Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: USB does not work

  1. #1
    Member
    Join Date
    Sep 2008
    Posts
    30

    Default USB does not work

    The computer informes by sound that a USB is connected but does not open an explorer window. If I open myself a window the computer thinks that the USB is not formated and suggests to do so. (The USB works fine in another computer)
    .
    **************
    My pervious thread
    http://forums.spybot.info/showthread...728#post412728

    *************************************
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Zecharia Nacson at 19:27:23 on 2011-09-29
    Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3071.1745 [GMT 3:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    "C:\WINDOWS\system32\svchost.exe"
    "C:\WINDOWS\system32\svchost.exe"
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ASUS\Turbo Key\TurboKey.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
    C:\Program Files\InterVideo\WinDVR\WinRemote.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    svchost.exe
    C:\WINDOWS\system32\CSDRV32.EXE
    C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\Program Files\MySQL\bin\mysqld-nt.exe
    C:\Program Files\SDistTest\SDistTestSvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ynet.co.il/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
    BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
    BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: {54B02808-B60E-44CD-A72D-9865117E4E62} - No File
    BHO: AGFormHelperObj Class: {6620e618-1ab9-4eb2-aca4-cbbe9066dbe6} - c:\progra~1\agat\agform\AGFORM~1.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
    TB: AGForms: {ed2e7de7-07db-4941-a06d-f780b93ba730} - c:\program files\agat\agform\AGForms.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
    EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [<NO NAME>]
    uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
    uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
    uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Turbo Key] "c:\program files\asus\turbo key\TurboKey.exe"
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [WINSCHEDULER] c:\progra~1\interv~1\windvr\WINSCH~1.EXE
    mRun: [WinRemote] "c:\program files\intervideo\windvr\WinRemote.exe"
    mRun: [pdfFactory Dispatcher v2] "c:\windows\system32\spool\drivers\w32x86\3\fppdis2a.exe" /source=HKLM
    mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
    mRun: [<NO NAME>]
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10i_ActiveX.exe -update activex
    StartupFolder: c:\documents and settings\zecharia nacson\start menu\programs\startup\Microsoft Office Groove.lnk.disabled
    StartupFolder: c:\docume~1\zechar~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-af00-7760-100000000002}\SC_Acrobat.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: MasavPackage - hxxps://www.masav-online.co.il/Masav/EFT/CustApp/MasavPackage.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/61.18/uploader2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{D080C2CE-DD1E-43E3-8CDE-D557EC572906} : DhcpNameServer = 192.168.2.1
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: LMIinit - LMIinit.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
    R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.00\AsSysCtrlService.exe [2009-12-17 86016]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-27 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-5-31 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-11-19 47640]
    R2 PfFilter;PfFilter;c:\program files\iobit\protected folder\pffilter.sys [2011-5-12 140848]
    R2 SDisTestService;SpybotSnD Distributed Testing;c:\program files\sdisttest\SDistTestSvc.exe [2010-8-7 907680]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
    R3 euci5r;CryptoIdentity Reader;c:\windows\system32\drivers\euci5r.sys [2003-4-11 35778]
    R3 PhTVTune;TV Capture Card WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2009-12-18 19616]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-17 1684736]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-9-22 30312]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 947528]
    S3 cpuz132;cpuz132;\??\c:\docume~1\zechar~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\zechar~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-9-22 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-9-22 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-9-22 136808]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-9-22 114280]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    .
    =============== Created Last 30 ================
    .
    2011-09-22 19:40:36 -------- d-----w- c:\windows\system32\System32
    2011-09-22 19:31:22 -------- d-----w- c:\documents and settings\zecharia nacson\local settings\application data\Samsung
    2011-09-22 19:30:49 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys
    2011-09-22 19:30:48 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
    2011-09-22 19:30:48 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
    2011-09-22 19:30:48 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
    2011-09-22 19:30:47 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
    2011-09-22 19:30:47 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
    2011-09-22 19:30:47 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
    2011-09-22 19:29:48 4659712 ----a-w- c:\windows\system32\Redemption.dll
    2011-09-22 19:29:39 821824 ----a-w- c:\windows\system32\dgderapi.dll
    2011-09-22 19:29:39 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
    2011-09-22 19:29:39 -------- d-----w- c:\program files\MarkAny
    2011-09-22 19:29:17 -------- d-----w- c:\program files\Samsung
    2011-09-22 19:29:17 -------- d-----w- c:\documents and settings\zecharia nacson\application data\Samsung
    2011-09-22 19:29:17 -------- d-----w- c:\documents and settings\all users\application data\Samsung
    2011-09-17 17:17:03 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-09-17 17:17:03 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-09-17 17:16:38 -------- d-----w- c:\documents and settings\zecharia nacson\local settings\application data\PC_Drivers_Headquarters
    2011-09-17 17:16:03 -------- d-----w- c:\documents and settings\all users\application data\Easy Driver Pro
    2011-09-13 19:43:53 -------- d-----w- c:\documents and settings\all users\application data\UAB
    2011-09-13 19:11:03 -------- d-----w- c:\documents and settings\zecharia nacson\application data\uTorrent
    2011-09-03 10:17:37 599040 -c----w- c:\windows\system32\dllcache\crypt32.dll
    2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\SETBE.tmp
    .
    ==================== Find3M ====================
    .
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-07-06 13:32:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2011-07-06 13:32:36 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
    2011-07-06 13:32:28 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2011-07-06 13:32:28 29568 ----a-w- c:\windows\system32\LMIport.dll
    2004-10-01 12:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    .
    =================== ROOTKIT ====================
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 5.1.2600
    .
    CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.
    device: opened successfully
    user: error reading MBR
    .
    Disk trace:
    called modules: ntkrnlpa.exe >>UNKNOWN [0x8A0EBA0A]<<
    _asm { MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH EBX; MOV EBX, [EBP+0xc]; MOV EAX, [EBX+0x60]; MOV ECX, [EAX+0xc]; OR ECX, [EAX+0x10]; PUSH ESI; JNZ 0x94; MOV ESI, 0x200; CMP [EAX+0x4], ESI; JB 0x94; }
    1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AC26AB8]
    \Driver\Disk[0x8AC07A08] -> IRP_MJ_READ -> 0x8A0EBA0A
    kernel: MBR read successfully
    _asm { NOP ; XOR AX, AX; NOP ; MOV DS, AX; MOV ES, AX; NOP ; MOV SS, AX; MOV SP, 0x7c00; MOV SI, 0x7c00; NOP ; MOV DI, 0x600; NOP ; MOV CX, 0x80; NOP ; CLD ; REP MOVSD ; NOP ; JMP FAR 0x0:0x626; }
    user != kernel MBR !!!
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
    .
    ============= FINISH: 19:28:25.00 ===============

  2. #2
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


    Your previous thread was closed due to lack of response from you, forum policy, if no reply in 3 days the thread is closed.

    Your possibly infected with a rootkit


    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)



    Post the log from TDSSkiller and then run DDS again and post a new log please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Member
    Join Date
    Sep 2008
    Posts
    30

    Default USB works again. Many thanks!

    18:36:20.0421 5548 TDSS rootkit removing tool 2.6.4.0 Oct 3 2011 17:37:01
    18:36:20.0906 5548 ============================================================
    18:36:20.0906 5548 Current date / time: 2011/10/03 18:36:20.0906
    18:36:20.0906 5548 SystemInfo:
    18:36:20.0906 5548
    18:36:20.0906 5548 OS Version: 5.1.2600 ServicePack: 3.0
    18:36:20.0906 5548 Product type: Workstation
    18:36:20.0906 5548 ComputerName: ENJ-7FB4A0003BF
    18:36:20.0906 5548 UserName: Zecharia Nacson
    18:36:20.0906 5548 Windows directory: C:\WINDOWS
    18:36:20.0906 5548 System windows directory: C:\WINDOWS
    18:36:20.0906 5548 Processor architecture: Intel x86
    18:36:20.0906 5548 Number of processors: 4
    18:36:20.0906 5548 Page size: 0x1000
    18:36:20.0906 5548 Boot type: Normal boot
    18:36:20.0906 5548 ============================================================
    18:36:21.0906 5548 Initialize success
    18:36:26.0015 5524 ============================================================
    18:36:26.0015 5524 Scan started
    18:36:26.0015 5524 Mode: Manual;
    18:36:26.0015 5524 ============================================================
    18:36:27.0765 5524 Abiosdsk - ok
    18:36:27.0765 5524 abp480n5 - ok
    18:36:27.0812 5524 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    18:36:27.0828 5524 ACPI - ok
    18:36:27.0843 5524 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    18:36:27.0859 5524 ACPIEC - ok
    18:36:27.0859 5524 adpu160m - ok
    18:36:27.0890 5524 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    18:36:27.0890 5524 aec - ok
    18:36:27.0921 5524 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
    18:36:27.0921 5524 AFD - ok
    18:36:27.0921 5524 Aha154x - ok
    18:36:27.0937 5524 aic78u2 - ok
    18:36:27.0937 5524 aic78xx - ok
    18:36:27.0968 5524 AKSIFDH (513c094dea9b2531b92bdfdd8cf3f67e) C:\WINDOWS\system32\DRIVERS\aksifdh.sys
    18:36:27.0968 5524 AKSIFDH - ok
    18:36:27.0984 5524 AliIde - ok
    18:36:28.0031 5524 Ambfilt (f6af59d6eee5e1c304f7f73706ad11d8) C:\WINDOWS\system32\drivers\Ambfilt.sys
    18:36:28.0046 5524 Ambfilt - ok
    18:36:28.0062 5524 amsint - ok
    18:36:28.0125 5524 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys
    18:36:28.0125 5524 androidusb - ok
    18:36:28.0156 5524 asc - ok
    18:36:28.0171 5524 asc3350p - ok
    18:36:28.0187 5524 asc3550 - ok
    18:36:28.0203 5524 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\WINDOWS\system32\drivers\AsIO.sys
    18:36:28.0203 5524 AsIO - ok
    18:36:28.0234 5524 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    18:36:28.0250 5524 AsyncMac - ok
    18:36:28.0265 5524 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    18:36:28.0265 5524 atapi - ok
    18:36:28.0265 5524 Atdisk - ok
    18:36:28.0296 5524 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    18:36:28.0296 5524 Atmarpc - ok
    18:36:28.0328 5524 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    18:36:28.0343 5524 audstub - ok
    18:36:28.0390 5524 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
    18:36:28.0390 5524 AVGIDSDriver - ok
    18:36:28.0406 5524 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
    18:36:28.0406 5524 AVGIDSEH - ok
    18:36:28.0406 5524 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
    18:36:28.0406 5524 AVGIDSFilter - ok
    18:36:28.0421 5524 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
    18:36:28.0421 5524 AVGIDSShim - ok
    18:36:28.0453 5524 Avgldx86 (1119e5bec6e749e0d292f0f84d48edba) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
    18:36:28.0468 5524 Avgldx86 - ok
    18:36:28.0484 5524 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
    18:36:28.0484 5524 Avgmfx86 - ok
    18:36:28.0484 5524 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
    18:36:28.0500 5524 Avgrkx86 - ok
    18:36:28.0515 5524 Avgtdix (354e0fec3bfdfa9c369e0f67ac362f9f) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
    18:36:28.0515 5524 Avgtdix - ok
    18:36:28.0546 5524 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    18:36:28.0546 5524 Beep - ok
    18:36:28.0562 5524 Cap7134 (8569724f8458cb9c0bfb5f5cad9e2e41) C:\WINDOWS\system32\DRIVERS\Cap7134.sys
    18:36:28.0578 5524 Cap7134 - ok
    18:36:28.0625 5524 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    18:36:28.0625 5524 cbidf2k - ok
    18:36:28.0734 5524 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    18:36:28.0734 5524 CCDECODE - ok
    18:36:28.0750 5524 cd20xrnt - ok
    18:36:28.0765 5524 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    18:36:28.0765 5524 Cdaudio - ok
    18:36:28.0781 5524 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    18:36:28.0781 5524 Cdfs - ok
    18:36:28.0796 5524 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    18:36:28.0796 5524 Cdrom - ok
    18:36:28.0812 5524 Changer - ok
    18:36:28.0812 5524 CmdIde - ok
    18:36:28.0828 5524 Cpqarray - ok
    18:36:28.0921 5524 cpuz132 - ok
    18:36:28.0921 5524 dac2w2k - ok
    18:36:28.0937 5524 dac960nt - ok
    18:36:28.0937 5524 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    18:36:28.0937 5524 Disk - ok
    18:36:28.0968 5524 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    18:36:28.0984 5524 dmboot - ok
    18:36:29.0000 5524 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    18:36:29.0000 5524 dmio - ok
    18:36:29.0015 5524 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    18:36:29.0015 5524 dmload - ok
    18:36:29.0031 5524 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    18:36:29.0031 5524 DMusic - ok
    18:36:29.0046 5524 dpti2o - ok
    18:36:29.0046 5524 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    18:36:29.0062 5524 drmkaud - ok
    18:36:29.0078 5524 euci5r (f8814fc20fe332aa5c89cb707d6667b2) C:\WINDOWS\system32\Drivers\euci5r.sys
    18:36:29.0078 5524 euci5r - ok
    18:36:29.0125 5524 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    18:36:29.0125 5524 Fastfat - ok
    18:36:29.0140 5524 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    18:36:29.0140 5524 Fdc - ok
    18:36:29.0156 5524 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    18:36:29.0156 5524 Fips - ok
    18:36:29.0187 5524 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    18:36:29.0187 5524 Flpydisk - ok
    18:36:29.0234 5524 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    18:36:29.0234 5524 FltMgr - ok
    18:36:29.0234 5524 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    18:36:29.0234 5524 Fs_Rec - ok
    18:36:29.0265 5524 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    18:36:29.0265 5524 Ftdisk - ok
    18:36:29.0312 5524 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    18:36:29.0312 5524 Gpc - ok
    18:36:29.0328 5524 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    18:36:29.0328 5524 HDAudBus - ok
    18:36:29.0359 5524 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    18:36:29.0359 5524 hidusb - ok
    18:36:29.0375 5524 hpn - ok
    18:36:29.0406 5524 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
    18:36:29.0453 5524 HPZid412 - ok
    18:36:29.0484 5524 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
    18:36:29.0484 5524 HPZipr12 - ok
    18:36:29.0515 5524 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
    18:36:29.0531 5524 HPZius12 - ok
    18:36:29.0562 5524 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    18:36:29.0578 5524 HTTP - ok
    18:36:29.0578 5524 i2omgmt - ok
    18:36:29.0593 5524 i2omp - ok
    18:36:29.0625 5524 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
    18:36:29.0625 5524 i8042prt - ok
    18:36:29.0640 5524 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    18:36:29.0640 5524 Imapi - ok
    18:36:29.0656 5524 ini910u - ok
    18:36:29.0765 5524 IntcAzAudAddService (1ae3cff80017ef89da959350724c7194) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    18:36:29.0781 5524 IntcAzAudAddService - ok
    18:36:29.0796 5524 IntelIde - ok
    18:36:29.0828 5524 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    18:36:29.0828 5524 intelppm - ok
    18:36:29.0843 5524 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    18:36:29.0859 5524 Ip6Fw - ok
    18:36:29.0875 5524 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    18:36:29.0890 5524 IpFilterDriver - ok
    18:36:29.0906 5524 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    18:36:29.0906 5524 IpInIp - ok
    18:36:29.0921 5524 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    18:36:29.0921 5524 IpNat - ok
    18:36:29.0921 5524 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    18:36:29.0937 5524 IPSec - ok
    18:36:29.0953 5524 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    18:36:29.0968 5524 IRENUM - ok
    18:36:29.0984 5524 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    18:36:30.0000 5524 isapnp - ok
    18:36:30.0015 5524 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    18:36:30.0015 5524 Kbdclass - ok
    18:36:30.0015 5524 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    18:36:30.0015 5524 kbdhid - ok
    18:36:30.0031 5524 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    18:36:30.0031 5524 kmixer - ok
    18:36:30.0062 5524 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    18:36:30.0062 5524 KSecDD - ok
    18:36:30.0078 5524 L1e (fa46f5d09edf93e0c71fe6500fe3f4ae) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys
    18:36:30.0078 5524 L1e - ok
    18:36:30.0093 5524 lbrtfdc - ok
    18:36:30.0171 5524 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
    18:36:30.0171 5524 LMIInfo - ok
    18:36:30.0203 5524 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
    18:36:30.0203 5524 lmimirr - ok
    18:36:30.0203 5524 LMIRfsClientNP - ok
    18:36:30.0234 5524 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    18:36:30.0234 5524 LMIRfsDriver - ok
    18:36:30.0312 5524 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    18:36:30.0312 5524 mnmdd - ok
    18:36:30.0359 5524 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    18:36:30.0359 5524 Modem - ok
    18:36:30.0421 5524 Monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\Monfilt.sys
    18:36:30.0453 5524 Monfilt - ok
    18:36:30.0468 5524 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    18:36:30.0468 5524 Mouclass - ok
    18:36:30.0515 5524 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    18:36:30.0515 5524 mouhid - ok
    18:36:30.0531 5524 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    18:36:30.0531 5524 MountMgr - ok
    18:36:30.0546 5524 mraid35x - ok
    18:36:30.0546 5524 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    18:36:30.0546 5524 MRxDAV - ok
    18:36:30.0578 5524 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    18:36:30.0578 5524 MRxSmb - ok
    18:36:30.0609 5524 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    18:36:30.0625 5524 Msfs - ok
    18:36:30.0640 5524 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    18:36:30.0640 5524 MSKSSRV - ok
    18:36:30.0656 5524 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    18:36:30.0656 5524 MSPCLOCK - ok
    18:36:30.0671 5524 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    18:36:30.0671 5524 MSPQM - ok
    18:36:30.0718 5524 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    18:36:30.0718 5524 mssmbios - ok
    18:36:30.0750 5524 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    18:36:30.0750 5524 MSTEE - ok
    18:36:30.0781 5524 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
    18:36:30.0781 5524 MTsensor - ok
    18:36:30.0812 5524 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    18:36:30.0812 5524 Mup - ok
    18:36:30.0843 5524 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    18:36:30.0843 5524 NABTSFEC - ok
    18:36:30.0859 5524 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    18:36:30.0859 5524 NDIS - ok
    18:36:30.0875 5524 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    18:36:30.0875 5524 NdisIP - ok
    18:36:30.0921 5524 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    18:36:30.0921 5524 NdisTapi - ok
    18:36:30.0937 5524 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    18:36:30.0937 5524 Ndisuio - ok
    18:36:30.0953 5524 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    18:36:30.0953 5524 NdisWan - ok
    18:36:30.0984 5524 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    18:36:30.0984 5524 NDProxy - ok
    18:36:31.0187 5524 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    18:36:31.0187 5524 NetBIOS - ok
    18:36:31.0203 5524 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    18:36:31.0203 5524 NetBT - ok
    18:36:31.0296 5524 nmwcd (48fb907b069524f2dc7ba62a0762850c) C:\WINDOWS\system32\drivers\ccdcmb.sys
    18:36:31.0312 5524 nmwcd - ok
    18:36:31.0328 5524 nmwcdc (2914ceb789964141ac6e22c6bc980c42) C:\WINDOWS\system32\drivers\ccdcmbo.sys
    18:36:31.0328 5524 nmwcdc - ok
    18:36:31.0343 5524 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    18:36:31.0343 5524 Npfs - ok
    18:36:31.0375 5524 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    18:36:31.0375 5524 Ntfs - ok
    18:36:31.0421 5524 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
    18:36:31.0421 5524 NuidFltr - ok
    18:36:31.0421 5524 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    18:36:31.0421 5524 Null - ok
    18:36:31.0546 5524 nv (bf506d232c5e6f2dae80f5c11b45c60e) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    18:36:31.0656 5524 nv - ok
    18:36:31.0703 5524 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    18:36:31.0703 5524 NwlnkFlt - ok
    18:36:31.0703 5524 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    18:36:31.0718 5524 NwlnkFwd - ok
    18:36:31.0750 5524 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    18:36:31.0750 5524 Parport - ok
    18:36:31.0781 5524 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    18:36:31.0781 5524 PartMgr - ok
    18:36:31.0796 5524 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    18:36:31.0796 5524 ParVdm - ok
    18:36:31.0828 5524 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
    18:36:31.0828 5524 pccsmcfd - ok
    18:36:31.0843 5524 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    18:36:31.0843 5524 PCI - ok
    18:36:31.0843 5524 PCIDump - ok
    18:36:31.0859 5524 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    18:36:31.0859 5524 PCIIde - ok
    18:36:31.0875 5524 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    18:36:31.0875 5524 Pcmcia - ok
    18:36:31.0890 5524 PDCOMP - ok
    18:36:31.0890 5524 PDFRAME - ok
    18:36:31.0906 5524 PDRELI - ok
    18:36:31.0906 5524 PDRFRAME - ok
    18:36:31.0921 5524 perc2 - ok
    18:36:31.0921 5524 perc2hib - ok
    18:36:32.0093 5524 PfFilter (8512a7a19959218711f884eecc1dbaeb) C:\Program Files\IObit\Protected Folder\pffilter.sys
    18:36:32.0093 5524 PfFilter - ok
    18:36:32.0156 5524 PhTVTune (12113dbdd972aa02979978ebd546da85) C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
    18:36:32.0171 5524 PhTVTune - ok
    18:36:32.0312 5524 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    18:36:32.0312 5524 PptpMiniport - ok
    18:36:32.0328 5524 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    18:36:32.0328 5524 PSched - ok
    18:36:32.0328 5524 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    18:36:32.0328 5524 Ptilink - ok
    18:36:32.0359 5524 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    18:36:32.0390 5524 PxHelp20 - ok
    18:36:32.0390 5524 ql1080 - ok
    18:36:32.0390 5524 Ql10wnt - ok
    18:36:32.0406 5524 ql12160 - ok
    18:36:32.0406 5524 ql1240 - ok
    18:36:32.0421 5524 ql1280 - ok
    18:36:32.0437 5524 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    18:36:32.0453 5524 RasAcd - ok
    18:36:32.0453 5524 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    18:36:32.0453 5524 Rasl2tp - ok
    18:36:32.0484 5524 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    18:36:32.0484 5524 RasPppoe - ok
    18:36:32.0484 5524 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    18:36:32.0484 5524 Raspti - ok
    18:36:32.0500 5524 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    18:36:32.0515 5524 Rdbss - ok
    18:36:32.0515 5524 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    18:36:32.0515 5524 RDPCDD - ok
    18:36:32.0531 5524 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    18:36:32.0531 5524 rdpdr - ok
    18:36:32.0562 5524 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    18:36:32.0562 5524 RDPWD - ok
    18:36:32.0578 5524 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    18:36:32.0578 5524 redbook - ok
    18:36:32.0625 5524 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    18:36:32.0640 5524 Secdrv - ok
    18:36:32.0656 5524 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    18:36:32.0656 5524 serenum - ok
    18:36:32.0671 5524 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    18:36:32.0671 5524 Serial - ok
    18:36:32.0687 5524 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    18:36:32.0687 5524 Sfloppy - ok
    18:36:32.0703 5524 Simbad - ok
    18:36:32.0718 5524 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    18:36:32.0718 5524 SLIP - ok
    18:36:32.0734 5524 Sparrow - ok
    18:36:32.0750 5524 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    18:36:32.0750 5524 splitter - ok
    18:36:32.0765 5524 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    18:36:32.0765 5524 sr - ok
    18:36:32.0796 5524 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    18:36:32.0796 5524 Srv - ok
    18:36:32.0843 5524 ssadbus (44f8037940aeed21b9587e5155917ec7) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
    18:36:32.0843 5524 ssadbus - ok
    18:36:32.0859 5524 ssadmdfl (608f189ca484ce9b2710fb9c833499cc) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys
    18:36:32.0859 5524 ssadmdfl - ok
    18:36:32.0875 5524 ssadmdm (9eb95f7e1875647c07156579489fe919) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys
    18:36:32.0890 5524 ssadmdm - ok
    18:36:32.0906 5524 ssadserd (c3af143be9a365aaa8df4f261656b846) C:\WINDOWS\system32\DRIVERS\ssadserd.sys
    18:36:32.0906 5524 ssadserd - ok
    18:36:32.0953 5524 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
    18:36:32.0953 5524 StillCam - ok
    18:36:33.0000 5524 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    18:36:33.0000 5524 streamip - ok
    18:36:33.0062 5524 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    18:36:33.0062 5524 swenum - ok
    18:36:33.0093 5524 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    18:36:33.0109 5524 swmidi - ok
    18:36:33.0125 5524 symc810 - ok
    18:36:33.0125 5524 symc8xx - ok
    18:36:33.0140 5524 sym_hi - ok
    18:36:33.0140 5524 sym_u3 - ok
    18:36:33.0171 5524 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    18:36:33.0171 5524 sysaudio - ok
    18:36:33.0218 5524 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    18:36:33.0218 5524 Tcpip - ok
    18:36:33.0250 5524 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    18:36:33.0250 5524 TDPIPE - ok
    18:36:33.0281 5524 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    18:36:33.0296 5524 TDTCP - ok
    18:36:33.0328 5524 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    18:36:33.0328 5524 TermDD - ok
    18:36:33.0343 5524 TosIde - ok
    18:36:33.0359 5524 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    18:36:33.0359 5524 Udfs - ok
    18:36:33.0406 5524 ultra - ok
    18:36:33.0453 5524 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    18:36:33.0468 5524 Update - ok
    18:36:33.0500 5524 upperdev (e526a166e6acafd0a9b3841d3941669e) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
    18:36:33.0500 5524 upperdev - ok
    18:36:33.0546 5524 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    18:36:33.0625 5524 usbccgp - ok
    18:36:33.0750 5524 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    18:36:33.0781 5524 usbehci - ok
    18:36:33.0921 5524 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    18:36:33.0953 5524 usbhub - ok
    18:36:34.0125 5524 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    18:36:34.0156 5524 usbprint - ok
    18:36:34.0281 5524 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    18:36:34.0281 5524 usbscan - ok
    18:36:34.0296 5524 UsbserFilt (6f3e3c6811b930d2414552a2e4a40f36) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
    18:36:34.0296 5524 UsbserFilt - ok
    18:36:34.0343 5524 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    18:36:34.0359 5524 USBSTOR - ok
    18:36:34.0375 5524 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    18:36:34.0375 5524 usbuhci - ok
    18:36:34.0421 5524 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    18:36:34.0421 5524 usb_rndisx - ok
    18:36:34.0453 5524 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    18:36:34.0453 5524 VgaSave - ok
    18:36:34.0453 5524 ViaIde - ok
    18:36:34.0468 5524 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    18:36:34.0468 5524 VolSnap - ok
    18:36:34.0515 5524 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    18:36:34.0515 5524 Wanarp - ok
    18:36:34.0593 5524 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
    18:36:34.0593 5524 Wdf01000 - ok
    18:36:34.0609 5524 WDICA - ok
    18:36:34.0671 5524 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    18:36:34.0687 5524 wdmaud - ok
    18:36:34.0890 5524 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    18:36:34.0921 5524 WpdUsb - ok
    18:36:35.0000 5524 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    18:36:35.0000 5524 WSTCODEC - ok
    18:36:35.0031 5524 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    18:36:35.0031 5524 WudfPf - ok
    18:36:35.0046 5524 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    18:36:35.0046 5524 WudfRd - ok
    18:36:35.0078 5524 MBR (0x1B8) (9c603bc3977968c891de319283e1e7af) \Device\Harddisk0\DR0
    18:36:35.0109 5524 \Device\Harddisk0\DR0 ( Trojan-Clicker.Win32.Wistler.c ) - infected
    18:36:35.0109 5524 \Device\Harddisk0\DR0 - detected Trojan-Clicker.Win32.Wistler.c (0)
    18:36:35.0109 5524 Boot (0x1200) (ce9da8123cdf2c16e5382ecdfa4b0abb) \Device\Harddisk0\DR0\Partition0
    18:36:35.0109 5524 \Device\Harddisk0\DR0\Partition0 - ok
    18:36:35.0109 5524 ============================================================
    18:36:35.0109 5524 Scan finished
    18:36:35.0109 5524 ============================================================
    18:36:35.0109 5692 Detected object count: 1
    18:36:35.0109 5692 Actual detected object count: 1
    18:37:15.0312 5692 \Device\Harddisk0\DR0 ( Trojan-Clicker.Win32.Wistler.c ) - will be cured on reboot
    18:37:15.0312 5692 \Device\Harddisk0\DR0 - ok
    18:37:15.0312 5692 \Device\Harddisk0\DR0 ( Trojan-Clicker.Win32.Wistler.c ) - User select action: Cure
    18:37:24.0250 0880 Deinitialize success

  4. #4
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default



    There may be more to remove, run DDS and post a new log

    Then run this program, make sure to update it when it asks

    Download aswMBR.exe ( 511KB ) to your desktop.

    Double click the aswMBR.exe to run it

    Click the "Scan" button to start scan


    On completion of the scan click save log, save it to your desktop and post in your next reply
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Member
    Join Date
    Sep 2008
    Posts
    30

    Default

    DDS:
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by Zecharia Nacson at 6:55:52 on 2011-10-04
    Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3071.1876 [GMT 2:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ASUS\Turbo Key\TurboKey.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\PROGRA~1\INTERV~1\WinDVR\WINSCH~1.EXE
    C:\Program Files\InterVideo\WinDVR\WinRemote.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
    C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    svchost.exe
    C:\WINDOWS\system32\CSDRV32.EXE
    C:\Program Files\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\Program Files\MySQL\bin\mysqld-nt.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\SDistTest\SDistTestSvc.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ynet.co.il/
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
    BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File
    BHO: {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No File
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {54B02808-B60E-44CD-A72D-9865117E4E62} - No File
    BHO: AGFormHelperObj Class: {6620e618-1ab9-4eb2-aca4-cbbe9066dbe6} - c:\progra~1\agat\agform\AGFORM~1.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
    TB: AGForms: {ed2e7de7-07db-4941-a06d-f780b93ba730} - c:\program files\agat\agform\AGForms.dll
    EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
    EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [<NO NAME>]
    uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
    uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
    uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Turbo Key] "c:\program files\asus\turbo key\TurboKey.exe"
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [WINSCHEDULER] c:\progra~1\interv~1\windvr\WINSCH~1.EXE
    mRun: [WinRemote] "c:\program files\intervideo\windvr\WinRemote.exe"
    mRun: [pdfFactory Dispatcher v2] "c:\windows\system32\spool\drivers\w32x86\3\fppdis2a.exe" /source=HKLM
    mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
    mRun: [<NO NAME>]
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10i_ActiveX.exe -update activex
    StartupFolder: c:\documents and settings\zecharia nacson\start menu\programs\startup\Microsoft Office Groove.lnk.disabled
    StartupFolder: c:\docume~1\zechar~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-af00-7760-100000000002}\SC_Acrobat.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: MasavPackage - hxxps://www.masav-online.co.il/Masav/EFT/CustApp/MasavPackage.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/61.18/uploader2.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/RACtrl.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{D080C2CE-DD1E-43E3-8CDE-D557EC572906} : DhcpNameServer = 192.168.2.1
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: LMIinit - LMIinit.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
    R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.00\AsSysCtrlService.exe [2009-12-17 86016]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-27 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-5-31 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-11-19 47640]
    R2 PfFilter;PfFilter;c:\program files\iobit\protected folder\pffilter.sys [2011-5-12 140848]
    R2 SDisTestService;SpybotSnD Distributed Testing;c:\program files\sdisttest\SDistTestSvc.exe [2010-8-7 907680]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
    R3 euci5r;CryptoIdentity Reader;c:\windows\system32\drivers\euci5r.sys [2003-4-11 35778]
    R3 PhTVTune;TV Capture Card WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [2009-12-18 19616]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-17 1684736]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-9-22 30312]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 947528]
    S3 cpuz132;cpuz132;\??\c:\docume~1\zechar~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\zechar~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-14 135664]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-9-22 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-9-22 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-9-22 136808]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2011-9-22 114280]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    .
    =============== Created Last 30 ================
    .
    2011-09-30 08:19:37 -------- d-----w- c:\documents and settings\zecharia nacson\application data\EFSoftware
    2011-09-30 08:19:17 -------- d-----w- c:\program files\EF Commander Free
    2011-09-22 19:40:36 -------- d-----w- c:\windows\system32\System32
    2011-09-22 19:31:22 -------- d-----w- c:\documents and settings\zecharia nacson\local settings\application data\Samsung
    2011-09-22 19:30:49 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys
    2011-09-22 19:30:48 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
    2011-09-22 19:30:48 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
    2011-09-22 19:30:48 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
    2011-09-22 19:30:47 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
    2011-09-22 19:30:47 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
    2011-09-22 19:30:47 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
    2011-09-22 19:29:48 4659712 ----a-w- c:\windows\system32\Redemption.dll
    2011-09-22 19:29:39 821824 ----a-w- c:\windows\system32\dgderapi.dll
    2011-09-22 19:29:39 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys
    2011-09-22 19:29:39 -------- d-----w- c:\program files\MarkAny
    2011-09-22 19:29:17 -------- d-----w- c:\program files\Samsung
    2011-09-22 19:29:17 -------- d-----w- c:\documents and settings\zecharia nacson\application data\Samsung
    2011-09-22 19:29:17 -------- d-----w- c:\documents and settings\all users\application data\Samsung
    2011-09-17 17:17:03 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-09-17 17:17:03 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-09-17 17:16:38 -------- d-----w- c:\documents and settings\zecharia nacson\local settings\application data\PC_Drivers_Headquarters
    2011-09-17 17:16:03 -------- d-----w- c:\documents and settings\all users\application data\Easy Driver Pro
    2011-09-13 19:43:53 -------- d-----w- c:\documents and settings\all users\application data\UAB
    2011-09-13 19:11:03 -------- d-----w- c:\documents and settings\zecharia nacson\application data\uTorrent
    .
    ==================== Find3M ====================
    .
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-03 10:17:37 599040 ----a-w- c:\windows\system32\SETBE.tmp
    2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
    2011-07-06 13:32:48 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2011-07-06 13:32:36 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
    2011-07-06 13:32:28 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2011-07-06 13:32:28 29568 ----a-w- c:\windows\system32\LMIport.dll
    2004-10-01 12:00:16 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    .
    ============= FINISH: 6:57:40.62 ===============



    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-04 07:05:43
    -----------------------------
    07:05:43.921 OS Version: Windows 5.1.2600 Service Pack 3
    07:05:43.921 Number of processors: 4 586 0x170A
    07:05:43.921 ComputerName: ENJ-7FB4A0003BF UserName: Zecharia Nacson
    07:05:44.781 Initialize success
    07:09:46.156 AVAST engine defs: 11100301
    07:09:50.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-6
    07:09:50.218 Disk 0 Vendor: ST3500418AS CC37 Size: 476940MB BusType: 3
    07:09:52.234 Disk 0 MBR read successfully
    07:09:52.234 Disk 0 MBR scan
    07:09:52.250 Disk 0 Windows XP default MBR code
    07:09:52.265 Disk 0 scanning sectors +976752000
    07:09:52.312 Disk 0 scanning C:\WINDOWS\system32\drivers
    07:10:01.765 Service scanning
    07:10:03.609 Modules scanning
    07:10:07.375 Disk 0 trace - called modules:
    07:10:07.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
    07:10:07.406 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac4fab8]
    07:10:07.406 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000072[0x8ac359e8]
    07:10:07.421 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-6[0x8ac68d98]
    07:10:08.328 AVAST engine scan C:\WINDOWS
    07:10:21.265 AVAST engine scan C:\WINDOWS\system32
    07:12:09.375 AVAST engine scan C:\WINDOWS\system32\drivers
    07:12:32.125 AVAST engine scan C:\Documents and Settings\Zecharia Nacson
    07:22:15.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Zecharia Nacson\Desktop\MBR.dat"
    07:22:15.109 The log file has been saved successfully to "C:\Documents and Settings\Zecharia Nacson\Desktop\aswMBR.txt"
    Last edited by ken545; 2011-10-04 at 10:07.

  6. #6
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,

    Please just copy and paste the reports into this thread in lew of attaching them, its easier for me to analyse .

    Looks like the rootkit is gone but I am looking at a couple of questionable entries in your DDS log.



    Please download Malwarebytes from Here or Here

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected .
    • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
    Post the report please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Member
    Join Date
    Sep 2008
    Posts
    30

    Smile Malwarebytes Results

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7867

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    04/10/2011 18:59:59
    mbam-log-2011-10-04 (18-59-59).txt

    Scan type: Quick scan
    Objects scanned: 211646
    Time elapsed: 21 minute(s), 57 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

  8. #8
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Wonderful. What we like to do to be sure we did not miss anything is do a free online virus scanner.

    How is everything running now by the way ????????


    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the icon on your desktop.
    4. Check
    5. Click the button.
    6. Accept any security warnings from your browser.
    7. Check
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push
    12. Push , and save the file to your desktop using a unique name, such as
      ESETScan. Include the contents of this report in your next reply.
    13. Push the button.
    14. Push
    Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  9. #9
    Member
    Join Date
    Sep 2008
    Posts
    30

    Default Eset

    Eset came with "No threats found"
    No log was produced.
    Zac

  10. #10
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Great, is all ok ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •