Other > Viruses and worms

My gmer and hijackthis log files can someone take a look

<< < (3/3)

essexboy:
You do have a lot of security systems on your computer, so they may be obscuring something

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools


[*]Double click on ComboFix.exe & follow the prompts.


[*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


[*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.[/list]

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

ViralCode:
Here is the combofix log.

essexboy:

--- Quote ---R0 EnumProcessesDriver;EnumProcessesDriver;c:\windows\system32\drivers\EnumProcessesDriver.sys [3/24/2010 11:11 AM 15888]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [3/23/2010 8:10 AM 28552]
R1 1UnHooker;1UnHooker;c:\windows\system32\drivers\1UnHooker.sys [3/2/2010 11:15 PM 22016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/25/2010 1:10 AM 162768]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [4/24/2010 12:56 AM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/9/2010 4:11 AM 95024]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [3/21/2010 7:06 AM 1872320]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [4/24/2010 12:54 AM 1195008]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/25/2010 1:10 AM 19024]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [4/24/2010 12:55 AM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [4/24/2010 12:56 AM 257432]
R3 nokiappo;Nokia Internet Stick Wireless Modem Power Policy Service;c:\windows\system32\drivers\nokiappo.sys [6/23/2009 12:34 PM 27008]
S0 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys --> c:\windows\system32\drivers\rk_remover.sys [?]
S2 KillTheHooker;KillTheHooker;\??\c:\documents and settings\Administrator\Desktop\TDL3 Razor\TizerBruteForceEx.sys --> c:\documents and settings\Administrator\Desktop\TDL3 Razor\TizerBruteForceEx.sys [?]
S3 AMoniterDriver;Antiy Labs Process creation detector.;\??\c:\program files\Antiy Labs\AModule\AMonitorDriver.sys --> c:\program files\Antiy Labs\AModule\AMonitorDriver.sys [?]
S3 Antiy-Product-Protect;Antiy-Product-Protect;\??\c:\program files\Antiy Labs\AModule\ProAntiy.sys --> c:\program files\Antiy Labs\AModule\ProAntiy.sys [?]
S3 AntiyFirewall;AntiyFirewall;\??\c:\windows\system32\drivers\AntiyFW.sys --> c:\windows\system32\drivers\AntiyFW.sys [?]
S3 BCASPROT;Advanced System Protector;\??\c:\program files\Systweak\Advanced System Protector\sasprot32.sys --> c:\program files\Systweak\Advanced System Protector\sasprot32.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\51.tmp --> c:\windows\system32\51.tmp [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [1/20/2010 1:11 AM 24416]
S3 rspSanity;rspSanity;c:\windows\system32\drivers\rspSanity32.sys [3/7/2010 2:48 AM 27192]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
S3 uty3nde4;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\uty3nde4.sys --> c:\windows\system32\Drivers\uty3nde4.sys [?]
S4 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCORE.exe --> c:\program files\Comodo\CBOClean\BOCORE.exe [?]
S4 DET;DET;c:\docume~1\ADMINI~1\LOCALS~1\Temp\DET.exe --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\DET.exe [?]
--- End quote ---
All of these drivers are security related - it is a wonder that your system runs at all

What problems are you having

ViralCode:
Now i dont been having much problems lately. I have used many antiviruses in my system but i have allways unistalled them after using them but maybe they have not uninstalled totally. Anyways i dont know if the three files that combofix quarantined are malicious or not. I have scanned them at virustotal but the files are not detected as malicious.

essexboy:
I feel that they are either or files, CF tries to determine what the files are linked to and whether or not the location is correct.  It might be worth using the uninstall tools to ensure that all the low level drivers for old AV's are gone

Navigation

[0] Message Index

[*] Previous page

Go to full version