ROOTKIT found, Desktop Icons flickering and web browser tempremental

[benny1987]

HELP!!!!!!!!
Running windows vista and having some problems. I have ran scans, logs too big to post i have attached the four problems found

13:35:33.0964 4300   DNIMp50         (2782a4549cc6558c52b0753126b2a833) C:\Windows\system32\Drivers\DNIMp50.sys
13:35:33.0990 4300   DNIMp50 ( UnsignedFile.Multi.Generic ) - warning
13:35:33.0990 4300   DNIMp50 - detected UnsignedFile.Multi.Generic (1)
13:35:34.0010 4300   DNISp50         (b222622709a919c91cb54a90cf7ceefc) C:\Windows\system32\Drivers\DNISp50.sys
13:35:34.0016 4300   DNISp50 ( UnsignedFile.Multi.Generic ) - warning
13:35:34.0017 4300   DNISp50 - detected UnsignedFile.Multi.Generic (1)

13:35:38.0429 4300   jswpsapi        (78d233d835a8876035ac559afe02b940) C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe
13:35:38.0456 4300   jswpsapi ( UnsignedFile.Multi.Generic ) - warning
13:35:38.0456 4300   jswpsapi - detected UnsignedFile.Multi.Generic (1)

13:35:48.0674 4300   SCDEmu          (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
13:35:48.0680 4300   SCDEmu ( UnsignedFile.Multi.Generic ) - warning
13:35:48.0680 4300   SCDEmu - detected UnsignedFile.Multi.Generic (1)

ANY IDEAS GUYS??? Been going on for about a month now, avast found the rootkit this morning.

[iroc9555]

Welcome to Avast! forums Benny

Follow this guide: http://forum.avast.com/index.php?topic=53253.0

 and attach ( Do not copy/paste ) logs for malwarebytes', OTL, and aswMBR.exe here:

Where an expert in the removal of malware will help you.

[benny1987]

Thank you,

Shall i start a new post with my logs etc?? Sorry i'm new to all this.

[iroc9555]

Thank you,

Shall i start a new post with my logs etc?? Sorry i'm new to all this.

No, Continue here. Remember to attach the logs. Do not copy/paste. To attach them look for " Attachments and other options " in blue color at the end of the box when elaborating a reply.

[essexboy]

Monitoring

[benny1987]

Thanks for your help, one more attachment to follow...

[essexboy]

Hi there I see you are also running ad-aware antivirus...  That may be the cause of the apparent rootkits.   I would highly recommend that you only have one antivirus

 Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL


Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://www.searchqu.com/web?src=ieb&appid=73&systemid=101&sr=0&q={searchTerms}
  IE - HKU\S-1-5-21-3764034677-3449208877-2795386744-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://www.searchqu.com/web?src=ieb&appid=73&systemid=101&sr=0&q={searchTerms}
  O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
  O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
  O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
  O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
  O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  O20 - AppInit_DLLs: (c:\progra~1\wi9130~1\datamngr\datamngr.dll) - c:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
  O20 - AppInit_DLLs: (c:\progra~1\wi9130~1\datamngr\iebho.dll) - c:\Program Files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
  
  :Files
  ipconfig /flushdns /c
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[benny1987]

Hope thats right....thanks for your time man

[essexboy]

Could you attach the aswMBR log please

Also have you considered what to keep as your antivirus.... Ad-aware or Avast ?

[benny1987]

I have uninstalled ad-aware now.

[essexboy]

Three of the files are related to your network and the fourth is for an ISO utility

Are you experiencing any problems now ?

[benny1987]

Yes the icons on my desktop flicker erratically for a few seconds and then back to normal. As i try to load either IE9 or google crome a web page opens flickers and reloads a fresh page which is works fine.

[essexboy]

Could be worth updating your video driver