Again troubles. anti malware spyware.

spywareremover1 by webmarketer

Hi my PC has been out of action for some months now.

Avast 4.8 is detecting C:\WINDOWS\system32\drivers\plvodftu.sys as infected by the Rootkit from my thread title.

I'm at a loss on how to clean things up. Firefox has been knocked out and IE only works slightly. Spam Emails are generated and sent out which Avast makes alerts for.

Feeling quite sheepish and the amateur

Please help!

Here's the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:15:54 PM, on 2/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WinUtilities\WO.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 – BHO: Adobe PDF Reader Link Helper – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {5C255C8A-E604-49b4-9D64-90988571CECB} – (no file)
O2 – BHO: RoboForm – {724d43a9-0d85-11d4-9908-00400523e39a} – C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 – BHO: Windows Live Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: Java(tm) Plug-In 2 SSV Helper – {DBC80044-A445-435b-BC74-9C25C1C588A9} – C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 – BHO: JQSIEStartDetectorImpl – {E7E6F031-17CE-4C07-BC86-EABFE594F69C} – C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 – Toolbar: &RoboForm – {724d43a0-0d85-11d4-9908-00400523e39a} – C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 – HKLM\..\Run: C:\WINDOWS\System32\igfxtray.exe
O4 – HKLM\..\Run: C:\WINDOWS\System32\hkcmd.exe
O4 – HKLM\..\Run: C:\WINDOWS\System32\igfxpers.exe
O4 – HKLM\..\Run: "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 – HKLM\..\Run: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 – HKLM\..\Run: "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 – HKLM\..\Run: "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 – HKLM\..\Run: E:\Setup.exe
O4 – HKLM\..\Run: C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 – HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 – HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 – HKLM\..\Run: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 – HKLM\..\Run: [WinUtilities Quick Launcher] C:\Program Files\WinUtilities\WO.exe /autorun
O4 – HKLM\..\Run: "C:\Program Files\iTunes\iTunesHelper.exe"
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 – HKLM\..\Run: "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 – HKCU\..\Run: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 – HKCU\..\Run: [XemiComputers Scheduler] C:\Program Files\XemiComputers\Smooth Program Scheduler\Scheduler.exe
O4 – HKCU\..\Run: "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 – HKCU\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 – HKCU\..\Run: C:\Program Files\The Cleaner\tcap.exe
O4 – Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 – Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 – Extra context menu item: Customize Menu – file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Fill Forms – file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 – Extra context menu item: RoboForm Toolbar – file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 – Extra context menu item: Save Forms – file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 – Extra button: Fill Forms – {320AF880-6646-11D3-ABEE-C5DBF3571F46} – file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 – Extra 'Tools' menuitem: Fill Forms – {320AF880-6646-11D3-ABEE-C5DBF3571F46} – file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 – Extra button: Save – {320AF880-6646-11D3-ABEE-C5DBF3571F49} – file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 – Extra 'Tools' menuitem: Save Forms – {320AF880-6646-11D3-ABEE-C5DBF3571F49} – file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 – Extra button: RoboForm – {724d43aa-0d85-11d4-9908-00400523e39a} – file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 – Extra 'Tools' menuitem: RoboForm Toolbar – {724d43aa-0d85-11d4-9908-00400523e39a} – file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 – Extra button: Research – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} (TNSClicker.Clicker) – http://www.shopandscan.com/TNSClicker.CAB
O16 – DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) – http://offers.e-centives.com/cif/dow…in/actxcab.cab
O16 – DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} – http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 – DPF: {EBB176D2-AF75-4706-832F-4C8448F72757} (TNSClickerc.Clicker) – http://www.shopandscan.com/TNSClickrc.CAB
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 – Winlogon Notify: !SASWinLogon – C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 – Service: a-squared Free Service (a2free) – Emsi Software GmbH – C:\Program Files\a-squared Free\a2service.exe
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: Apple Mobile Device – Apple Inc. – C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – ALWIL Software – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 – Service: avast! Web Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 – Service: Bonjour Service – Apple Inc. – C:\Program Files\Bonjour\mDNSResponder.exe
O23 – Service: FLEXnet Licensing Service – Macrovision Europe Ltd. – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: Java Quick Starter (JavaQuickStarterService) – Sun Microsystems, Inc. – C:\Program Files\Java\jre6\bin\jqs.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\system32\HPZipm12.exe


End of file – 9525 bytes

hialeah

Removal Spyware Utility

 
 
 
 
 
>>> Removal Spyware Utility <<<
 
 
>>> Click here to proceed <<<
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Free tools and utilities to help you detect, identify and remove spyware andadware including browser hijackers, web bugs, tracking cookies and other. Use it to scan your computer to help protect, clean,. Di seguito una lista dei programmi più removal spyware utility per rimuovere o prevenire l'installazione di software contenente Spyware nel nostro PC. Scan your computer to find spyware anti virus download changed by removal spyware utility , malware or otherunwanted programs. e8a720380d Stop the removal spyware utility malware from running at boot time with a utility that controls . Windows Live safety scanner is an online service that upack virus can use for free spyware removal . Providers of the most world best antivirus software anti-virus and free spyware removal software,Ad-Aware. Norton AntiVirus, Internet security, and anti- spyware products for the home.Solutions to manage removal spyware utility risk and maximize IT performance for business. Windows Live safety scanner is an online service that you can use for free spyware removal . PC Magazine, PCPro, mcafee virusscan 8.0 download Plus, PC Authority, PC Utilities , PC Advisor, PC Choice, Microdatorn,.
Windows Live safety scanner is an online best antivirus for os x apple that you can use for free spyware removal . Scan your computer to influenza virus hemagglutinin spyware utility settings changed by spyware , malware or otherunwanted programs. Free tools and utilities to help you detect, identify and remove spyware andadware including browser hijackers, web bugs, tracking cookies and other. spyware popup ads Click Spy Clean anti spyware software checks yoru computer for spyware ,malwareand safely removes them for secure internet surfing. Di seguito una lista dei programmi più diffusi per rimuovere o prevenire l'installazione di software contenente Spyware nel nostro PC. Windows Defender eliminates detected spyware easily at your direction, and ifyou inadvertently remove programs that you actually want, it's easy to get. Windows Defender eliminates detected spyware easily at your direction, and ifyou inadvertently remove programs that you actually want, it's virus pc help to get. Trend Micro check spybot sum generates an in-depth report to enable. Di seguito una lista removal spyware utility programmi spyware 30 day trial diffusi per rimuovere o prevenire l'installazione di software contenente Spyware nel nostro PC. Trend Micro HijackThis generates an in-depth report to enable. Award winning free spyware removal software from PC Tools. Free tools and utilities to help you detect, identify and remove spyware andadware including browser hijackers, web bugs, tracking cookies and other. Trend Micro Anti- Spyware for the Web is free online Spyware removal. Free tools and utilities to help you detect, identify and remove spyware andadware including browser hijackers, web bugs, tracking cookies removal spyware utility other. Award winning free spyware removal software from PC Tools. PC Magazine, PCPro, PC Plus, PC Authority, PC Utilities , PC Advisor, PC Choice, Microdatorn,.

Not good enough for us to find malware, see the below:

Welcome to Major Geeks!

Please read ALL of this message including the notes before doing anything.

Pleases follow the instructions in the below link:

READ & RUN ME FIRST. Malware Removal Guide

and attach the requested logs when you finish these instructions.

  • **** If something does not run, write down the info to explain to us later but keep on going. ****
  • Do not assume that because one step does not work that they all will not. MGtools will frequently run even when all other tools will not.

  • After completing the READ & RUN ME and attaching your logs, make sure that you tell us what problems still remain ( if any still do )!

Helpful Notes:

  1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode, you can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    • Starting your computer in Safe mode
  2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware and Malwarebytes ( links are given in the READ & RUN ME) onto another PC and then burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes you could use a flash drive too but flash drives are writeable and infections can spread to them.
  3. If you cannot seem to login to an infected user account, try using a different user account (if you have one) in either normal or safe boot mode and running only SUPERAntiSpyware and Malwarebytes while logged into this other user account. Then reboot and see if you can log into the problem user account. If you can then run SUPERAntiSpyware, Malwarebytes, ComboFix and MGtools on the infected account as requested in the instructions.
  4. To avoid additional delay in getting a response, it is strongly advised that after completing the READ & RUN ME you also read this sticky:
    • Don't Bump! It Only Hurts You!!!

Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.




Powered by www.freeblogs.co.za and My Sales Team

Tags:

This entry was posted on Wednesday, February 17th, 2010 at 3:39 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.