Tech Support Forum banner
Not open for further replies.
1 - 3 of 3 Posts

1 Posts
Discussion Starter · #1 ·
Me and my father have recently been "fighting" a really hardy virus!
We have no idea where it came from, or even what it's name is!

It started off as a DNS changer! We would constantly be redirected by many popular search engines to rather simple websites we didn't specify,
I.e I click on the Nvidia website, and I am redirected to Myspace.
(Oh and INSANELY slow internet)

We found it was a trojan that was being rather annoying to get rid of, so instead of attempting to get rid of it, we thought we'd just white wash the computers on our network, both computers needed a good spring clean!

So we disconnected from the network, formatted the computers and totally factory reset the router and unplugged it from the modem for a while.
I was the first to re-install Windows to see if we'd gotten rid of it!

I booted up for the first time, everything seemed "hunky-dory"
I installed my drivers and loaded up Google. Viola! No more redirecting is going on! We thought we had it totally sussed! My dad reinstalled Windows on his, and we felt like we were the owners of our computers again!

However, not long after our internet remained VERY slow, and my computer has even slowed down quite a bit, we are peaking at a 0.34 kb/sec on a 10mb connection.
It's insane! we even got in contact with our ISP, and went through the whole procedure of checking it was not a hardware fault.

NOTHING! so as it stands we simply cannot find out the issue at all! it's driving us nuts! our internet is so slow, its hardly usable! it's hard enough posting on these forums! Any help would be greatly appreciated!!

DDS (Ver_09-05-14.01) - NTFSx86
Run by James at 17:39:38.39 on 20/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.496 [GMT 1:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\James\LOCALS~1\Temp\Temporary Directory 1 for\gmer.exe
C:\Documents and Settings\James\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://
uInternet Settings,ProxyOverride = *.local
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\james\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Alcmtr] ALCMTR.EXE
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-5-9 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-5-9 24336]
R1 SDManager;SDManager;\??\c:\program files\spywaredetector\sdmanager.sys --> c:\program files\spywaredetector\SDManager.sys [?]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-5-9 700152]

=============== Created Last 30 ================

2009-05-20 17:08 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-05-19 22:31 69 a------- c:\windows\NeroDigital.ini
2009-05-19 22:23 <DIR> --d----- c:\program files\Nero
2009-05-19 22:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-05-13 16:58 63 a------- c:\windows\system\SysSD.dll
2009-05-13 16:57 <DIR> --d----- c:\program files\SpywareDetector
2009-05-13 00:43 5,504 ac------ c:\windows\system32\dllcache\mstee.sys
2009-05-13 00:43 5,504 a------- c:\windows\system32\drivers\MSTEE.sys
2009-05-13 00:43 10,880 ac------ c:\windows\system32\dllcache\ndisip.sys
2009-05-13 00:43 10,880 a------- c:\windows\system32\drivers\NdisIP.sys
2009-05-13 00:43 16,384 ac------ c:\windows\system32\dllcache\
2009-05-13 00:43 16,384 a------- c:\windows\system32\
2009-05-13 00:43 15,360 ac------ c:\windows\system32\dllcache\streamip.sys
2009-05-13 00:43 15,360 a------- c:\windows\system32\drivers\StreamIP.sys
2009-05-13 00:42 11,136 ac------ c:\windows\system32\dllcache\slip.sys
2009-05-13 00:42 11,136 a------- c:\windows\system32\drivers\SLIP.sys
2009-05-13 00:42 19,328 ac------ c:\windows\system32\dllcache\wstcodec.sys
2009-05-13 00:42 19,328 a------- c:\windows\system32\drivers\WSTCODEC.SYS
2009-05-13 00:42 85,376 ac------ c:\windows\system32\dllcache\nabtsfec.sys
2009-05-13 00:42 85,376 a------- c:\windows\system32\drivers\NABTSFEC.sys
2009-05-13 00:42 17,024 ac------ c:\windows\system32\dllcache\ccdecode.sys
2009-05-13 00:42 17,024 a------- c:\windows\system32\drivers\CCDECODE.sys
2009-05-12 20:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Hagel Technologies
2009-05-12 20:26 <DIR> --d----- c:\program files\TweakMASTER
2009-05-09 16:26 26,496 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-05-09 16:24 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-05-09 16:24 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-09 16:23 <DIR> --d----- c:\program files\iPod
2009-05-09 16:23 <DIR> --d----- c:\program files\iTunes
2009-05-09 16:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-09 16:23 <DIR> --d----- c:\program files\Bonjour
2009-05-09 04:06 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-05-09 04:06 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-05-09 04:06 <DIR> --d----- c:\windows\system32\Lang
2009-05-09 04:03 155,384 a------- c:\windows\system32\guard32.dll
2009-05-09 04:03 110,992 a------- c:\windows\system32\drivers\cmdguard.sys
2009-05-09 04:03 24,336 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-05-09 04:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-05-09 04:03 <DIR> --d----- c:\program files\COMODO
2009-05-09 03:35 <DIR> --d----- c:\program files\Realtek
2009-05-09 02:35 <DIR> --d----- c:\documents and settings\james\Tracing
2009-05-09 02:35 <DIR> --d----- c:\program files\Microsoft
2009-05-09 02:34 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-05-09 02:29 82,944 a------- c:\windows\system32\drivers\wdmaud.sys
2009-05-09 02:29 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-05-09 02:27 130,048 ac------ c:\windows\system32\dllcache\
2009-05-09 02:27 4,096 ac------ c:\windows\system32\dllcache\ksuser.dll
2009-05-09 02:27 130,048 a------- c:\windows\system32\
2009-05-09 02:27 4,096 a------- c:\windows\system32\ksuser.dll
2009-05-09 02:27 2,944 a------- c:\windows\system32\drivers\msmpu401.sys
2009-05-09 02:27 146,048 ac------ c:\windows\system32\dllcache\portcls.sys
2009-05-09 02:27 60,288 ac------ c:\windows\system32\dllcache\drmk.sys
2009-05-09 02:27 146,048 a------- c:\windows\system32\drivers\portcls.sys
2009-05-09 02:27 60,288 a------- c:\windows\system32\drivers\drmk.sys
2009-05-09 02:27 10,624 a------- c:\windows\system32\drivers\gameenum.sys
2009-05-09 02:27 27,165 a------- c:\windows\system32\drivers\fetnd5.sys
2009-05-09 02:27 74,240 a------- c:\windows\system32\usbui.dll
2009-05-09 02:27 44,672 a------- c:\windows\system32\drivers\UAGP35.SYS
2009-05-09 02:25 <DIR> --d----- c:\program files\common files\ODBC
2009-05-09 02:25 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-05-09 02:24 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-05-09 02:22 399,645 ac------ c:\windows\system32\dllcache\MAPIMIG.CAT
2009-05-09 02:21 <DIR> --d----- C:\Documents and Settings
2009-05-09 02:20 261 a------- c:\windows\system32\$winnt$.inf
2009-05-09 02:16 <DIR> --d----- c:\program files\common files\Windows Live
2009-05-09 02:11 <DIR> --d----- c:\program files\VIA
2009-05-09 01:37 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-05-09 01:37 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-05-09 01:36 <DIR> --d----- c:\program files\common files\MSSoap
2009-05-09 01:34 <DIR> --d----- c:\program files\Online Services
2009-05-09 01:33 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-05-09 01:33 <DIR> --d----- c:\program files\Messenger
2009-05-09 01:33 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-05-09 01:32 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-05-13 14:43 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-09 03:35 315,392 a------- c:\windows\HideWin.exe
2009-05-09 01:34 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 17:40:24.26 ===============


Premium Member
29,790 Posts
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.


I see no sign of infection in your logs. Please try a different browser, IE or FF. Same results?

Does COMODO find anything with a system scan?

Were you able to complete an online scan with ESET? Can you post the scan results?

Have you checked your COMODO Firewall settings?


Open Notepad and copy/paste the entire contents of the quotebox below into Notepad:

regedit /a peek.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32"
notepad peek.txt
Save this as peek.bat Choose to Save type as - All Files then close the Notepad file.
It should look like this:

Double-click on peek.bat and allow it to run. A Notepad file will open. Copy/paste that information into your next reply, please. Please delete the file afterwards.


Premium Member
29,790 Posts
Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

1 - 3 of 3 Posts
Not open for further replies.