
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3071.1745 [GMT 3:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
"C:\WINDOWS\system32\svchost.exe"
"C:\WINDOWS\system32\svchost.exe"
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Turbo Key\TurboKey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
C:\Program Files\InterVideo\WinDVR\WinRemote.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
svchost.exe
C:\WINDOWS\system32\CSDRV32.EXE
C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\MySQL\bin\mysqld-nt.exe
C:\Program Files\SDistTest\SDistTestSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ynet.co.il/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {54B02808-B60E-44CD-A72D-9865117E4E62} - No File
BHO: AGFormHelperObj Class: {6620e618-1ab9-4eb2-aca4-cbbe9066dbe6} - c:\progra~1\agat\agform\AGFORM~1.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: AGForms: {ed2e7de7-07db-4941-a06d-f780b93ba730} - c:\program files\agat\agform\AGForms.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Turbo Key] "c:\program files\asus\turbo key\TurboKey.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [WINSCHEDULER] c:\progra~1\interv~1\windvr\WINSCH~1.EXE
mRun: [WinRemote] "c:\program files\intervideo\windvr\WinRemote.exe"
mRun: [pdfFactory Dispatcher v2] "c:\windows\system32\spool\drivers\w32x86\3\fppdis2a.exe" /source=HKLM
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10i_ActiveX.exe -update activex
StartupFolder: c:\documents and settings\zecharia nacson\start menu\programs\startup\Microsoft Office Groove.lnk.disabled
StartupFolder: c:\docume~1\zechar~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-af00-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: MasavPackage - hxxps://www.masav-online.co.il/Masav/EFT/CustApp/MasavPackage.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/61.18/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D080C2CE-DD1E-43E3-8CDE-D557EC572906} : DhcpNameServer = 192.168.2.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.00\AsSysCtrlService.exe [2009-12-17 86016]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-27 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-5-31 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-11-19 47640]
R2 PfFilter;PfFilter;c:\program files\iobit\protected folder\pffilter.sys [2011-5-12 140848]
R2 SDisTestService;SpybotSnD Distributed Testing;c:\program files\sdisttest\SDistTestSvc.exe [2010-8-7 907680]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 euci5r;CryptoIdentity Reader;c:\windows\system32\drivers\euci5r.sys [2003-4-11 35778]
R3 PhTVTune;TV Capture Card WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2009-12-18 19616]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-17 1684736]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-9-22 30312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 947528]
S3 cpuz132;cpuz132;\??\c:\docume~1\zechar~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\zechar~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-9-22 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-9-22 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-9-22 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-9-22 114280]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-09-22 19:40:36 -------- d-----w- c:\windows\system32\System32
2011-09-22 19:31:22 -------- d-----w- c:\documents and settings\zecharia nacson\local settings\application data\Samsung
2011-09-22 19:30:49 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2011-09-22 19:30:48 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-09-22 19:30:48 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-09-22 19:30:48 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-09-22 19:30:47 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2011-09-22 19:30:47 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-09-22 19:30:47 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-09-22 19:29:48 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-09-22 19:29:39 821824 ----a-w- c:\windows\system32\dgderapi.dll
2011-09-22 19:29:39 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2011-09-22 19:29:39 -------- d-----w- c:\program files\MarkAny
2011-09-22 19:29:17 -------- d-----w- c:\program files\Samsung
2011-09-22 19:29:17 -------- d-----w- c:\documents and settings\zecharia nacson\application data\Samsung
2011-09-22 19:29:17 -------- d-----w- c:\documents and settings\all users\application data\Samsung
2011-09-17 17:17:03 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-09-17 17:17:03 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-17 17:16:38 -------- d-----w- c:\documents and settings\zecharia nacson\local settings\application data\PC_Drivers_Headquarters
2011-09-17 17:16:03 -------- d-----w- c:\documents and settings\all users\application data\Easy Driver Pro
2011-09-13 19:43:53 -------- d-----w- c:\documents and settings\all users\application data\UAB
2011-09-13 19:11:03 -------- d-----w- c:\documents and settings\zecharia nacson\application data\uTorrent
2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\SETBE.tmp
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 13:32:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-06 13:32:36 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-07-06 13:32:28 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-06 13:32:28 29568 ----a-w- c:\windows\system32\LMIport.dll
2004-10-01 12:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600
.
CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
device: opened successfully
user: error reading MBR
.
Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A0EBA0A]<<
_asm { MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH EBX; MOV EBX, [EBP+0xc]; MOV EAX, [EBX+0x60]; MOV ECX, [EAX+0xc]; OR ECX, [EAX+0x10]; PUSH ESI; JNZ 0x94; MOV ESI, 0x200; CMP [EAX+0x4], ESI; JB 0x94; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AC26AB8]
\Driver\Disk[0x8AC07A08] -> IRP_MJ_READ -> 0x8A0EBA0A
kernel: MBR read successfully
_asm { NOP ; XOR AX, AX; NOP ; MOV DS, AX; MOV ES, AX; NOP ; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; NOP ; MOV DI, 0x600; NOP ; MOV CX, 0x80; NOP ; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x626; }
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 19:28:25.00 ===============

:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


Your previous thread was closed due to lack of response from you, forum policy, if no reply in 3 days the thread is closed.

Your possibly infected with a rootkit


Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)




Post the log from TDSSkiller and then run DDS again and post a new log please

18:36:20.0421 5548 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
18:36:20.0906 5548 ============================================================
18:36:20.0906 5548 Current date / time: 2011/10/03 18:36:20.0906
18:36:20.0906 5548 SystemInfo:
18:36:20.0906 5548
18:36:20.0906 5548 OS Version: 5.1.2600 ServicePack: 3.0
18:36:20.0906 5548 Product type: Workstation
18:36:20.0906 5548 ComputerName: ENJ-7FB4A0003BF
18:36:20.0906 5548 UserName: Zecharia Nacson
18:36:20.0906 5548 Windows directory: C:\WINDOWS
18:36:20.0906 5548 System windows directory: C:\WINDOWS
18:36:20.0906 5548 Processor architecture: Intel x86
18:36:20.0906 5548 Number of processors: 4
18:36:20.0906 5548 Page size: 0x1000
18:36:20.0906 5548 Boot type: Normal boot
18:36:20.0906 5548 ============================================================
18:36:21.0906 5548 Initialize success
18:36:26.0015 5524 ============================================================
18:36:26.0015 5524 Scan started
18:36:26.0015 5524 Mode: Manual;
18:36:26.0015 5524 ============================================================
18:36:27.0765 5524 Abiosdsk - ok
18:36:27.0765 5524 abp480n5 - ok
18:36:27.0812 5524 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
18:36:27.0828 5524 ACPI - ok
18:36:27.0843 5524 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
18:36:27.0859 5524 ACPIEC - ok
18:36:27.0859 5524 adpu160m - ok
18:36:27.0890 5524 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
18:36:27.0890 5524 aec - ok
18:36:27.0921 5524 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
18:36:27.0921 5524 AFD - ok
18:36:27.0921 5524 Aha154x - ok
18:36:27.0937 5524 aic78u2 - ok
18:36:27.0937 5524 aic78xx - ok
18:36:27.0968 5524 AKSIFDH (513c094dea9b2531b92bdfdd8cf3f67e) C:\WINDOWS\system32\DRIVERS\aksifdh.sys
18:36:27.0968 5524 AKSIFDH - ok
18:36:27.0984 5524 AliIde - ok
18:36:28.0031 5524 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
18:36:28.0046 5524 Ambfilt - ok
18:36:28.0062 5524 amsint - ok
18:36:28.0125 5524 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
18:36:28.0125 5524 androidusb - ok
18:36:28.0156 5524 asc - ok
18:36:28.0171 5524 asc3350p - ok
18:36:28.0187 5524 asc3550 - ok
18:36:28.0203 5524 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
18:36:28.0203 5524 AsIO - ok
18:36:28.0234 5524 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
18:36:28.0250 5524 AsyncMac - ok
18:36:28.0265 5524 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
18:36:28.0265 5524 atapi - ok
18:36:28.0265 5524 Atdisk - ok
18:36:28.0296 5524 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
18:36:28.0296 5524 Atmarpc - ok
18:36:28.0328 5524 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
18:36:28.0343 5524 audstub - ok
18:36:28.0390 5524 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
18:36:28.0390 5524 AVGIDSDriver - ok
18:36:28.0406 5524 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
18:36:28.0406 5524 AVGIDSEH - ok
18:36:28.0406 5524 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
18:36:28.0406 5524 AVGIDSFilter - ok
18:36:28.0421 5524 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
18:36:28.0421 5524 AVGIDSShim - ok
18:36:28.0453 5524 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
18:36:28.0468 5524 Avgldx86 - ok
18:36:28.0484 5524 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
18:36:28.0484 5524 Avgmfx86 - ok
18:36:28.0484 5524 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
18:36:28.0500 5524 Avgrkx86 - ok
18:36:28.0515 5524 Avgtdix (354e0fec3bfdfa9c369e0f67ac362f9f) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
18:36:28.0515 5524 Avgtdix - ok
18:36:28.0546 5524 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
18:36:28.0546 5524 Beep - ok
18:36:28.0562 5524 Cap7134 (8569724f8458cb9c0bfb5f5cad9e2e41) C:\WINDOWS\system32\DRIVERS\Cap7134.sys
18:36:28.0578 5524 Cap7134 - ok
18:36:28.0625 5524 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
18:36:28.0625 5524 cbidf2k - ok
18:36:28.0734 5524 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
18:36:28.0734 5524 CCDECODE - ok
18:36:28.0750 5524 cd20xrnt - ok
18:36:28.0765 5524 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
18:36:28.0765 5524 Cdaudio - ok
18:36:28.0781 5524 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
18:36:28.0781 5524 Cdfs - ok
18:36:28.0796 5524 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
18:36:28.0796 5524 Cdrom - ok
18:36:28.0812 5524 Changer - ok
18:36:28.0812 5524 CmdIde - ok
18:36:28.0828 5524 Cpqarray - ok
18:36:28.0921 5524 cpuz132 - ok
18:36:28.0921 5524 dac2w2k - ok
18:36:28.0937 5524 dac960nt - ok
18:36:28.0937 5524 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
18:36:28.0937 5524 Disk - ok
18:36:28.0968 5524 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
18:36:28.0984 5524 dmboot - ok
18:36:29.0000 5524 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
18:36:29.0000 5524 dmio - ok
18:36:29.0015 5524 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
18:36:29.0015 5524 dmload - ok
18:36:29.0031 5524 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
18:36:29.0031 5524 DMusic - ok
18:36:29.0046 5524 dpti2o - ok
18:36:29.0046 5524 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
18:36:29.0062 5524 drmkaud - ok
18:36:29.0078 5524 euci5r (f8814fc20fe332aa5c89cb707d6667b2) C:\WINDOWS\system32\Drivers\euci5r.sys
18:36:29.0078 5524 euci5r - ok
18:36:29.0125 5524 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
18:36:29.0125 5524 Fastfat - ok
18:36:29.0140 5524 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
18:36:29.0140 5524 Fdc - ok
18:36:29.0156 5524 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
18:36:29.0156 5524 Fips - ok
18:36:29.0187 5524 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
18:36:29.0187 5524 Flpydisk - ok
18:36:29.0234 5524 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
18:36:29.0234 5524 FltMgr - ok
18:36:29.0234 5524 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
18:36:29.0234 5524 Fs_Rec - ok
18:36:29.0265 5524 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
18:36:29.0265 5524 Ftdisk - ok
18:36:29.0312 5524 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
18:36:29.0312 5524 Gpc - ok
18:36:29.0328 5524 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
18:36:29.0328 5524 HDAudBus - ok
18:36:29.0359 5524 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
18:36:29.0359 5524 hidusb - ok
18:36:29.0375 5524 hpn - ok
18:36:29.0406 5524 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
18:36:29.0453 5524 HPZid412 - ok
18:36:29.0484 5524 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
18:36:29.0484 5524 HPZipr12 - ok
18:36:29.0515 5524 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
18:36:29.0531 5524 HPZius12 - ok
18:36:29.0562 5524 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
18:36:29.0578 5524 HTTP - ok
18:36:29.0578 5524 i2omgmt - ok
18:36:29.0593 5524 i2omp - ok
18:36:29.0625 5524 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
18:36:29.0625 5524 i8042prt - ok
18:36:29.0640 5524 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
18:36:29.0640 5524 Imapi - ok
18:36:29.0656 5524 ini910u - ok
18:36:29.0765 5524 IntcAzAudAddService (1ae3cff80017ef89da959350724c7194) C:\WINDOWS\system32\drivers\RtkHDAud.sys
18:36:29.0781 5524 IntcAzAudAddService - ok
18:36:29.0796 5524 IntelIde - ok
18:36:29.0828 5524 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
18:36:29.0828 5524 intelppm - ok
18:36:29.0843 5524 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
18:36:29.0859 5524 Ip6Fw - ok
18:36:29.0875 5524 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
18:36:29.0890 5524 IpFilterDriver - ok
18:36:29.0906 5524 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
18:36:29.0906 5524 IpInIp - ok
18:36:29.0921 5524 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
18:36:29.0921 5524 IpNat - ok
18:36:29.0921 5524 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
18:36:29.0937 5524 IPSec - ok
18:36:29.0953 5524 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
18:36:29.0968 5524 IRENUM - ok
18:36:29.0984 5524 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
18:36:30.0000 5524 isapnp - ok
18:36:30.0015 5524 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
18:36:30.0015 5524 Kbdclass - ok
18:36:30.0015 5524 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
18:36:30.0015 5524 kbdhid - ok
18:36:30.0031 5524 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
18:36:30.0031 5524 kmixer - ok
18:36:30.0062 5524 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
18:36:30.0062 5524 KSecDD - ok
18:36:30.0078 5524 L1e (fa46f5d09edf93e0c71fe6500fe3f4ae) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
18:36:30.0078 5524 L1e - ok
18:36:30.0093 5524 lbrtfdc - ok
18:36:30.0171 5524 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
18:36:30.0171 5524 LMIInfo - ok
18:36:30.0203 5524 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
18:36:30.0203 5524 lmimirr - ok
18:36:30.0203 5524 LMIRfsClientNP - ok
18:36:30.0234 5524 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
18:36:30.0234 5524 LMIRfsDriver - ok
18:36:30.0312 5524 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
18:36:30.0312 5524 mnmdd - ok
18:36:30.0359 5524 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
18:36:30.0359 5524 Modem - ok
18:36:30.0421 5524 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
18:36:30.0453 5524 Monfilt - ok
18:36:30.0468 5524 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
18:36:30.0468 5524 Mouclass - ok
18:36:30.0515 5524 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
18:36:30.0515 5524 mouhid - ok
18:36:30.0531 5524 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
18:36:30.0531 5524 MountMgr - ok
18:36:30.0546 5524 mraid35x - ok
18:36:30.0546 5524 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
18:36:30.0546 5524 MRxDAV - ok
18:36:30.0578 5524 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
18:36:30.0578 5524 MRxSmb - ok
18:36:30.0609 5524 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
18:36:30.0625 5524 Msfs - ok
18:36:30.0640 5524 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
18:36:30.0640 5524 MSKSSRV - ok
18:36:30.0656 5524 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
18:36:30.0656 5524 MSPCLOCK - ok
18:36:30.0671 5524 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
18:36:30.0671 5524 MSPQM - ok
18:36:30.0718 5524 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
18:36:30.0718 5524 mssmbios - ok
18:36:30.0750 5524 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
18:36:30.0750 5524 MSTEE - ok
18:36:30.0781 5524 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
18:36:30.0781 5524 MTsensor - ok
18:36:30.0812 5524 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
18:36:30.0812 5524 Mup - ok
18:36:30.0843 5524 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
18:36:30.0843 5524 NABTSFEC - ok
18:36:30.0859 5524 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
18:36:30.0859 5524 NDIS - ok
18:36:30.0875 5524 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
18:36:30.0875 5524 NdisIP - ok
18:36:30.0921 5524 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
18:36:30.0921 5524 NdisTapi - ok
18:36:30.0937 5524 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
18:36:30.0937 5524 Ndisuio - ok
18:36:30.0953 5524 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
18:36:30.0953 5524 NdisWan - ok
18:36:30.0984 5524 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
18:36:30.0984 5524 NDProxy - ok
18:36:31.0187 5524 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
18:36:31.0187 5524 NetBIOS - ok
18:36:31.0203 5524 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
18:36:31.0203 5524 NetBT - ok
18:36:31.0296 5524 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\WINDOWS\system32\drivers\ccdcmb.sys
18:36:31.0312 5524 nmwcd - ok
18:36:31.0328 5524 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\WINDOWS\system32\drivers\ccdcmbo.sys
18:36:31.0328 5524 nmwcdc - ok
18:36:31.0343 5524 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
18:36:31.0343 5524 Npfs - ok
18:36:31.0375 5524 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
18:36:31.0375 5524 Ntfs - ok
18:36:31.0421 5524 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
18:36:31.0421 5524 NuidFltr - ok
18:36:31.0421 5524 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
18:36:31.0421 5524 Null - ok
18:36:31.0546 5524 nv (bf506d232c5e6f2dae80f5c11b45c60e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
18:36:31.0656 5524 nv - ok
18:36:31.0703 5524 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
18:36:31.0703 5524 NwlnkFlt - ok
18:36:31.0703 5524 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
18:36:31.0718 5524 NwlnkFwd - ok
18:36:31.0750 5524 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
18:36:31.0750 5524 Parport - ok
18:36:31.0781 5524 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
18:36:31.0781 5524 PartMgr - ok
18:36:31.0796 5524 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
18:36:31.0796 5524 ParVdm - ok
18:36:31.0828 5524 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
18:36:31.0828 5524 pccsmcfd - ok
18:36:31.0843 5524 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
18:36:31.0843 5524 PCI - ok
18:36:31.0843 5524 PCIDump - ok
18:36:31.0859 5524 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
18:36:31.0859 5524 PCIIde - ok
18:36:31.0875 5524 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
18:36:31.0875 5524 Pcmcia - ok
18:36:31.0890 5524 PDCOMP - ok
18:36:31.0890 5524 PDFRAME - ok
18:36:31.0906 5524 PDRELI - ok
18:36:31.0906 5524 PDRFRAME - ok
18:36:31.0921 5524 perc2 - ok
18:36:31.0921 5524 perc2hib - ok
18:36:32.0093 5524 PfFilter (8512a7a19959218711f884eecc1dbaeb) C:\Program Files\IObit\Protected Folder\pffilter.sys
18:36:32.0093 5524 PfFilter - ok
18:36:32.0156 5524 PhTVTune (12113dbdd972aa02979978ebd546da85) C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
18:36:32.0171 5524 PhTVTune - ok
18:36:32.0312 5524 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
18:36:32.0312 5524 PptpMiniport - ok
18:36:32.0328 5524 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
18:36:32.0328 5524 PSched - ok
18:36:32.0328 5524 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
18:36:32.0328 5524 Ptilink - ok
18:36:32.0359 5524 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
18:36:32.0390 5524 PxHelp20 - ok
18:36:32.0390 5524 ql1080 - ok
18:36:32.0390 5524 Ql10wnt - ok
18:36:32.0406 5524 ql12160 - ok
18:36:32.0406 5524 ql1240 - ok
18:36:32.0421 5524 ql1280 - ok
18:36:32.0437 5524 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
18:36:32.0453 5524 RasAcd - ok
18:36:32.0453 5524 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
18:36:32.0453 5524 Rasl2tp - ok
18:36:32.0484 5524 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
18:36:32.0484 5524 RasPppoe - ok
18:36:32.0484 5524 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
18:36:32.0484 5524 Raspti - ok
18:36:32.0500 5524 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
18:36:32.0515 5524 Rdbss - ok
18:36:32.0515 5524 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
18:36:32.0515 5524 RDPCDD - ok
18:36:32.0531 5524 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
18:36:32.0531 5524 rdpdr - ok
18:36:32.0562 5524 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
18:36:32.0562 5524 RDPWD - ok
18:36:32.0578 5524 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
18:36:32.0578 5524 redbook - ok
18:36:32.0625 5524 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
18:36:32.0640 5524 Secdrv - ok
18:36:32.0656 5524 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
18:36:32.0656 5524 serenum - ok
18:36:32.0671 5524 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
18:36:32.0671 5524 Serial - ok
18:36:32.0687 5524 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
18:36:32.0687 5524 Sfloppy - ok
18:36:32.0703 5524 Simbad - ok
18:36:32.0718 5524 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
18:36:32.0718 5524 SLIP - ok
18:36:32.0734 5524 Sparrow - ok
18:36:32.0750 5524 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
18:36:32.0750 5524 splitter - ok
18:36:32.0765 5524 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
18:36:32.0765 5524 sr - ok
18:36:32.0796 5524 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
18:36:32.0796 5524 Srv - ok
18:36:32.0843 5524 ssadbus (44f8037940aeed21b9587e5155917ec7) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
18:36:32.0843 5524 ssadbus - ok
18:36:32.0859 5524 ssadmdfl (608f189ca484ce9b2710fb9c833499cc) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
18:36:32.0859 5524 ssadmdfl - ok
18:36:32.0875 5524 ssadmdm (9eb95f7e1875647c07156579489fe919) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
18:36:32.0890 5524 ssadmdm - ok
18:36:32.0906 5524 ssadserd (c3af143be9a365aaa8df4f261656b846) C:\WINDOWS\system32\DRIVERS\ssadserd.sys
18:36:32.0906 5524 ssadserd - ok
18:36:32.0953 5524 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
18:36:32.0953 5524 StillCam - ok
18:36:33.0000 5524 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
18:36:33.0000 5524 streamip - ok
18:36:33.0062 5524 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
18:36:33.0062 5524 swenum - ok
18:36:33.0093 5524 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
18:36:33.0109 5524 swmidi - ok
18:36:33.0125 5524 symc810 - ok
18:36:33.0125 5524 symc8xx - ok
18:36:33.0140 5524 sym_hi - ok
18:36:33.0140 5524 sym_u3 - ok
18:36:33.0171 5524 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
18:36:33.0171 5524 sysaudio - ok
18:36:33.0218 5524 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
18:36:33.0218 5524 Tcpip - ok
18:36:33.0250 5524 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
18:36:33.0250 5524 TDPIPE - ok
18:36:33.0281 5524 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
18:36:33.0296 5524 TDTCP - ok
18:36:33.0328 5524 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
18:36:33.0328 5524 TermDD - ok
18:36:33.0343 5524 TosIde - ok
18:36:33.0359 5524 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
18:36:33.0359 5524 Udfs - ok
18:36:33.0406 5524 ultra - ok
18:36:33.0453 5524 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
18:36:33.0468 5524 Update - ok
18:36:33.0500 5524 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
18:36:33.0500 5524 upperdev - ok
18:36:33.0546 5524 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
18:36:33.0625 5524 usbccgp - ok
18:36:33.0750 5524 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
18:36:33.0781 5524 usbehci - ok
18:36:33.0921 5524 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
18:36:33.0953 5524 usbhub - ok
18:36:34.0125 5524 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
18:36:34.0156 5524 usbprint - ok
18:36:34.0281 5524 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
18:36:34.0281 5524 usbscan - ok
18:36:34.0296 5524 UsbserFilt (6f3e3c6811b930d2414552a2e4a40f36) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
18:36:34.0296 5524 UsbserFilt - ok
18:36:34.0343 5524 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
18:36:34.0359 5524 USBSTOR - ok
18:36:34.0375 5524 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
18:36:34.0375 5524 usbuhci - ok
18:36:34.0421 5524 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
18:36:34.0421 5524 usb_rndisx - ok
18:36:34.0453 5524 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
18:36:34.0453 5524 VgaSave - ok
18:36:34.0453 5524 ViaIde - ok
18:36:34.0468 5524 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
18:36:34.0468 5524 VolSnap - ok
18:36:34.0515 5524 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
18:36:34.0515 5524 Wanarp - ok
18:36:34.0593 5524 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
18:36:34.0593 5524 Wdf01000 - ok
18:36:34.0609 5524 WDICA - ok
18:36:34.0671 5524 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
18:36:34.0687 5524 wdmaud - ok
18:36:34.0890 5524 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
18:36:34.0921 5524 WpdUsb - ok
18:36:35.0000 5524 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
18:36:35.0000 5524 WSTCODEC - ok
18:36:35.0031 5524 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
18:36:35.0031 5524 WudfPf - ok
18:36:35.0046 5524 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
18:36:35.0046 5524 WudfRd - ok
18:36:35.0078 5524 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
18:36:35.0109 5524 \Device\Harddisk0\DR0 ( Trojan-Clicker.Win32.Wistler.c ) - infected
18:36:35.0109 5524 \Device\Harddisk0\DR0 - detected Trojan-Clicker.Win32.Wistler.c (0)
18:36:35.0109 5524 Boot (0x1200) (ce9da8123cdf2c16e5382ecdfa4b0abb) \Device\Harddisk0\DR0\Partition0
18:36:35.0109 5524 \Device\Harddisk0\DR0\Partition0 - ok
18:36:35.0109 5524 ============================================================
18:36:35.0109 5524 Scan finished
18:36:35.0109 5524 ============================================================
18:36:35.0109 5692 Detected object count: 1
18:36:35.0109 5692 Actual detected object count: 1
18:37:15.0312 5692 \Device\Harddisk0\DR0 ( Trojan-Clicker.Win32.Wistler.c ) - will be cured on reboot
18:37:15.0312 5692 \Device\Harddisk0\DR0 - ok
18:37:15.0312 5692 \Device\Harddisk0\DR0 ( Trojan-Clicker.Win32.Wistler.c ) - User select action: Cure
18:37:24.0250 0880 Deinitialize success

:bigthumb:

There may be more to remove, run DDS and post a new log

Then run this program, make sure to update it when it asks

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Zecharia Nacson at 6:55:52 on 2011-10-04
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3071.1876 [GMT 2:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Turbo Key\TurboKey.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
C:\Program Files\InterVideo\WinDVR\WinRemote.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
svchost.exe
C:\WINDOWS\system32\CSDRV32.EXE
C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\MySQL\bin\mysqld-nt.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\SDistTest\SDistTestSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ynet.co.il/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {54B02808-B60E-44CD-A72D-9865117E4E62} - No File
BHO: AGFormHelperObj Class: {6620e618-1ab9-4eb2-aca4-cbbe9066dbe6} - c:\progra~1\agat\agform\AGFORM~1.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: AGForms: {ed2e7de7-07db-4941-a06d-f780b93ba730} - c:\program files\agat\agform\AGForms.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Turbo Key] "c:\program files\asus\turbo key\TurboKey.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [WINSCHEDULER] c:\progra~1\interv~1\windvr\WINSCH~1.EXE
mRun: [WinRemote] "c:\program files\intervideo\windvr\WinRemote.exe"
mRun: [pdfFactory Dispatcher v2] "c:\windows\system32\spool\drivers\w32x86\3\fppdis2a.exe" /source=HKLM
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10i_ActiveX.exe -update activex
StartupFolder: c:\documents and settings\zecharia nacson\start menu\programs\startup\Microsoft Office Groove.lnk.disabled
StartupFolder: c:\docume~1\zechar~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-af00-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: MasavPackage - hxxps://www.masav-online.co.il/Masav/EFT/CustApp/MasavPackage.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/61.18/uploader2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D080C2CE-DD1E-43E3-8CDE-D557EC572906} : DhcpNameServer = 192.168.2.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.00\AsSysCtrlService.exe [2009-12-17 86016]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-27 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-5-31 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-11-19 47640]
R2 PfFilter;PfFilter;c:\program files\iobit\protected folder\pffilter.sys [2011-5-12 140848]
R2 SDisTestService;SpybotSnD Distributed Testing;c:\program files\sdisttest\SDistTestSvc.exe [2010-8-7 907680]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 euci5r;CryptoIdentity Reader;c:\windows\system32\drivers\euci5r.sys [2003-4-11 35778]
R3 PhTVTune;TV Capture Card WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2009-12-18 19616]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-17 1684736]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-9-22 30312]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 947528]
S3 cpuz132;cpuz132;\??\c:\docume~1\zechar~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\zechar~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-9-22 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-9-22 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-9-22 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-9-22 114280]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-09-30 08:19:37 -------- d-----w- c:\documents and settings\zecharia nacson\application data\EFSoftware
2011-09-30 08:19:17 -------- d-----w- c:\program files\EF Commander Free
2011-09-22 19:40:36 -------- d-----w- c:\windows\system32\System32
2011-09-22 19:31:22 -------- d-----w- c:\documents and settings\zecharia nacson\local settings\application data\Samsung
2011-09-22 19:30:49 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2011-09-22 19:30:48 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-09-22 19:30:48 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-09-22 19:30:48 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-09-22 19:30:47 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2011-09-22 19:30:47 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-09-22 19:30:47 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-09-22 19:29:48 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-09-22 19:29:39 821824 ----a-w- c:\windows\system32\dgderapi.dll
2011-09-22 19:29:39 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
2011-09-22 19:29:39 -------- d-----w- c:\program files\MarkAny
2011-09-22 19:29:17 -------- d-----w- c:\program files\Samsung
2011-09-22 19:29:17 -------- d-----w- c:\documents and settings\zecharia nacson\application data\Samsung
2011-09-22 19:29:17 -------- d-----w- c:\documents and settings\all users\application data\Samsung
2011-09-17 17:17:03 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-09-17 17:17:03 -------- d-----w- c:\windows\system32\wbem\Repository
2011-09-17 17:16:38 -------- d-----w- c:\documents and settings\zecharia nacson\local settings\application data\PC_Drivers_Headquarters
2011-09-17 17:16:03 -------- d-----w- c:\documents and settings\all users\application data\Easy Driver Pro
2011-09-13 19:43:53 -------- d-----w- c:\documents and settings\all users\application data\UAB
2011-09-13 19:11:03 -------- d-----w- c:\documents and settings\zecharia nacson\application data\uTorrent
.
==================== Find3M ====================
.
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\SETBE.tmp
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-06 13:32:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-07-06 13:32:36 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2011-07-06 13:32:28 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-07-06 13:32:28 29568 ----a-w- c:\windows\system32\LMIport.dll
2004-10-01 12:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
.
============= FINISH: 6:57:40.62 ===============



aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-10-04 07:05:43
-----------------------------
07:05:43.921 OS Version: Windows 5.1.2600 Service Pack 3
07:05:43.921 Number of processors: 4 586 0x170A
07:05:43.921 ComputerName: ENJ-7FB4A0003BF UserName: Zecharia Nacson
07:05:44.781 Initialize success
07:09:46.156 AVAST engine defs: 11100301
07:09:50.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
07:09:50.218 Disk 0 Vendor: ST3500418AS CC37 Size: 476940MB BusType: 3
07:09:52.234 Disk 0 MBR read successfully
07:09:52.234 Disk 0 MBR scan
07:09:52.250 Disk 0 Windows XP default MBR code
07:09:52.265 Disk 0 scanning sectors +976752000
07:09:52.312 Disk 0 scanning C:\WINDOWS\system32\drivers
07:10:01.765 Service scanning
07:10:03.609 Modules scanning
07:10:07.375 Disk 0 trace - called modules:
07:10:07.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
07:10:07.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac4fab8]
07:10:07.406 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000072[0x8ac359e8]
07:10:07.421 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x8ac68d98]
07:10:08.328 AVAST engine scan C:\WINDOWS
07:10:21.265 AVAST engine scan C:\WINDOWS\system32
07:12:09.375 AVAST engine scan C:\WINDOWS\system32\drivers
07:12:32.125 AVAST engine scan C:\Documents and Settings\Zecharia Nacson
07:22:15.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Zecharia Nacson\Desktop\MBR.dat"
07:22:15.109 The log file has been saved successfully to "C:\Documents and Settings\Zecharia Nacson\Desktop\aswMBR.txt"

Good Morning,

Please just copy and paste the reports into this thread in lew of attaching them, its easier for me to analyse .

Looks like the rootkit is gone but I am looking at a couple of questionable entries in your DDS log.



Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7867

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

04/10/2011 18:59:59
mbam-log-2011-10-04 (18-59-59).txt

Scan type: Quick scan
Objects scanned: 211646
Time elapsed: 21 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Wonderful. What we like to do to be sure we did not miss anything is do a free online virus scanner.

How is everything running now by the way ????????


ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

Eset came with "No threats found"
No log was produced.
Zac

Great, is all ok ?

Yes. Thank U very much. Zac

Your welcome Zac, glad things are running better for you


How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)



Safe Surfn
Ken

Yes. Thank U very much. Zac

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.