Poss svchost issue

You are way out of date with your version of SUPERAntiSpyware.

• Please uninstall your current version (this is necessary).
• Then download this SUPERAntiSpyware
• Install this new version. It may tell you that you need to reboot to complete the installation. You must reboot at this time.
• After the reboot, run SUPERAntiSpyware and immediately click the Check for Updates button to get more updates for the database.
• Now run a new full scan of your system. And attach this new log.

Also you are way out of data with your version of MGtools.

Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

Run MGtools.exe ( Note: If using Vista or Win7, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )

Now attach the below log:

• C:\MGlogs.zip

 

I have a few comments about this.

1. I did not ask you to update ComboFix.
2. SUPERAntiSpyware only updates that databases for detections when you update it. When the program version changes, it has to be uninstalled and then reinstalled to get the proper program version. Then you have to update the databases again.
3. MGtools absolutely does not do anything to automatically update. There is no such feature built into. And old versions should not be kept. It is always supposed to be redownloaded before using as it changes all the time.

 

There is no obvious sign of malware in your logs. The only questionable thing I see right now is in your partitioning information which shows the below

Code:

Partition Disk #0, Partition #0 
Partition Size 11.72 GB (12,582,912,000 bytes) 
Partition Starting Offset 1,048,576 bytes 
Partition Disk #0, Partition #1 
Partition Size 100.00 MB (104,857,600 bytes) 
Partition Starting Offset 12,583,960,576 bytes 
Partition Disk #0, Partition #2 
Partition Size 286.27 GB (307,382,018,048 bytes) 
Partition Starting Offset 12,688,818,176 bytes 

Did you do this? Is that 100 MB ( 100 Megabyte ) partition something you did to do multi-booting or something with VMware? This partition is also the active partition rather than your Windows installation drive being the active partition. This is something that recent TDL infections having been doing. Although they normal insert their infected partition at the end of the partition table and not in the middle. So what is the 11.72 GB partition for an what is the 100 MB partition for?



Goto the below link and follow the instructions for running TDSSKiller from Kaspersky ( use this link as your version is old ),

• TDSSkiller - How to run

• Be sure to attach your log from TDSSKiller

Now please also download MBRCheck to your desktop.

See the download links under this icon http://forums.majorgeeks.com/chaslang/images/MGDownloadLoc.gif

• Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
• It will show a Black screen with some information that will contain either the below line if no problem is found:
  • Done! Press ENTER to exit...
• Or you will see more information like below if a problem is found:
  • Found non-standard or infected MBR.
  • Enter 'Y' and hit ENTER for more options, or 'N' to exit:
• Either way, just choose to exit the program at this point since we want to see only the scan results to begin with.
• MBRCheck will create a log named similar to MBRCheck_07.16.10_00.32.33.txt which is random based on date and time.
• Attach this log to your next message. (See: HOW TO: Attach Items To Your Post )

Also let's see if the below will help with your complaint about permissions.

Download SubInACL.msi from Microsoft.

• Now double click on SubInACL.msi to run the installer. Accept any prompts you get about installing this.
• Now download the below file and save it to your Desktop:
  • resetperm-x64.cmd
• Now right click onresetperm.cmd and select Run As Administrator to run this script. Be patient as this may take awhile to run. Also it is imperative that you Run As Administrator. This is not the same thing as your user account having administrator priviledges.

Once it finishes, reboot your PC and see if it helped.

 

But it is not just free space according to your logs. I see the below showing it to be your active boot partition

Code:

Get Partition Info From WMI in K-bytes                          
==============================================================  
Bootable  Name                   Size          Type                     
FALSE     Disk #0, Partition #0  12582912000   Unknown                  
TRUE      Disk #0, Partition #1  104857600     Installable File System  
FALSE     Disk #0, Partition #2  307382018048  Installable File System 

I think you should have Disk #0, Partition #2 as your active boot partition. I'm not sure if this 100 MB partition is an infected one or not but we have been seeing quite a few of them that are.

 

They aren't! The 100 MB partition which is too small to be any real operating system is active. You need to make the Windows 7 partition the active. You need to boot from your Windows 7 DVD to do this. The bootrec /fixboot command run from the command prompt in the System Recovery Environment should be able to do this. If it does not boot up after this. The rebooting from the DVD and running Startup Repair may fix it.

You really should backup all important data before making any changes.