Solved From AntiVirus2010 to Server Not Found

[madogmurpy]

So as of last night I have been on a near 24 hour debugging/learning binge attempting to cleanse my roommate's computer of the trillions of malware and Trojan programs he HAD on his laptop. I believe I managed to clean his system very thoroughly, though I can't be certain. 24 hours ago I didn't know a damn thing about wiping spy ware except how to press full system scan.

Anyway to the point, I'm praying this is the last step of this process which is to simply connect his internet. Here is the tricky part, his laptop is connected to our Netgear router AND has internet access (proven by the fact I can download Avast updates), but when I try opening any web browser I get the server not found error. Ipconfig /all returns with 192.168.1.2 which I made his designated address via the router (mine is 192.168.1.3). Dhcp is set to auto and his DNS server is returning 192.168.1.1.

This is the part where I'm totally lost. I've tried about every setting I know via Wireless Networks>Properties>Tcp, renaming his computer and network group, rebooting the router, updating the router's firmware, updating his wireless card driver, rolling back said driver, CMD /K SC QC DHCP, checking AFD NetBios and TcIP in the Reg, the cmd netsh reset, and likely tons of other hot fixes I found online that I'm forgetting to mention.

As far as removing the malware goes I installed Avast, Spybot SnD, Malwarebyte, HiJackThis, and CCleaner along with another Regfix I can't recall the name of. I even installed a .txt to .dll program because for the first half of the process everytime I rebooted the laptop everything in quarantine would get released and every Antivirus program I installed would be deleted from the Reg and need to be reinstalled (Thanks much, AntiVirus2010).

I won't ramble much more, I'm interested in hearing what you pros think. If you need HijackThis logs or something of the sort just post and I'll get back to you ASAP. Thanks in advance


System Info-
Microsoft Windows XP Professional Version 2002 SP3
Pentium Dual-Core CPU T4200@2Ghz
3.46GB Ram
Intel WiFi Link 5100 AGN Internal Wireless Card

Of note in Device Manager>Non-Plug and Play>Parport and Serial have the yellow exclamation mark with Code24 (This device is not present, is not working properly, or does not have all its drivers installed.) All other N-P and Play Drivers are working fine.

Also under MyComputer>Properties>Environment Variables, the Path variable lead to a Quicktime directory, I changed that to C:\WINDOWS\system32;C:\WINDOWS.

Edit: I'm working on getting the logs from his laptop to mine at the moment. I do read stickies

 

[madogmurpy]

Here are the logs.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4886

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

10/19/2010 7:00:39 PM
mbam-log-2010-10-19 (19-00-39).txt

Scan type: Full scan (C:\|)
Objects scanned: 184925
Time elapsed: 34 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:03:41 PM, on 10/19/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\xpm09_6047v002\wdm\STacSV.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot\TeaTimer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\All Users\Desktop\Trend Micro\winlogon.exe\winlogon.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\xpm09_6047v002\wdm\STacSV.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (file missing)
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--
End of file - 6371 bytes


GMER 1.0.15.15477 - http://www.gmer.net
Rootkit scan 2010-10-19 19:28:59
Windows 5.1.2600 Service Pack 3
Running: xhmc5y02.exe; Driver: C:\DOCUME~1\DEVINM~1\LOCALS~1\Temp\awtyipow.sys


---- System - GMER 1.0.15 ----

SSDT 8A883270 ZwAllocateVirtualMemory
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0x9D8CBCF0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0x9D8CBBAC] <-- ROOTKIT !!!
SSDT 8A8748E8 ZwCreateProcess
SSDT 8A880EB8 ZwCreateProcessEx
SSDT 8A8578B8 ZwCreateThread
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0x9D8CC160] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0x9D8CC08A] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0x9D8CB782] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0x9D8CBC86] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0x9D8CB6C2] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0x9D8CB726] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0x9D8CBDA6] <-- ROOTKIT !!!
SSDT 8A85C138 ZwQueueApcThread
SSDT 8A875240 ZwReadVirtualMemory
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0x9D8CC22E] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0x9D8CBD66] <-- ROOTKIT !!!
SSDT 8A8805B8 ZwSetContextThread
SSDT 8A8562E8 ZwSetInformationKey
SSDT 8A875B10 ZwSetInformationProcess
SSDT 8A880C80 ZwSetInformationThread
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0x9D8CBEE6] <-- ROOTKIT !!!
SSDT 8A883450 ZwSuspendProcess
SSDT 8A87F1C8 ZwSuspendThread
SSDT 8A875980 ZwTerminateProcess
SSDT 8A881240 ZwTerminateThread
SSDT 8A82B1A0 ZwWriteVirtualMemory

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x9D8D89D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x9D8D8B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CA0 8050453C 8 Bytes CALL 38DACC89
.text ntkrnlpa.exe!ZwCallbackReturn + 2F6C 80504808 4 Bytes CALL 6EDACD6F
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP 9D8D8B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP 9D8D89D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP 9D8D45D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP 9D8D5FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1572] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 8A8579F0
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 8A890208
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 8A890208
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 8A8579F0
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 8A8579F0
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 8A890208
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 8A890208
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 8A8579F0
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 8A890208
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 8A8579F0
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 8A890208
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] 8A890208
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] 8A8579F0
IAT \SystemRoot\system32\DRIVERS\atmarpc.sys[NDIS.SYS!NdisRegisterProtocol] 8A890208
IAT \SystemRoot\system32\DRIVERS\atmarpc.sys[NDIS.SYS!NdisDeregisterProtocol] 8A8579F0
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 8A890208
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 8A8579F0

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \Driver\Tcpip \Device\Ip 89BD46E8
Device \Driver\Tcpip \Device\Ip 85C15820
Device \Driver\Tcpip \Device\Ip 85F17460
Device \Driver\Tcpip \Device\Ip 85DE1238
Device \Driver\Tcpip \Device\Ip 85E2CB90

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Tcp 89BD46E8
Device \Driver\Tcpip \Device\Tcp 85C15820
Device \Driver\Tcpip \Device\Tcp 85F17460
Device \Driver\Tcpip \Device\Tcp 85DE1238
Device \Driver\Tcpip \Device\Tcp 85E2CB90

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\Udp 89BD46E8
Device \Driver\Tcpip \Device\Udp 85C15820
Device \Driver\Tcpip \Device\Udp 85F17460
Device \Driver\Tcpip \Device\Udp 85DE1238
Device \Driver\Tcpip \Device\Udp 85E2CB90

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\RawIp 89BD46E8
Device \Driver\Tcpip \Device\RawIp 85C15820
Device \Driver\Tcpip \Device\RawIp 85F17460
Device \Driver\Tcpip \Device\RawIp 85DE1238
Device \Driver\Tcpip \Device\RawIp 85E2CB90

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Tcpip \Device\IPMULTICAST 89BD46E8
Device \Driver\Tcpip \Device\IPMULTICAST 85C15820
Device \Driver\Tcpip \Device\IPMULTICAST 85F17460
Device \Driver\Tcpip \Device\IPMULTICAST 85DE1238
Device \Driver\Tcpip \Device\IPMULTICAST 85E2CB90

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [MANUAL] vbmadd74 <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\vbmadd74@Start 3
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbmadd74@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbmadd74@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\vbmadd74@DisplayName Virtual Bus for Microsoft ACPI-Compliant System
Reg HKLM\SYSTEM\ControlSet002\Services\vbmadd74@Start 3
Reg HKLM\SYSTEM\ControlSet002\Services\vbmadd74@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\vbmadd74@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\Services\vbmadd74@DisplayName Virtual Bus for Microsoft ACPI-Compliant System

---- EOF - GMER 1.0.15 ----

 

[Broni]

Welcome aboard

with another Regfix

Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html
Never use them.

Judging from GMER log, your computer is still infected.

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

 

[madogmurpy]

DDS (Ver_10-10-10.03) - NTFSx86
Run by Devin Marks at 20:07:11.01 on Tue 10/19/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.3026 [GMT -5:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\xpm09_6047v002\wdm\STacSV.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Devin Marks\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot\TeaTimer.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Lexmark 4200 Series] "c:\program files\lexmark 4200 series\lxbmbmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\devinm~1\applic~1\mozilla\firefox\profiles\ncmgdi9m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.golfwrx.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16046&locale=en_US&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\mozilla firefox\plugins\npipcd3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npiPLATO_22.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-19 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-19 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-19 40384]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-3-23 108160]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2010-3-23 160256]
S0 cerc6;cerc6; [x]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;"c:\program files\webroot\webrootsecurity\spysweeper.exe" --> c:\program files\webroot\webrootsecurity\SpySweeper.exe [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-19 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-19 40384]
S3 DFBCFDBA;DFBCFDBA; [x]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

=============== Created Last 30 ================

2010-10-19 20:58:32 -------- d-----w- c:\windows\pss
2010-10-19 20:22:39 55972 ----a-w- c:\windows\system32\IPNAT.SYs
2010-10-19 20:13:56 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2010-10-19 14:16:51 38848 ----a-w- c:\windows\avastSS.scr
2010-10-19 13:06:36 -------- d-----w- c:\program files\Spybot
2010-10-19 11:56:17 -------- d-----w- c:\docume~1\devinm~1\locals~1\applic~1\Help
2010-10-19 11:51:25 -------- d-----w- c:\program files\CCleaner
2010-10-19 11:26:49 -------- d-----w- c:\docume~1\devinm~1\applic~1\Resource Tuner
2010-10-19 11:26:39 -------- d-----w- c:\program files\Resource Tuner
2010-10-19 10:29:43 -------- d-----w- c:\program files\bisquick
2010-10-19 10:06:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-19 10:06:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-19 06:39:36 388096 ----a-r- c:\docume~1\devinm~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-10-19 06:12:43 -------- d-----w- c:\windows\system32\appmgmt
2010-10-19 04:36:30 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-10-19 04:36:30 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-10-19 04:21:08 -------- d--h--w- c:\windows\PIF
2010-10-19 03:54:45 -------- d-----w- c:\windows\system32\Trend Micro
2010-10-19 03:51:42 -------- d-----w- c:\windows\Trend Micro
2010-10-19 03:49:07 -------- d-----w- c:\program files\Trend Micro
2010-10-19 00:08:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-10-18 23:15:00 -------- d-----w- c:\program files\MSSOAP
2010-10-17 19:08:34 -------- d-----w- c:\program files\Webroot
2010-10-17 17:56:41 -------- d-----w- c:\docume~1\devinm~1\applic~1\Malwarebytes
2010-10-17 17:56:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-17 17:56:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-17 17:56:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-17 17:56:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-10-16 22:46:49 -------- d-----w- c:\windows\system32\LogFiles
2010-10-10 22:31:56 -------- d-----w- c:\documents and settings\devin marks\tmp
2010-10-01 05:09:52 -------- d-----w- c:\program files\iPod
2010-10-01 05:09:49 -------- d-----w- c:\program files\iTunes
2010-10-01 05:07:13 -------- d-----w- c:\program files\Bonjour
2010-09-23 20:48:46 8192 ----a-w- c:\program files\mozilla firefox\plugins\npiPLATO_22.dll
2010-09-23 20:48:46 8192 ----a-w- c:\program files\mozilla firefox\plugins\npipcd3.dll
2010-09-23 20:48:46 8192 ----a-w- c:\program files\internet explorer\plugins\npiPLATO_22.dll
2010-09-23 20:48:46 8192 ----a-w- c:\program files\internet explorer\plugins\npipcd3.dll
2010-09-23 20:48:44 32768 ----a-w- c:\windows\system32\PHONETIC.FON
2010-09-23 20:48:44 -------- d-----w- c:\windows\PWLN

==================== Find3M ====================

2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16:29 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49:49 369664 ----a-w- c:\windows\system32\html.iec
2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-27 23:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 23:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 20:07:33.00 ===============





DDS (Ver_10-10-10.03)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/23/2010 3:08:14 AM
System Uptime: 10/19/2010 5:11:22 PM (3 hours ago)

Motherboard: Dell Inc. | | 0G848F
Processor: Intel Pentium III Xeon processor | Microprocessor | 1995/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 261.844 GiB free.
E: is CDROM (UDF)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) WiFi Link 5100 AGN
Device ID: PCI\VEN_8086&DEV_4232&SUBSYS_13218086&REV_00\4&1CD20F91&0&00E1
Manufacturer: Intel Corporation
Name: Intel(R) WiFi Link 5100 AGN
PNP Device ID: PCI\VEN_8086&DEV_4232&SUBSYS_13218086&REV_00\4&1CD20F91&0&00E1
Service: NETw5x32

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_02AA1028&REV_13\4&243EA0D2&0&00E2
Manufacturer: Marvell
Name: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_02AA1028&REV_13\4&243EA0D2&0&00E2
Service: yukonwxp

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02AA1028&REV_03\3&61AAA01&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02AA1028&REV_03\3&61AAA01&0&FB
Service:

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
avast! Free Antivirus
Bonjour
CCleaner
Dell Resource CD
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
HiJackThis
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IDT Audio
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 18
Lexmark 4200 Series
LimeWire 5.5.7
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Mozilla Firefox (3.6.10)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
PLATO Web Learning Network Clients
QuickTime
Realtek Card Reader
Resource Tuner 1.99 R6
Safari
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spy Sweeper Core
Spybot - Search & Destroy
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
USB2.0 Card Reader Software
VLC media player 1.0.5
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Xilisoft DVD Ripper Ultimate

==== Event Viewer Messages From Past Week ========

10/19/2010 8:38:39 AM, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
10/19/2010 8:38:16 AM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
10/19/2010 8:37:53 AM, error: Service Control Manager [7034] - The Marvell Yukon Service service terminated unexpectedly. It has done this 1 time(s).
10/19/2010 2:38:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
10/18/2010 7:07:31 PM, error: Service Control Manager [7001] - The ATM ARP Client Protocol service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/18/2010 7:06:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/18/2010 7:06:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/18/2010 11:39:33 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
10/18/2010 11:35:15 PM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
10/18/2010 11:34:19 PM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
10/17/2010 2:33:38 PM, error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
10/17/2010 2:33:38 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952506 (0x8007277A).
10/17/2010 2:33:38 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The requested service provider could not be loaded or initialized.
10/17/2010 2:33:38 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The requested service provider could not be loaded or initialized.
10/17/2010 2:33:38 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2147952506
10/17/2010 2:33:26 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file '80000002.sys' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
10/17/2010 2:11:49 PM, error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: Access is denied.
10/17/2010 2:11:49 PM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service WebrootSpySweeperService with arguments "" in order to run the server: {1281A68F-9E75-418F-B3AC-D5B23DD86408}
10/17/2010 2:11:17 PM, error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
10/17/2010 2:10:58 PM, error: LDMS [3023] - The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\ide#cdromoptiarc_dvd+-rw_ad-7560s________________sd03____#4&3c2934d&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 2.
10/17/2010 2:10:53 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file '000000c0.sym' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
10/16/2010 5:33:18 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'L' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
10/15/2010 1:06:11 PM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0022FB3029F4 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

 

[Broni]

Thank you

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

 

[madogmurpy]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000014

Kernel Drivers (total 122):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 sshrmd.sys
0xBA0C8000 ssfs0bbc.sys
0xB9F3A000 ssidrv.sys
0xB9F0D000 \WINDOWS\system32\DRIVERS\NDIS.SYS
0xBA328000 \WINDOWS\system32\DRIVERS\TDI.SYS
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA0D8000 MountMgr.sys
0xB9EEE000 ftdisk.sys
0xBA5AC000 dmload.sys
0xB9EC8000 dmio.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9DEF000 iastor.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9DCF000 fltMgr.sys
0xB9DB8000 KSecDD.sys
0xB9D2B000 Ntfs.sys
0xB9D11000 Mup.sys
0xBA710000 \SystemRoot\System32\Drivers\vbmadd74.SYS
0xB9CD1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xB89E1000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xB89CD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA3A8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB89A9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3B0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8981000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA208000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA350000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA390000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA218000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA228000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA238000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB6E7F000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA398000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xB9750000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xB974C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xBA248000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xBA7B6000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA258000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9748000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB6E68000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA268000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA278000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB6E2F000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA288000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB7D82000 \SystemRoot\System32\Drivers\pcouffin.sys
0xB2C5F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB6DD9000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA62C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB2BED000 \SystemRoot\system32\DRIVERS\update.sys
0xB7C7C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB6DC9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB6DA9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA630000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xA27D9000 \SystemRoot\system32\drivers\sthda.sys
0xA27B5000 \SystemRoot\system32\drivers\portcls.sys
0xB6D59000 \SystemRoot\system32\drivers\drmk.sys
0xA279A000 \SystemRoot\system32\drivers\AESTAud.sys
0xBA638000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA6EB000 \SystemRoot\System32\Drivers\Null.SYS
0xBA63A000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA468000 \SystemRoot\System32\drivers\vga.sys
0xBA63C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA63E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA4B0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA388000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB3CA1000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA2307000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA22AE000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB3D1A000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xA2288000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA2238000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB3D0A000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA2200000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xA21DE000 \SystemRoot\System32\drivers\afd.sys
0xB3CFA000 \SystemRoot\system32\DRIVERS\Ip6Fw.sys
0xB3CEA000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA115E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9FA86000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA1537000 \SystemRoot\System32\Drivers\Fips.SYS
0x9D8EA000 \SystemRoot\System32\Drivers\RTS5121.sys
0x9D8C3000 \SystemRoot\System32\Drivers\aswSP.SYS
0xBA380000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0x99AB8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0x986DD000 \SystemRoot\System32\Drivers\dump_iastor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0x98FBF000 \SystemRoot\System32\drivers\Dxapi.sys
0x99766000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xA0356000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF058000 \SystemRoot\System32\igxpdv32.DLL
0xBF297000 \SystemRoot\System32\igxpdx32.DLL
0xB9CCD000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xBA138000 \SystemRoot\system32\DRIVERS\atmarpc.sys
0xBA5A0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x98686000 \SystemRoot\System32\Drivers\aswMon2.SYS
0x98581000 \SystemRoot\system32\drivers\wdmaud.sys
0x9F332000 \SystemRoot\system32\drivers\sysaudio.sys
0x98256000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0x9974E000 \SystemRoot\System32\drivers\aspi32.sys
0x9810E000 \SystemRoot\system32\DRIVERS\srv.sys
0x97DAD000 \SystemRoot\System32\Drivers\HTTP.sys
0x99726000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x97A51000 \SystemRoot\System32\Drivers\Udfs.SYS
0x97A3A000 \??\C:\DOCUME~1\DEVINM~1\LOCALS~1\Temp\awtyipow.sys
0x979CF000 \SystemRoot\system32\drivers\kmixer.sys
0x97658000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 45):
0 System Idle Process
4 System
716 C:\WINDOWS\system32\smss.exe
780 csrss.exe
804 C:\WINDOWS\system32\winlogon.exe
848 C:\WINDOWS\system32\services.exe
860 C:\WINDOWS\system32\lsass.exe
1016 C:\WINDOWS\system32\svchost.exe
1096 svchost.exe
1136 C:\WINDOWS\system32\svchost.exe
1208 svchost.exe
1256 svchost.exe
1572 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1796 C:\WINDOWS\system32\LEXBCES.EXE
1824 C:\WINDOWS\system32\spoolsv.exe
1872 C:\Program Files\IDT\XPM09_6047v002\WDM\stacsv.exe
1884 C:\WINDOWS\system32\LEXPPS.EXE
660 C:\WINDOWS\explorer.exe
1156 C:\WINDOWS\system32\AESTFltr.exe
1164 C:\Program Files\IDT\WDM\sttray.exe
1216 C:\WINDOWS\system32\igfxtray.exe
1224 C:\WINDOWS\system32\hkcmd.exe
1232 C:\WINDOWS\system32\igfxpers.exe
1240 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
1292 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1340 C:\WINDOWS\system32\igfxsrvc.exe
1464 C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
1512 C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
1520 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1860 C:\WINDOWS\system32\ctfmon.exe
304 svchost.exe
424 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
468 C:\Program Files\Bonjour\mDNSResponder.exe
508 C:\WINDOWS\system32\cisvc.exe
2100 C:\WINDOWS\system32\inetsrv\inetinfo.exe
2144 C:\Program Files\Java\jre6\bin\jqs.exe
2264 C:\WINDOWS\system32\snmp.exe
2496 C:\WINDOWS\system32\svchost.exe
2576 C:\WINDOWS\system32\rundll32.exe
3564 alg.exe
3660 C:\WINDOWS\system32\wscntfy.exe
1728 C:\WINDOWS\system32\cidaemon.exe
3904 C:\WINDOWS\system32\cidaemon.exe
2608 C:\WINDOWS\system32\svchost.exe
4008 C:\Documents and Settings\Devin Marks\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3255GSX, Rev: FG010D

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[madogmurpy]

Sleep is so good


2010/10/20 09:09:35.0671 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
2010/10/20 09:09:35.0671 ================================================================================
2010/10/20 09:09:35.0671 SystemInfo:
2010/10/20 09:09:35.0671
2010/10/20 09:09:35.0671 OS Version: 5.1.2600 ServicePack: 3.0
2010/10/20 09:09:35.0671 Product type: Workstation
2010/10/20 09:09:35.0671 ComputerName: DEVINSLAPTOP
2010/10/20 09:09:35.0687 UserName: Devin Marks
2010/10/20 09:09:35.0687 Windows directory: C:\WINDOWS
2010/10/20 09:09:35.0687 System windows directory: C:\WINDOWS
2010/10/20 09:09:35.0687 Processor architecture: Intel x86
2010/10/20 09:09:35.0687 Number of processors: 2
2010/10/20 09:09:35.0687 Page size: 0x1000
2010/10/20 09:09:35.0687 Boot type: Normal boot
2010/10/20 09:09:35.0687 ================================================================================
2010/10/20 09:09:35.0859 Initialize success
2010/10/20 09:09:46.0406 ================================================================================
2010/10/20 09:09:46.0406 Scan started
2010/10/20 09:09:46.0406 Mode: Manual;
2010/10/20 09:09:46.0406 ================================================================================
2010/10/20 09:09:46.0734 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/10/20 09:09:46.0828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/20 09:09:46.0890 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/20 09:09:47.0046 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/20 09:09:47.0078 AESTAud (fde8ed2c9280afb8975894aa78eef59f) C:\WINDOWS\system32\drivers\AESTAud.sys
2010/10/20 09:09:47.0203 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/10/20 09:09:47.0390 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2010/10/20 09:09:47.0500 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010/10/20 09:09:47.0531 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/10/20 09:09:47.0640 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/10/20 09:09:47.0671 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
2010/10/20 09:09:47.0765 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/10/20 09:09:47.0812 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/20 09:09:47.0906 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
2010/10/20 09:09:47.0953 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/20 09:09:48.0000 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/20 09:09:48.0109 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/20 09:09:48.0171 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/20 09:09:48.0250 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/20 09:09:48.0312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/20 09:09:48.0437 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/20 09:09:48.0500 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2010/10/20 09:09:48.0578 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2010/10/20 09:09:48.0671 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/20 09:09:48.0796 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/20 09:09:48.0921 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/20 09:09:48.0937 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/20 09:09:48.0984 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/20 09:09:49.0015 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/20 09:09:49.0062 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/20 09:09:49.0171 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2010/10/20 09:09:49.0203 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/20 09:09:49.0328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2010/10/20 09:09:49.0375 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/10/20 09:09:49.0453 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/20 09:09:49.0484 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/20 09:09:49.0609 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/10/20 09:09:49.0640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/20 09:09:49.0718 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/10/20 09:09:49.0765 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/20 09:09:49.0828 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/20 09:09:49.0984 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/20 09:09:50.0265 ialm (d1359e54d9755d28e56b17a352ab8aae) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2010/10/20 09:09:50.0546 iastor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\drivers\iastor.sys
2010/10/20 09:09:50.0593 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/20 09:09:50.0750 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/20 09:09:50.0781 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/10/20 09:09:50.0828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/20 09:09:50.0890 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/20 09:09:50.0937 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/20 09:09:51.0000 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/20 09:09:51.0109 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/20 09:09:51.0140 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/20 09:09:51.0234 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/20 09:09:51.0296 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/20 09:09:51.0343 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/20 09:09:51.0515 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/20 09:09:51.0562 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/20 09:09:51.0656 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/20 09:09:51.0750 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/20 09:09:51.0796 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/20 09:09:51.0937 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/20 09:09:52.0062 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/20 09:09:52.0156 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/20 09:09:52.0203 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/20 09:09:52.0312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/20 09:09:52.0343 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/20 09:09:52.0390 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/20 09:09:52.0515 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/20 09:09:52.0531 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/20 09:09:52.0656 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/20 09:09:52.0703 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/20 09:09:53.0015 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/20 09:09:53.0046 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/20 09:09:53.0078 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/20 09:09:53.0203 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/20 09:09:53.0375 NETw5x32 (cfe1981a47a2f7650a1ef8917dc4d1c3) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2010/10/20 09:09:53.0578 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/20 09:09:53.0625 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/20 09:09:53.0671 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/20 09:09:53.0796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/20 09:09:53.0812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/20 09:09:53.0875 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2010/10/20 09:09:53.0968 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/20 09:09:54.0015 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/20 09:09:54.0015 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/20 09:09:54.0109 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/20 09:09:54.0218 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2010/10/20 09:09:54.0359 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/20 09:09:54.0437 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/10/20 09:09:54.0453 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/20 09:09:54.0531 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/20 09:09:54.0578 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/20 09:09:54.0656 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/20 09:09:54.0671 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/20 09:09:54.0703 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/20 09:09:54.0765 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/20 09:09:54.0828 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/10/20 09:09:54.0953 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/20 09:09:55.0109 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/20 09:09:55.0171 RSUSBSTOR (030442f08aec1a5d7cf035cc514374b9) C:\WINDOWS\system32\Drivers\RTS5121.sys
2010/10/20 09:09:55.0312 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/20 09:09:55.0406 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2010/10/20 09:09:55.0437 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/20 09:09:55.0515 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/20 09:09:55.0640 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/20 09:09:55.0687 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/20 09:09:55.0796 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys
2010/10/20 09:09:55.0890 sshrmd (e041026dafa17af2610afc4da8f4ea14) C:\WINDOWS\system32\DRIVERS\sshrmd.sys
2010/10/20 09:09:55.0890 ssidrv (5a40b485825cc31b3a49bb4701b30d35) C:\WINDOWS\system32\DRIVERS\ssidrv.sys
2010/10/20 09:09:55.0984 STHDA (a6bb841c40aaa1dc692484bd3912a961) C:\WINDOWS\system32\drivers\sthda.sys
2010/10/20 09:09:56.0046 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/20 09:09:56.0171 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/20 09:09:56.0234 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/20 09:09:56.0375 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/20 09:09:56.0500 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2010/10/20 09:09:56.0531 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/20 09:09:56.0640 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/20 09:09:56.0671 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/20 09:09:56.0796 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2010/10/20 09:09:56.0828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/20 09:09:56.0968 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/20 09:09:57.0109 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/10/20 09:09:57.0156 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/20 09:09:57.0296 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/20 09:09:57.0312 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/20 09:09:57.0437 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/20 09:09:57.0468 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/20 09:09:57.0578 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/20 09:09:57.0625 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/20 09:09:57.0625 Suspicious service (NoAccess): vbmadd74
2010/10/20 09:09:57.0734 vbmadd74 (66682ba7fb5a55dffe8089d32d9fc927) C:\WINDOWS\system32\drivers\vbmadd74.sys
2010/10/20 09:09:57.0750 vbmadd74 - detected Locked service (1)
2010/10/20 09:09:57.0796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/20 09:09:57.0843 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/20 09:09:57.0968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/20 09:09:58.0125 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/20 09:09:58.0203 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/10/20 09:09:58.0359 yukonwxp (109b497d481490be0a31c390fce9bffe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2010/10/20 09:09:58.0500 ================================================================================
2010/10/20 09:09:58.0500 Scan finished
2010/10/20 09:09:58.0500 ================================================================================
2010/10/20 09:09:58.0515 Detected object count: 1
2010/10/20 09:10:08.0609 Locked service(vbmadd74) - User select action: Skip

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   NOTE1. If Combofix asks you to install Recovery Console, please allow it.
   NOTE 2. If Combofix asks you to update the program, always do so.
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[madogmurpy]

Combofix is asking to download Microsoft Windows Recovery Console but I do not have internet access on the PC that needs it. I'm looking for the file on the Windows XP SP3 reinstall cd but is there a way to download on my computer? I'm running Windows 7.

 

[Broni]

I do not have internet access on the PC that needs it

So far, all I know is, that browsers don't work.
We didn't really check, if you have connection, or not.
Agree to install recovery console.
If you really don't have any connection, it simply won't install.
No harm done, for now.

 

[madogmurpy]

The scan is running now, but in the meantime my roommates friend just brought his Mac over and it too can not connect to the internet. By manually inserting the ip address 192.168.1.4 I managed to make it connect to the router (whereas on all automatic settings it would not) but still no internet connection. I'm starting to think whatever the internet problem is may have to do with the firmware the router updated to a 2-3? days ago.

And as I typed this the scan finished and gave me the BSOD with error

IRQL_NOT_LESS_OR_EQUAL
STOP: 0X0000000A (0X00000076, 0X0000001C, 0X00000000, 0X804FA276)

I'll try running again in with a normal boot, followed by safe mode if necessary.

 

[Broni]

Go ahead and you'll have to call your ISP to fix your connection.
We'll need to run some tools, which will require internet connection, at least to get them updated.

 

[madogmurpy]

The internet problem would have to do with my ISP? That seems odd considering I'm connected to the router in question on my computer and the internet works beautifully (gaming has never been this lag free without Doofus stealing my bandwith ). I know this may be a long shot but is it possible my computer has a virus overloading the router? In fact the custom scan I did with Avast to scan every file/root/memory page just came back positive with 7 viruses. If you think that's not the case though I'd prefer to wait before I fix those.

Before I go to bed I'll do a manual factory reset on the router and see if that at least gets the Mac working.

ComboFix just finished, no BSOD this time with regular boot. Here's the log:


ComboFix 10-10-20.01 - Devin Marks 10/20/2010 22:05:35.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.3139 [GMT -5:00]
Running from: c:\documents and settings\Devin Marks\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\.wtav
c:\documents and settings\Devin Marks\Application Data\inst.exe
c:\windows\system32\Cache

.
((((((((((((((((((((((((( Files Created from 2010-09-21 to 2010-10-21 )))))))))))))))))))))))))))))))
.

2010-10-19 21:45 . 2010-10-19 21:45 -------- d-----w- c:\documents and settings\mat
2010-10-19 20:22 . 2008-04-14 12:00 55972 ----a-w- c:\windows\system32\IPNAT.SYs
2010-10-19 20:21 . 2010-10-19 20:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-10-19 20:13 . 2008-04-14 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2010-10-19 14:16 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-19 14:16 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-19 14:16 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-19 14:16 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-19 14:16 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-19 14:16 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-19 14:16 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-19 14:16 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-19 14:16 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-19 13:06 . 2010-10-19 13:19 -------- d-----w- c:\program files\Spybot
2010-10-19 11:56 . 2010-10-19 11:56 -------- d-----w- c:\documents and settings\Devin Marks\Local Settings\Application Data\Help
2010-10-19 11:51 . 2010-10-19 11:51 -------- d-----w- c:\program files\CCleaner
2010-10-19 11:26 . 2010-10-19 11:27 -------- d-----w- c:\documents and settings\Devin Marks\Application Data\Resource Tuner
2010-10-19 11:26 . 2010-10-19 11:26 -------- d-----w- c:\program files\Resource Tuner
2010-10-19 10:29 . 2010-10-19 13:04 -------- d-----w- c:\program files\bisquick
2010-10-19 10:06 . 2010-10-19 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-19 10:06 . 2010-10-19 10:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-19 08:20 . 2010-10-19 08:20 -------- d-----w- c:\program files\Alwil Software
2010-10-19 07:49 . 2010-10-19 07:41 2864 ----a-w- c:\windows\system32\wsock.txt
2010-10-19 06:39 . 2010-10-19 06:39 388096 ----a-r- c:\documents and settings\Devin Marks\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-19 04:36 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-10-19 04:36 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-10-19 04:21 . 2010-10-19 04:21 -------- d--h--w- c:\windows\PIF
2010-10-19 03:54 . 2010-10-19 03:54 -------- d-----w- c:\windows\system32\Trend Micro
2010-10-19 03:51 . 2010-10-19 03:51 -------- d-----w- c:\windows\Trend Micro
2010-10-19 03:49 . 2010-10-19 03:49 -------- d-----w- c:\program files\Trend Micro
2010-10-19 00:08 . 2010-10-19 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-18 23:15 . 2010-10-18 23:15 -------- d-----w- c:\program files\MSSOAP
2010-10-18 23:08 . 2010-10-18 23:14 -------- d-----w- c:\documents and settings\Administrator
2010-10-17 19:08 . 2010-10-17 19:08 -------- d-----w- c:\program files\Webroot
2010-10-17 17:56 . 2010-10-17 17:56 -------- d-----w- c:\documents and settings\Devin Marks\Application Data\Malwarebytes
2010-10-17 17:56 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-17 17:56 . 2010-10-19 23:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-17 17:56 . 2010-10-17 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-17 17:56 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-16 22:46 . 2010-10-16 22:46 -------- d-----w- c:\windows\system32\LogFiles
2010-10-10 22:31 . 2010-10-10 22:32 -------- d-----w- c:\documents and settings\Devin Marks\tmp
2010-10-01 05:09 . 2010-10-01 05:09 -------- d-----w- c:\program files\iPod
2010-10-01 05:09 . 2010-10-01 05:10 -------- d-----w- c:\program files\iTunes
2010-10-01 05:07 . 2010-10-01 05:07 -------- d-----w- c:\program files\Bonjour
2010-09-23 20:48 . 2005-01-20 01:48 8192 ----a-w- c:\program files\Mozilla Firefox\plugins\npiPLATO_22.dll
2010-09-23 20:48 . 2005-01-20 01:48 8192 ----a-w- c:\program files\Internet Explorer\Plugins\npiPLATO_22.dll
2010-09-23 20:48 . 2002-04-18 13:39 8192 ----a-w- c:\program files\Mozilla Firefox\plugins\npipcd3.dll
2010-09-23 20:48 . 2002-04-18 13:39 8192 ----a-w- c:\program files\Internet Explorer\Plugins\npipcd3.dll
2010-09-23 20:48 . 2010-09-23 20:53 -------- d-----w- c:\windows\PWLN
2010-09-23 20:48 . 1999-09-22 20:56 32768 ----a-w- c:\windows\system32\PHONETIC.FON

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-07-11 466944]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-07-21 442460]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Lexmark 4200 Series"="c:\program files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 57344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/19/2010 9:16 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/19/2010 9:16 AM 17744]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [3/23/2010 3:21 AM 108160]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [3/23/2010 3:25 AM 160256]
R3 vbmadd74;Virtual Bus for Microsoft ACPI-Compliant System;c:\windows\system32\drivers\vbmadd74.sys [4/14/2008 7:00 AM 18688]
S0 cerc6;cerc6; [x]
S3 DFBCFDBA;DFBCFDBA; [x]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-10-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-10-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-06-10 22:28]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Devin Marks\Application Data\Mozilla\Firefox\Profiles\ncmgdi9m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.golfwrx.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16046&locale=en_US&q=
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\Mozilla Firefox\plugins\npipcd3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npiPLATO_22.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.
Completion time: 2010-10-20 22:10:04
ComboFix-quarantined-files.txt 2010-10-21 03:10

Pre-Run: 281,109,565,440 bytes free
Post-Run: 281,076,121,600 bytes free

- - End Of File - - A90DA4D17F787572E38E75B5675AD1E1

 

[Broni]

Yeah, you told me about Mac and I didn't know some other computer is connecting, no problem.
We'll investigate...

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\drivers\vbmadd74.sys


Driver::
vbmadd74
cerc6
DFBCFDBA

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[madogmurpy]

ComboFix 10-10-20.01 - Devin Marks 10/20/2010 22:33:09.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.3104 [GMT -5:00]
Running from: c:\documents and settings\Devin Marks\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Devin Marks\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\system32\drivers\vbmadd74.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\vbmadd74.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_DFBCFDBA
-------\Service_vbmadd74


((((((((((((((((((((((((( Files Created from 2010-09-21 to 2010-10-21 )))))))))))))))))))))))))))))))
.

2010-10-19 21:45 . 2010-10-19 21:45 -------- d-----w- c:\documents and settings\mat
2010-10-19 20:22 . 2008-04-14 12:00 55972 ----a-w- c:\windows\system32\IPNAT.SYs
2010-10-19 20:21 . 2010-10-19 20:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-10-19 20:13 . 2008-04-14 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
2010-10-19 14:16 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-10-19 14:16 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-10-19 14:16 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-10-19 14:16 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-10-19 14:16 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-10-19 14:16 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-10-19 14:16 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-10-19 14:16 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
2010-10-19 14:16 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-10-19 13:06 . 2010-10-19 13:19 -------- d-----w- c:\program files\Spybot
2010-10-19 11:56 . 2010-10-19 11:56 -------- d-----w- c:\documents and settings\Devin Marks\Local Settings\Application Data\Help
2010-10-19 11:51 . 2010-10-19 11:51 -------- d-----w- c:\program files\CCleaner
2010-10-19 11:26 . 2010-10-19 11:27 -------- d-----w- c:\documents and settings\Devin Marks\Application Data\Resource Tuner
2010-10-19 11:26 . 2010-10-19 11:26 -------- d-----w- c:\program files\Resource Tuner
2010-10-19 10:29 . 2010-10-19 13:04 -------- d-----w- c:\program files\bisquick
2010-10-19 10:06 . 2010-10-19 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-19 10:06 . 2010-10-19 10:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-19 08:20 . 2010-10-19 08:20 -------- d-----w- c:\program files\Alwil Software
2010-10-19 07:49 . 2010-10-19 07:41 2864 ----a-w- c:\windows\system32\wsock.txt
2010-10-19 06:39 . 2010-10-19 06:39 388096 ----a-r- c:\documents and settings\Devin Marks\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-19 04:36 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-10-19 04:36 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-10-19 04:21 . 2010-10-19 04:21 -------- d--h--w- c:\windows\PIF
2010-10-19 03:54 . 2010-10-19 03:54 -------- d-----w- c:\windows\system32\Trend Micro
2010-10-19 03:51 . 2010-10-19 03:51 -------- d-----w- c:\windows\Trend Micro
2010-10-19 03:49 . 2010-10-19 03:49 -------- d-----w- c:\program files\Trend Micro
2010-10-19 00:08 . 2010-10-19 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-10-18 23:15 . 2010-10-18 23:15 -------- d-----w- c:\program files\MSSOAP
2010-10-18 23:08 . 2010-10-18 23:14 -------- d-----w- c:\documents and settings\Administrator
2010-10-17 19:08 . 2010-10-17 19:08 -------- d-----w- c:\program files\Webroot
2010-10-17 17:56 . 2010-10-17 17:56 -------- d-----w- c:\documents and settings\Devin Marks\Application Data\Malwarebytes
2010-10-17 17:56 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-17 17:56 . 2010-10-19 23:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-17 17:56 . 2010-10-17 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-17 17:56 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-16 22:46 . 2010-10-16 22:46 -------- d-----w- c:\windows\system32\LogFiles
2010-10-10 22:31 . 2010-10-10 22:32 -------- d-----w- c:\documents and settings\Devin Marks\tmp
2010-10-01 05:09 . 2010-10-01 05:09 -------- d-----w- c:\program files\iPod
2010-10-01 05:09 . 2010-10-01 05:10 -------- d-----w- c:\program files\iTunes
2010-10-01 05:07 . 2010-10-01 05:07 -------- d-----w- c:\program files\Bonjour
2010-09-23 20:48 . 2005-01-20 01:48 8192 ----a-w- c:\program files\Mozilla Firefox\plugins\npiPLATO_22.dll
2010-09-23 20:48 . 2005-01-20 01:48 8192 ----a-w- c:\program files\Internet Explorer\Plugins\npiPLATO_22.dll
2010-09-23 20:48 . 2002-04-18 13:39 8192 ----a-w- c:\program files\Mozilla Firefox\plugins\npipcd3.dll
2010-09-23 20:48 . 2002-04-18 13:39 8192 ----a-w- c:\program files\Internet Explorer\Plugins\npipcd3.dll
2010-09-23 20:48 . 2010-09-23 20:53 -------- d-----w- c:\windows\PWLN
2010-09-23 20:48 . 1999-09-22 20:56 32768 ----a-w- c:\windows\system32\PHONETIC.FON

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2010-10-21_03.08.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-21 03:36 . 2010-10-21 03:36 16384 c:\windows\Temp\Perflib_Perfdata_7f0.dat
+ 2010-10-21 03:36 . 2010-10-21 03:36 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
+ 2010-10-19 20:14 . 2010-10-21 03:36 214786 c:\windows\system32\inetsrv\MetaBase.bin
- 2010-10-19 20:14 . 2010-10-21 03:02 214786 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-07-11 466944]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-07-21 442460]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Lexmark 4200 Series"="c:\program files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 57344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/19/2010 9:16 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/19/2010 9:16 AM 17744]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [3/23/2010 3:21 AM 108160]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [3/23/2010 3:25 AM 160256]
S0 cerc6;cerc6; [x]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-10-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-10-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-06-10 22:28]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Devin Marks\Application Data\Mozilla\Firefox\Profiles\ncmgdi9m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.golfwrx.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16046&locale=en_US&q=
FF - prefs.js: network.proxy.type - 4

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\idt\xpm09_6047v002\wdm\STacSV.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\snmp.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lexmark 4200 Series\lxbmbmon.exe
.
**************************************************************************
.
Completion time: 2010-10-20 22:38:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-21 03:38
ComboFix2.txt 2010-10-21 03:10

Pre-Run: 281,078,525,952 bytes free
Post-Run: 280,987,451,392 bytes free

- - End Of File - - 7EDBB8E04F65DD9C6F45289FE0073D3D

 

[Broni]

1. Click Start>Run (Start>"Start search" in Vista).

2. Type in (or copy and paste):

cmd /c ping google.com>%temp%\$.$&notepad %temp%\$.$

and press Enter.

3. Notepad will open.

4. Copy all text in Notepad ([Ctrl-A], then [Ctrl-C]), and then post it (paste = [Ctrl-V]) in your next reply.

=======================================================================

Go Start>Run ("Start search" in Vista), type in:
cmd
Click OK (hit Enter in Vista).

At Command Prompt, paste this:
ipconfig /all>c:\ipconfig_all.txt&notepad c:\ipconfig_all.txt&exit
Hit Enter.

Copy and paste what you see in Notepad into a Reply here.

 

[madogmurpy]

Ping request could not find host google.com. Please check the name and try again.

 

[Broni]

Go on with the second one.

 

[madogmurpy]

Windows IP Configuration



Host Name . . . . . . . . . . . . : DEVINSLAPTOP

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN

Physical Address. . . . . . . . . : 00-22-FB-30-29-F4

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.2

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::222:fbff:fe30:29f4%5

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Lease Obtained. . . . . . . . . . : Wednesday, October 20, 2010 10:50:33 PM

Lease Expires . . . . . . . . . . : Thursday, October 21, 2010 10:50:33 PM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%4

Default Gateway . . . . . . . . . :

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-01-02

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.2%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled

 

[Broni]

All settings seems to be correct.

Do you have ant errors in Device Mamager?

Did you try wired connection?

 

[madogmurpy]

Non-Plug and Play Drivers

Serial- Device not present, working, or does not have all drivers installed
Parport- Device not present, working, or does not have all drivers installed


System Devices
[cmz vmkd] Virtual Bus- Device configuration info is incomplete or damaged


Other Devices
SM Bus Controller- Drivers not installed

Plugged directly into the router and still connected but no internet. Also just tried connecting directly to the cable modem, still nothing.

 

[Broni]

Let's try some basic troubleshooting....

Make sure, your computer is set to obtain IP address automatically.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol (TCP/IP), make sure it is checked, and then click Properties
6. Click Obtain an IP Address Automatically, and then click OK.

If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

If that doesn't work, bypass router, and connect computer straight to the modem.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Restart computer.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.


If that doesn't work...
Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista)
Restart computer, and check again.

If that doesn't work...
Download Dial-A-Fix (DAF) (doesn't work in Vista):
http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

Have XP CD available in case DAF needs a file. Likely not!

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here, one at a time, do the below:

Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking

Watch for any File not found or other errors and make note as this may lead to the fix!

Restart computer.

 

[madogmurpy]

Hellloooo netsh.exe could not be started because framedyn.dll was not found. This is new. I'll try to reinstall the dnl file via the windows reinstall disc. In the meantime nothing above the netsh commands worked.

 

[Broni]

I'll try to reinstall the dnl file via the windows reinstall disc

Let me know...