TechSpot

From AntiVirus2010 to Server Not Found

By madogmurpy
Oct 19, 2010
  1. So as of last night I have been on a near 24 hour debugging/learning binge attempting to cleanse my roommate's computer of the trillions of malware and Trojan programs he HAD on his laptop. I believe I managed to clean his system very thoroughly, though I can't be certain. 24 hours ago I didn't know a damn thing about wiping spy ware except how to press full system scan.

    Anyway to the point, I'm praying this is the last step of this process which is to simply connect his internet. Here is the tricky part, his laptop is connected to our Netgear router AND has internet access (proven by the fact I can download Avast updates), but when I try opening any web browser I get the server not found error. Ipconfig /all returns with 192.168.1.2 which I made his designated address via the router (mine is 192.168.1.3). Dhcp is set to auto and his DNS server is returning 192.168.1.1.

    This is the part where I'm totally lost. I've tried about every setting I know via Wireless Networks>Properties>Tcp, renaming his computer and network group, rebooting the router, updating the router's firmware, updating his wireless card driver, rolling back said driver, CMD /K SC QC DHCP, checking AFD NetBios and TcIP in the Reg, the cmd netsh reset, and likely tons of other hot fixes I found online that I'm forgetting to mention.

    As far as removing the malware goes I installed Avast, Spybot SnD, Malwarebyte, HiJackThis, and CCleaner along with another Regfix I can't recall the name of. I even installed a .txt to .dll program because for the first half of the process everytime I rebooted the laptop everything in quarantine would get released and every Antivirus program I installed would be deleted from the Reg and need to be reinstalled (Thanks much, AntiVirus2010).

    I won't ramble much more, I'm interested in hearing what you pros think. If you need HijackThis logs or something of the sort just post and I'll get back to you ASAP. Thanks in advance :)


    System Info-
    Microsoft Windows XP Professional Version 2002 SP3
    Pentium Dual-Core CPU T4200@2Ghz
    3.46GB Ram
    Intel WiFi Link 5100 AGN Internal Wireless Card

    Of note in Device Manager>Non-Plug and Play>Parport and Serial have the yellow exclamation mark with Code24 (This device is not present, is not working properly, or does not have all its drivers installed.) All other N-P and Play Drivers are working fine.

    Also under MyComputer>Properties>Environment Variables, the Path variable lead to a Quicktime directory, I changed that to C:\WINDOWS\system32;C:\WINDOWS.

    Edit: I'm working on getting the logs from his laptop to mine at the moment. I do read stickies :D
     
  2. madogmurpy

    madogmurpy TS Rookie Topic Starter Posts: 28

    Here are the logs.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4886

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 6.0.2900.5512

    10/19/2010 7:00:39 PM
    mbam-log-2010-10-19 (19-00-39).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 184925
    Time elapsed: 34 minute(s), 50 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:03:41 PM, on 10/19/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\idt\xpm09_6047v002\wdm\STacSV.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\AESTFltr.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
    C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot\TeaTimer.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\All Users\Desktop\Trend Micro\winlogon.exe\winlogon.exe

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\xpm09_6047v002\wdm\STacSV.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (file missing)
    O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

    --
    End of file - 6371 bytes


    GMER 1.0.15.15477 - http://www.gmer.net
    Rootkit scan 2010-10-19 19:28:59
    Windows 5.1.2600 Service Pack 3
    Running: xhmc5y02.exe; Driver: C:\DOCUME~1\DEVINM~1\LOCALS~1\Temp\awtyipow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8A883270 ZwAllocateVirtualMemory
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0x9D8CBCF0] <-- ROOTKIT !!!
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0x9D8CBBAC] <-- ROOTKIT !!!
    SSDT 8A8748E8 ZwCreateProcess
    SSDT 8A880EB8 ZwCreateProcessEx
    SSDT 8A8578B8 ZwCreateThread
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0x9D8CC160] <-- ROOTKIT !!!
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0x9D8CC08A] <-- ROOTKIT !!!
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0x9D8CB782] <-- ROOTKIT !!!
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0x9D8CBC86] <-- ROOTKIT !!!
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0x9D8CB6C2] <-- ROOTKIT !!!
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0x9D8CB726] <-- ROOTKIT !!!
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0x9D8CBDA6] <-- ROOTKIT !!!
    SSDT 8A85C138 ZwQueueApcThread
    SSDT 8A875240 ZwReadVirtualMemory
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0x9D8CC22E] <-- ROOTKIT !!!
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0x9D8CBD66] <-- ROOTKIT !!!
    SSDT 8A8805B8 ZwSetContextThread
    SSDT 8A8562E8 ZwSetInformationKey
    SSDT 8A875B10 ZwSetInformationProcess
    SSDT 8A880C80 ZwSetInformationThread
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0x9D8CBEE6] <-- ROOTKIT !!!
    SSDT 8A883450 ZwSuspendProcess
    SSDT 8A87F1C8 ZwSuspendThread
    SSDT 8A875980 ZwTerminateProcess
    SSDT 8A881240 ZwTerminateThread
    SSDT 8A82B1A0 ZwWriteVirtualMemory

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x9D8D89D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x9D8D8B0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2CA0 8050453C 8 Bytes CALL 38DACC89
    .text ntkrnlpa.exe!ZwCallbackReturn + 2F6C 80504808 4 Bytes CALL 6EDACD6F
    PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP 9D8D8B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!NtCreateSection 805AB38E 7 Bytes JMP 9D8D89D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC502 5 Bytes JMP 9D8D45D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805C2F86 5 Bytes JMP 9D8D5FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1572] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 8A8579F0
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 8A890208
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 8A890208
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 8A8579F0
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 8A8579F0
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 8A890208
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 8A890208
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 8A8579F0
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 8A890208
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 8A8579F0
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 8A890208
    IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] 8A890208
    IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] 8A8579F0
    IAT \SystemRoot\system32\DRIVERS\atmarpc.sys[NDIS.SYS!NdisRegisterProtocol] 8A890208
    IAT \SystemRoot\system32\DRIVERS\atmarpc.sys[NDIS.SYS!NdisDeregisterProtocol] 8A8579F0
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 8A890208
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 8A8579F0

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
    IAT C:\WINDOWS\system32\services.exe[848] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \Driver\Tcpip \Device\Ip 89BD46E8
    Device \Driver\Tcpip \Device\Ip 85C15820
    Device \Driver\Tcpip \Device\Ip 85F17460
    Device \Driver\Tcpip \Device\Ip 85DE1238
    Device \Driver\Tcpip \Device\Ip 85E2CB90

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\Tcpip \Device\Tcp 89BD46E8
    Device \Driver\Tcpip \Device\Tcp 85C15820
    Device \Driver\Tcpip \Device\Tcp 85F17460
    Device \Driver\Tcpip \Device\Tcp 85DE1238
    Device \Driver\Tcpip \Device\Tcp 85E2CB90

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\Tcpip \Device\Udp 89BD46E8
    Device \Driver\Tcpip \Device\Udp 85C15820
    Device \Driver\Tcpip \Device\Udp 85F17460
    Device \Driver\Tcpip \Device\Udp 85DE1238
    Device \Driver\Tcpip \Device\Udp 85E2CB90

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\Tcpip \Device\RawIp 89BD46E8
    Device \Driver\Tcpip \Device\RawIp 85C15820
    Device \Driver\Tcpip \Device\RawIp 85F17460
    Device \Driver\Tcpip \Device\RawIp 85DE1238
    Device \Driver\Tcpip \Device\RawIp 85E2CB90

    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\Tcpip \Device\IPMULTICAST 89BD46E8
    Device \Driver\Tcpip \Device\IPMULTICAST 85C15820
    Device \Driver\Tcpip \Device\IPMULTICAST 85F17460
    Device \Driver\Tcpip \Device\IPMULTICAST 85DE1238
    Device \Driver\Tcpip \Device\IPMULTICAST 85E2CB90

    ---- Services - GMER 1.0.15 ----

    Service (*** hidden *** ) [MANUAL] vbmadd74 <-- ROOTKIT !!!

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\vbmadd74@Start 3
    Reg HKLM\SYSTEM\CurrentControlSet\Services\vbmadd74@Type 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\vbmadd74@ErrorControl 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\vbmadd74@DisplayName Virtual Bus for Microsoft ACPI-Compliant System
    Reg HKLM\SYSTEM\ControlSet002\Services\vbmadd74@Start 3
    Reg HKLM\SYSTEM\ControlSet002\Services\vbmadd74@Type 1
    Reg HKLM\SYSTEM\ControlSet002\Services\vbmadd74@ErrorControl 1
    Reg HKLM\SYSTEM\ControlSet002\Services\vbmadd74@DisplayName Virtual Bus for Microsoft ACPI-Compliant System

    ---- EOF - GMER 1.0.15 ----
     
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

  4. madogmurpy

    madogmurpy TS Rookie Topic Starter Posts: 28

    DDS (Ver_10-10-10.03) - NTFSx86
    Run by Devin Marks at 20:07:11.01 on Tue 10/19/2010
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_18
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.3026 [GMT -5:00]

    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\idt\xpm09_6047v002\wdm\STacSV.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\AESTFltr.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
    C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Documents and Settings\Devin Marks\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot\TeaTimer.exe
    mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Lexmark 4200 Series] "c:\program files\lexmark 4200 series\lxbmbmgr.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
    Notify: igfxcui - igfxdev.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\devinm~1\applic~1\mozilla\firefox\profiles\ncmgdi9m.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.golfwrx.com/
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16046&locale=en_US&q=
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\mozilla firefox\plugins\npipcd3.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npiPLATO_22.dll
    FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    ============= SERVICES / DRIVERS ===============

    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-19 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-19 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-19 40384]
    R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-3-23 108160]
    R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2010-3-23 160256]
    S0 cerc6;cerc6; [x]
    S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;"c:\program files\webroot\webrootsecurity\spysweeper.exe" --> c:\program files\webroot\webrootsecurity\SpySweeper.exe [?]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-19 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-19 40384]
    S3 DFBCFDBA;DFBCFDBA; [x]
    S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

    =============== Created Last 30 ================

    2010-10-19 20:58:32 -------- d-----w- c:\windows\pss
    2010-10-19 20:22:39 55972 ----a-w- c:\windows\system32\IPNAT.SYs
    2010-10-19 20:13:56 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
    2010-10-19 14:16:51 38848 ----a-w- c:\windows\avastSS.scr
    2010-10-19 13:06:36 -------- d-----w- c:\program files\Spybot
    2010-10-19 11:56:17 -------- d-----w- c:\docume~1\devinm~1\locals~1\applic~1\Help
    2010-10-19 11:51:25 -------- d-----w- c:\program files\CCleaner
    2010-10-19 11:26:49 -------- d-----w- c:\docume~1\devinm~1\applic~1\Resource Tuner
    2010-10-19 11:26:39 -------- d-----w- c:\program files\Resource Tuner
    2010-10-19 10:29:43 -------- d-----w- c:\program files\bisquick
    2010-10-19 10:06:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-10-19 10:06:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-10-19 06:39:36 388096 ----a-r- c:\docume~1\devinm~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2010-10-19 06:12:43 -------- d-----w- c:\windows\system32\appmgmt
    2010-10-19 04:36:30 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
    2010-10-19 04:36:30 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2010-10-19 04:21:08 -------- d--h--w- c:\windows\PIF
    2010-10-19 03:54:45 -------- d-----w- c:\windows\system32\Trend Micro
    2010-10-19 03:51:42 -------- d-----w- c:\windows\Trend Micro
    2010-10-19 03:49:07 -------- d-----w- c:\program files\Trend Micro
    2010-10-19 00:08:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-10-18 23:15:00 -------- d-----w- c:\program files\MSSOAP
    2010-10-17 19:08:34 -------- d-----w- c:\program files\Webroot
    2010-10-17 17:56:41 -------- d-----w- c:\docume~1\devinm~1\applic~1\Malwarebytes
    2010-10-17 17:56:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-17 17:56:32 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-17 17:56:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-17 17:56:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-10-16 22:46:49 -------- d-----w- c:\windows\system32\LogFiles
    2010-10-10 22:31:56 -------- d-----w- c:\documents and settings\devin marks\tmp
    2010-10-01 05:09:52 -------- d-----w- c:\program files\iPod
    2010-10-01 05:09:49 -------- d-----w- c:\program files\iTunes
    2010-10-01 05:07:13 -------- d-----w- c:\program files\Bonjour
    2010-09-23 20:48:46 8192 ----a-w- c:\program files\mozilla firefox\plugins\npiPLATO_22.dll
    2010-09-23 20:48:46 8192 ----a-w- c:\program files\mozilla firefox\plugins\npipcd3.dll
    2010-09-23 20:48:46 8192 ----a-w- c:\program files\internet explorer\plugins\npiPLATO_22.dll
    2010-09-23 20:48:46 8192 ----a-w- c:\program files\internet explorer\plugins\npipcd3.dll
    2010-09-23 20:48:44 32768 ----a-w- c:\windows\system32\PHONETIC.FON
    2010-09-23 20:48:44 -------- d-----w- c:\windows\PWLN

    ==================== Find3M ====================

    2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
    2010-09-09 14:16:29 81920 ----a-w- c:\windows\system32\ieencode.dll
    2010-09-08 16:49:49 369664 ----a-w- c:\windows\system32\html.iec
    2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
    2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
    2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-07-27 23:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-07-27 23:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe

    ============= FINISH: 20:07:33.00 ===============





    DDS (Ver_10-10-10.03)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 3/23/2010 3:08:14 AM
    System Uptime: 10/19/2010 5:11:22 PM (3 hours ago)

    Motherboard: Dell Inc. | | 0G848F
    Processor: Intel Pentium III Xeon processor | Microprocessor | 1995/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 288 GiB total, 261.844 GiB free.
    E: is CDROM (UDF)

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) WiFi Link 5100 AGN
    Device ID: PCI\VEN_8086&DEV_4232&SUBSYS_13218086&REV_00\4&1CD20F91&0&00E1
    Manufacturer: Intel Corporation
    Name: Intel(R) WiFi Link 5100 AGN
    PNP Device ID: PCI\VEN_8086&DEV_4232&SUBSYS_13218086&REV_00\4&1CD20F91&0&00E1
    Service: NETw5x32

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
    Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_02AA1028&REV_13\4&243EA0D2&0&00E2
    Manufacturer: Marvell
    Name: Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
    PNP Device ID: PCI\VEN_11AB&DEV_4354&SUBSYS_02AA1028&REV_13\4&243EA0D2&0&00E2
    Service: yukonwxp

    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: SM Bus Controller
    Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02AA1028&REV_03\3&61AAA01&0&FB
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02AA1028&REV_03\3&61AAA01&0&FB
    Service:

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.2
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    avast! Free Antivirus
    Bonjour
    CCleaner
    Dell Resource CD
    DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
    HiJackThis
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    IDT Audio
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless WiFi Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 18
    Lexmark 4200 Series
    LimeWire 5.5.7
    Malwarebytes' Anti-Malware
    Marvell Miniport Driver
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    MobileMe Control Panel
    Mozilla Firefox (3.6.10)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    PLATO Web Learning Network Clients
    QuickTime
    Realtek Card Reader
    Resource Tuner 1.99 R6
    Safari
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2183461)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360131)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982381)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Spy Sweeper Core
    Spybot - Search & Destroy
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    USB2.0 Card Reader Software
    VLC media player 1.0.5
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Xilisoft DVD Ripper Ultimate

    ==== Event Viewer Messages From Past Week ========

    10/19/2010 8:38:39 AM, error: Service Control Manager [7031] - The Remote Registry service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    10/19/2010 8:38:16 AM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
    10/19/2010 8:37:53 AM, error: Service Control Manager [7034] - The Marvell Yukon Service service terminated unexpectedly. It has done this 1 time(s).
    10/19/2010 2:38:57 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    10/18/2010 7:07:31 PM, error: Service Control Manager [7001] - The ATM ARP Client Protocol service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/18/2010 7:06:26 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    10/18/2010 7:06:21 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/18/2010 11:39:33 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
    10/18/2010 11:35:15 PM, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    10/18/2010 11:34:19 PM, error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    10/17/2010 2:33:38 PM, error: Service Control Manager [7024] - The Bonjour Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
    10/17/2010 2:33:38 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147952506 (0x8007277A).
    10/17/2010 2:33:38 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The requested service provider could not be loaded or initialized.
    10/17/2010 2:33:38 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The requested service provider could not be loaded or initialized.
    10/17/2010 2:33:38 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: %%2147952506
    10/17/2010 2:33:26 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file '80000002.sys' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
    10/17/2010 2:11:49 PM, error: Service Control Manager [7000] - The Webroot Spy Sweeper Engine service failed to start due to the following error: Access is denied.
    10/17/2010 2:11:49 PM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service WebrootSpySweeperService with arguments "" in order to run the server: {1281A68F-9E75-418F-B3AC-D5B23DD86408}
    10/17/2010 2:11:17 PM, error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
    10/17/2010 2:10:58 PM, error: LDMS [3023] - The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\ide#cdromoptiarc_dvd+-rw_ad-7560s________________sd03____#4&3c2934d&0&0.1.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 2.
    10/17/2010 2:10:53 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file '000000c0.sym' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
    10/16/2010 5:33:18 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000010' while processing the file 'L' on the volume 'ACPI#PNP0303#2&da1a3ff&0'. It has stopped monitoring the volume.
    10/15/2010 1:06:11 PM, error: Dhcp [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0022FB3029F4 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).

    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Thank you :)

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  6. madogmurpy

    madogmurpy TS Rookie Topic Starter Posts: 28

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x00000014

    Kernel Drivers (total 122):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA0B8000 sshrmd.sys
    0xBA0C8000 ssfs0bbc.sys
    0xB9F3A000 ssidrv.sys
    0xB9F0D000 \WINDOWS\system32\DRIVERS\NDIS.SYS
    0xBA328000 \WINDOWS\system32\DRIVERS\TDI.SYS
    0xBA4BC000 compbatt.sys
    0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xBA0D8000 MountMgr.sys
    0xB9EEE000 ftdisk.sys
    0xBA5AC000 dmload.sys
    0xB9EC8000 dmio.sys
    0xBA330000 PartMgr.sys
    0xBA0E8000 VolSnap.sys
    0xB9DEF000 iastor.sys
    0xBA0F8000 disk.sys
    0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9DCF000 fltMgr.sys
    0xB9DB8000 KSecDD.sys
    0xB9D2B000 Ntfs.sys
    0xB9D11000 Mup.sys
    0xBA710000 \SystemRoot\System32\Drivers\vbmadd74.SYS
    0xB9CD1000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0xB89E1000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
    0xB89CD000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xBA3A8000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB89A9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA3B0000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB8981000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xBA208000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xBA350000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA390000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xBA218000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xBA228000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xBA238000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB6E7F000 \SystemRoot\system32\DRIVERS\ks.sys
    0xBA398000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0xB9750000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xB974C000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0xBA248000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xBA7B6000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xBA258000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB9748000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB6E68000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xBA268000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xBA278000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xB6E2F000 \SystemRoot\system32\DRIVERS\psched.sys
    0xBA288000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA3D0000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA3D8000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xB7D82000 \SystemRoot\System32\Drivers\pcouffin.sys
    0xB2C5F000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xB6DD9000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA62C000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB2BED000 \SystemRoot\system32\DRIVERS\update.sys
    0xB7C7C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB6DC9000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xB6DA9000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xBA630000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xA27D9000 \SystemRoot\system32\drivers\sthda.sys
    0xA27B5000 \SystemRoot\system32\drivers\portcls.sys
    0xB6D59000 \SystemRoot\system32\drivers\drmk.sys
    0xA279A000 \SystemRoot\system32\drivers\AESTAud.sys
    0xBA638000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA6EB000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA63A000 \SystemRoot\System32\Drivers\Beep.SYS
    0xBA468000 \SystemRoot\System32\drivers\vga.sys
    0xBA63C000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA63E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBA4B0000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA388000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xB3CA1000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA2307000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA22AE000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xB3D1A000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0xA2288000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xA2238000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xB3D0A000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xA2200000 \SystemRoot\system32\DRIVERS\tcpip6.sys
    0xA21DE000 \SystemRoot\System32\drivers\afd.sys
    0xB3CFA000 \SystemRoot\system32\DRIVERS\Ip6Fw.sys
    0xB3CEA000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xA115E000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x9FA86000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA1537000 \SystemRoot\System32\Drivers\Fips.SYS
    0x9D8EA000 \SystemRoot\System32\Drivers\RTS5121.sys
    0x9D8C3000 \SystemRoot\System32\Drivers\aswSP.SYS
    0xBA380000 \SystemRoot\System32\Drivers\Aavmker4.SYS
    0x99AB8000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0x986DD000 \SystemRoot\System32\Drivers\dump_iastor.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0x98FBF000 \SystemRoot\System32\drivers\Dxapi.sys
    0x99766000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xA0356000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF024000 \SystemRoot\System32\igxpgd32.dll
    0xBF012000 \SystemRoot\System32\igxprd32.dll
    0xBF058000 \SystemRoot\System32\igxpdv32.DLL
    0xBF297000 \SystemRoot\System32\igxpdx32.DLL
    0xB9CCD000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0xBA138000 \SystemRoot\system32\DRIVERS\atmarpc.sys
    0xBA5A0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x98686000 \SystemRoot\System32\Drivers\aswMon2.SYS
    0x98581000 \SystemRoot\system32\drivers\wdmaud.sys
    0x9F332000 \SystemRoot\system32\drivers\sysaudio.sys
    0x98256000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0x9974E000 \SystemRoot\System32\drivers\aspi32.sys
    0x9810E000 \SystemRoot\system32\DRIVERS\srv.sys
    0x97DAD000 \SystemRoot\System32\Drivers\HTTP.sys
    0x99726000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x97A51000 \SystemRoot\System32\Drivers\Udfs.SYS
    0x97A3A000 \??\C:\DOCUME~1\DEVINM~1\LOCALS~1\Temp\awtyipow.sys
    0x979CF000 \SystemRoot\system32\drivers\kmixer.sys
    0x97658000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 45):
    0 System Idle Process
    4 System
    716 C:\WINDOWS\system32\smss.exe
    780 csrss.exe
    804 C:\WINDOWS\system32\winlogon.exe
    848 C:\WINDOWS\system32\services.exe
    860 C:\WINDOWS\system32\lsass.exe
    1016 C:\WINDOWS\system32\svchost.exe
    1096 svchost.exe
    1136 C:\WINDOWS\system32\svchost.exe
    1208 svchost.exe
    1256 svchost.exe
    1572 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1796 C:\WINDOWS\system32\LEXBCES.EXE
    1824 C:\WINDOWS\system32\spoolsv.exe
    1872 C:\Program Files\IDT\XPM09_6047v002\WDM\stacsv.exe
    1884 C:\WINDOWS\system32\LEXPPS.EXE
    660 C:\WINDOWS\explorer.exe
    1156 C:\WINDOWS\system32\AESTFltr.exe
    1164 C:\Program Files\IDT\WDM\sttray.exe
    1216 C:\WINDOWS\system32\igfxtray.exe
    1224 C:\WINDOWS\system32\hkcmd.exe
    1232 C:\WINDOWS\system32\igfxpers.exe
    1240 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    1292 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1340 C:\WINDOWS\system32\igfxsrvc.exe
    1464 C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
    1512 C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
    1520 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    1860 C:\WINDOWS\system32\ctfmon.exe
    304 svchost.exe
    424 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    468 C:\Program Files\Bonjour\mDNSResponder.exe
    508 C:\WINDOWS\system32\cisvc.exe
    2100 C:\WINDOWS\system32\inetsrv\inetinfo.exe
    2144 C:\Program Files\Java\jre6\bin\jqs.exe
    2264 C:\WINDOWS\system32\snmp.exe
    2496 C:\WINDOWS\system32\svchost.exe
    2576 C:\WINDOWS\system32\rundll32.exe
    3564 alg.exe
    3660 C:\WINDOWS\system32\wscntfy.exe
    1728 C:\WINDOWS\system32\cidaemon.exe
    3904 C:\WINDOWS\system32\cidaemon.exe
    2608 C:\WINDOWS\system32\svchost.exe
    4008 C:\Documents and Settings\Devin Marks\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

    PhysicalDrive0 Model Number: TOSHIBAMK3255GSX, Rev: FG010D

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  8. madogmurpy

    madogmurpy TS Rookie Topic Starter Posts: 28

    Sleep is so good


    2010/10/20 09:09:35.0671 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
    2010/10/20 09:09:35.0671 ================================================================================
    2010/10/20 09:09:35.0671 SystemInfo:
    2010/10/20 09:09:35.0671
    2010/10/20 09:09:35.0671 OS Version: 5.1.2600 ServicePack: 3.0
    2010/10/20 09:09:35.0671 Product type: Workstation
    2010/10/20 09:09:35.0671 ComputerName: DEVINSLAPTOP
    2010/10/20 09:09:35.0687 UserName: Devin Marks
    2010/10/20 09:09:35.0687 Windows directory: C:\WINDOWS
    2010/10/20 09:09:35.0687 System windows directory: C:\WINDOWS
    2010/10/20 09:09:35.0687 Processor architecture: Intel x86
    2010/10/20 09:09:35.0687 Number of processors: 2
    2010/10/20 09:09:35.0687 Page size: 0x1000
    2010/10/20 09:09:35.0687 Boot type: Normal boot
    2010/10/20 09:09:35.0687 ================================================================================
    2010/10/20 09:09:35.0859 Initialize success
    2010/10/20 09:09:46.0406 ================================================================================
    2010/10/20 09:09:46.0406 Scan started
    2010/10/20 09:09:46.0406 Mode: Manual;
    2010/10/20 09:09:46.0406 ================================================================================
    2010/10/20 09:09:46.0734 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
    2010/10/20 09:09:46.0828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2010/10/20 09:09:46.0890 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2010/10/20 09:09:47.0046 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    2010/10/20 09:09:47.0078 AESTAud (fde8ed2c9280afb8975894aa78eef59f) C:\WINDOWS\system32\drivers\AESTAud.sys
    2010/10/20 09:09:47.0203 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
    2010/10/20 09:09:47.0390 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
    2010/10/20 09:09:47.0500 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2010/10/20 09:09:47.0531 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
    2010/10/20 09:09:47.0640 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
    2010/10/20 09:09:47.0671 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
    2010/10/20 09:09:47.0765 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
    2010/10/20 09:09:47.0812 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2010/10/20 09:09:47.0906 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
    2010/10/20 09:09:47.0953 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2010/10/20 09:09:48.0000 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2010/10/20 09:09:48.0109 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2010/10/20 09:09:48.0171 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2010/10/20 09:09:48.0250 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2010/10/20 09:09:48.0312 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    2010/10/20 09:09:48.0437 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2010/10/20 09:09:48.0500 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    2010/10/20 09:09:48.0578 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    2010/10/20 09:09:48.0671 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    2010/10/20 09:09:48.0796 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    2010/10/20 09:09:48.0921 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    2010/10/20 09:09:48.0937 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2010/10/20 09:09:48.0984 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    2010/10/20 09:09:49.0015 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    2010/10/20 09:09:49.0062 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    2010/10/20 09:09:49.0171 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    2010/10/20 09:09:49.0203 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    2010/10/20 09:09:49.0328 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    2010/10/20 09:09:49.0375 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2010/10/20 09:09:49.0453 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2010/10/20 09:09:49.0484 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2010/10/20 09:09:49.0609 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2010/10/20 09:09:49.0640 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2010/10/20 09:09:49.0718 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2010/10/20 09:09:49.0765 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2010/10/20 09:09:49.0828 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    2010/10/20 09:09:49.0984 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2010/10/20 09:09:50.0265 ialm (d1359e54d9755d28e56b17a352ab8aae) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    2010/10/20 09:09:50.0546 iastor (707c1692214b1c290271067197f075f6) C:\WINDOWS\system32\drivers\iastor.sys
    2010/10/20 09:09:50.0593 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2010/10/20 09:09:50.0750 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2010/10/20 09:09:50.0781 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2010/10/20 09:09:50.0828 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2010/10/20 09:09:50.0890 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2010/10/20 09:09:50.0937 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2010/10/20 09:09:51.0000 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2010/10/20 09:09:51.0109 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2010/10/20 09:09:51.0140 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2010/10/20 09:09:51.0234 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2010/10/20 09:09:51.0296 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    2010/10/20 09:09:51.0343 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    2010/10/20 09:09:51.0515 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2010/10/20 09:09:51.0562 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    2010/10/20 09:09:51.0656 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2010/10/20 09:09:51.0750 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2010/10/20 09:09:51.0796 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    2010/10/20 09:09:51.0937 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2010/10/20 09:09:52.0062 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2010/10/20 09:09:52.0156 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    2010/10/20 09:09:52.0203 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2010/10/20 09:09:52.0312 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2010/10/20 09:09:52.0343 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    2010/10/20 09:09:52.0390 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2010/10/20 09:09:52.0515 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
    2010/10/20 09:09:52.0531 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    2010/10/20 09:09:52.0656 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2010/10/20 09:09:52.0703 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2010/10/20 09:09:53.0015 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2010/10/20 09:09:53.0046 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    2010/10/20 09:09:53.0078 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2010/10/20 09:09:53.0203 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2010/10/20 09:09:53.0375 NETw5x32 (cfe1981a47a2f7650a1ef8917dc4d1c3) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
    2010/10/20 09:09:53.0578 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    2010/10/20 09:09:53.0625 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    2010/10/20 09:09:53.0671 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2010/10/20 09:09:53.0796 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2010/10/20 09:09:53.0812 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2010/10/20 09:09:53.0875 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    2010/10/20 09:09:53.0968 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    2010/10/20 09:09:54.0015 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2010/10/20 09:09:54.0015 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    2010/10/20 09:09:54.0109 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2010/10/20 09:09:54.0218 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
    2010/10/20 09:09:54.0359 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2010/10/20 09:09:54.0437 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    2010/10/20 09:09:54.0453 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2010/10/20 09:09:54.0531 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2010/10/20 09:09:54.0578 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2010/10/20 09:09:54.0656 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2010/10/20 09:09:54.0671 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2010/10/20 09:09:54.0703 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2010/10/20 09:09:54.0765 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2010/10/20 09:09:54.0828 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2010/10/20 09:09:54.0953 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
    2010/10/20 09:09:55.0109 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2010/10/20 09:09:55.0171 RSUSBSTOR (030442f08aec1a5d7cf035cc514374b9) C:\WINDOWS\system32\Drivers\RTS5121.sys
    2010/10/20 09:09:55.0312 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2010/10/20 09:09:55.0406 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    2010/10/20 09:09:55.0437 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2010/10/20 09:09:55.0515 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    2010/10/20 09:09:55.0640 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    2010/10/20 09:09:55.0687 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
    2010/10/20 09:09:55.0796 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys
    2010/10/20 09:09:55.0890 sshrmd (e041026dafa17af2610afc4da8f4ea14) C:\WINDOWS\system32\DRIVERS\sshrmd.sys
    2010/10/20 09:09:55.0890 ssidrv (5a40b485825cc31b3a49bb4701b30d35) C:\WINDOWS\system32\DRIVERS\ssidrv.sys
    2010/10/20 09:09:55.0984 STHDA (a6bb841c40aaa1dc692484bd3912a961) C:\WINDOWS\system32\drivers\sthda.sys
    2010/10/20 09:09:56.0046 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2010/10/20 09:09:56.0171 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    2010/10/20 09:09:56.0234 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    2010/10/20 09:09:56.0375 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2010/10/20 09:09:56.0500 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
    2010/10/20 09:09:56.0531 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2010/10/20 09:09:56.0640 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    2010/10/20 09:09:56.0671 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2010/10/20 09:09:56.0796 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
    2010/10/20 09:09:56.0828 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    2010/10/20 09:09:56.0968 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    2010/10/20 09:09:57.0109 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2010/10/20 09:09:57.0156 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2010/10/20 09:09:57.0296 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2010/10/20 09:09:57.0312 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2010/10/20 09:09:57.0437 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2010/10/20 09:09:57.0468 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2010/10/20 09:09:57.0578 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2010/10/20 09:09:57.0625 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2010/10/20 09:09:57.0625 Suspicious service (NoAccess): vbmadd74
    2010/10/20 09:09:57.0734 vbmadd74 (66682ba7fb5a55dffe8089d32d9fc927) C:\WINDOWS\system32\drivers\vbmadd74.sys
    2010/10/20 09:09:57.0750 vbmadd74 - detected Locked service (1)
    2010/10/20 09:09:57.0796 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    2010/10/20 09:09:57.0843 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    2010/10/20 09:09:57.0968 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2010/10/20 09:09:58.0125 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    2010/10/20 09:09:58.0203 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    2010/10/20 09:09:58.0359 yukonwxp (109b497d481490be0a31c390fce9bffe) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
    2010/10/20 09:09:58.0500 ================================================================================
    2010/10/20 09:09:58.0500 Scan finished
    2010/10/20 09:09:58.0500 ================================================================================
    2010/10/20 09:09:58.0515 Detected object count: 1
    2010/10/20 09:10:08.0609 Locked service(vbmadd74) - User select action: Skip
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  10. madogmurpy

    madogmurpy TS Rookie Topic Starter Posts: 28

    Combofix is asking to download Microsoft Windows Recovery Console but I do not have internet access on the PC that needs it. I'm looking for the file on the Windows XP SP3 reinstall cd but is there a way to download on my computer? I'm running Windows 7.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    So far, all I know is, that browsers don't work.
    We didn't really check, if you have connection, or not.
    Agree to install recovery console.
    If you really don't have any connection, it simply won't install.
    No harm done, for now.
     
  12. madogmurpy

    madogmurpy TS Rookie Topic Starter Posts: 28

    The scan is running now, but in the meantime my roommates friend just brought his Mac over and it too can not connect to the internet. By manually inserting the ip address 192.168.1.4 I managed to make it connect to the router (whereas on all automatic settings it would not) but still no internet connection. I'm starting to think whatever the internet problem is may have to do with the firmware the router updated to a 2-3? days ago.

    And as I typed this the scan finished and gave me the BSOD with error

    IRQL_NOT_LESS_OR_EQUAL
    STOP: 0X0000000A (0X00000076, 0X0000001C, 0X00000000, 0X804FA276)

    I'll try running again in with a normal boot, followed by safe mode if necessary.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Go ahead and you'll have to call your ISP to fix your connection.
    We'll need to run some tools, which will require internet connection, at least to get them updated.
     
  14. madogmurpy

    madogmurpy TS Rookie Topic Starter Posts: 28

    The internet problem would have to do with my ISP? That seems odd considering I'm connected to the router in question on my computer and the internet works beautifully (gaming has never been this lag free without Doofus stealing my bandwith;) ). I know this may be a long shot but is it possible my computer has a virus overloading the router? In fact the custom scan I did with Avast to scan every file/root/memory page just came back positive with 7 viruses. If you think that's not the case though I'd prefer to wait before I fix those.

    Before I go to bed I'll do a manual factory reset on the router and see if that at least gets the Mac working.

    ComboFix just finished, no BSOD this time with regular boot. Here's the log:


    ComboFix 10-10-20.01 - Devin Marks 10/20/2010 22:05:35.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.3139 [GMT -5:00]
    Running from: c:\documents and settings\Devin Marks\Desktop\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\documents and settings\All Users\Application Data\.wtav
    c:\documents and settings\Devin Marks\Application Data\inst.exe
    c:\windows\system32\Cache

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-21 to 2010-10-21 )))))))))))))))))))))))))))))))
    .

    2010-10-19 21:45 . 2010-10-19 21:45 -------- d-----w- c:\documents and settings\mat
    2010-10-19 20:22 . 2008-04-14 12:00 55972 ----a-w- c:\windows\system32\IPNAT.SYs
    2010-10-19 20:21 . 2010-10-19 20:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2010-10-19 20:13 . 2008-04-14 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
    2010-10-19 14:16 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-10-19 14:16 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-10-19 14:16 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-10-19 14:16 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-10-19 14:16 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-10-19 14:16 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-10-19 14:16 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-10-19 14:16 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-10-19 14:16 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-10-19 13:06 . 2010-10-19 13:19 -------- d-----w- c:\program files\Spybot
    2010-10-19 11:56 . 2010-10-19 11:56 -------- d-----w- c:\documents and settings\Devin Marks\Local Settings\Application Data\Help
    2010-10-19 11:51 . 2010-10-19 11:51 -------- d-----w- c:\program files\CCleaner
    2010-10-19 11:26 . 2010-10-19 11:27 -------- d-----w- c:\documents and settings\Devin Marks\Application Data\Resource Tuner
    2010-10-19 11:26 . 2010-10-19 11:26 -------- d-----w- c:\program files\Resource Tuner
    2010-10-19 10:29 . 2010-10-19 13:04 -------- d-----w- c:\program files\bisquick
    2010-10-19 10:06 . 2010-10-19 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-10-19 10:06 . 2010-10-19 10:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-10-19 08:20 . 2010-10-19 08:20 -------- d-----w- c:\program files\Alwil Software
    2010-10-19 07:49 . 2010-10-19 07:41 2864 ----a-w- c:\windows\system32\wsock.txt
    2010-10-19 06:39 . 2010-10-19 06:39 388096 ----a-r- c:\documents and settings\Devin Marks\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-10-19 04:36 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
    2010-10-19 04:36 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2010-10-19 04:21 . 2010-10-19 04:21 -------- d--h--w- c:\windows\PIF
    2010-10-19 03:54 . 2010-10-19 03:54 -------- d-----w- c:\windows\system32\Trend Micro
    2010-10-19 03:51 . 2010-10-19 03:51 -------- d-----w- c:\windows\Trend Micro
    2010-10-19 03:49 . 2010-10-19 03:49 -------- d-----w- c:\program files\Trend Micro
    2010-10-19 00:08 . 2010-10-19 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-10-18 23:15 . 2010-10-18 23:15 -------- d-----w- c:\program files\MSSOAP
    2010-10-18 23:08 . 2010-10-18 23:14 -------- d-----w- c:\documents and settings\Administrator
    2010-10-17 19:08 . 2010-10-17 19:08 -------- d-----w- c:\program files\Webroot
    2010-10-17 17:56 . 2010-10-17 17:56 -------- d-----w- c:\documents and settings\Devin Marks\Application Data\Malwarebytes
    2010-10-17 17:56 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-17 17:56 . 2010-10-19 23:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-17 17:56 . 2010-10-17 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-17 17:56 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-16 22:46 . 2010-10-16 22:46 -------- d-----w- c:\windows\system32\LogFiles
    2010-10-10 22:31 . 2010-10-10 22:32 -------- d-----w- c:\documents and settings\Devin Marks\tmp
    2010-10-01 05:09 . 2010-10-01 05:09 -------- d-----w- c:\program files\iPod
    2010-10-01 05:09 . 2010-10-01 05:10 -------- d-----w- c:\program files\iTunes
    2010-10-01 05:07 . 2010-10-01 05:07 -------- d-----w- c:\program files\Bonjour
    2010-09-23 20:48 . 2005-01-20 01:48 8192 ----a-w- c:\program files\Mozilla Firefox\plugins\npiPLATO_22.dll
    2010-09-23 20:48 . 2005-01-20 01:48 8192 ----a-w- c:\program files\Internet Explorer\Plugins\npiPLATO_22.dll
    2010-09-23 20:48 . 2002-04-18 13:39 8192 ----a-w- c:\program files\Mozilla Firefox\plugins\npipcd3.dll
    2010-09-23 20:48 . 2002-04-18 13:39 8192 ----a-w- c:\program files\Internet Explorer\Plugins\npipcd3.dll
    2010-09-23 20:48 . 2010-09-23 20:53 -------- d-----w- c:\windows\PWLN
    2010-09-23 20:48 . 1999-09-22 20:56 32768 ----a-w- c:\windows\system32\PHONETIC.FON

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-07-11 466944]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-07-21 442460]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Lexmark 4200 Series"="c:\program files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 57344]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=

    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/19/2010 9:16 AM 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/19/2010 9:16 AM 17744]
    R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [3/23/2010 3:21 AM 108160]
    R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [3/23/2010 3:25 AM 160256]
    R3 vbmadd74;Virtual Bus for Microsoft ACPI-Compliant System;c:\windows\system32\drivers\vbmadd74.sys [4/14/2008 7:00 AM 18688]
    S0 cerc6;cerc6; [x]
    S3 DFBCFDBA;DFBCFDBA; [x]
    S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-15 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

    2010-10-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-06-10 22:28]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Devin Marks\Application Data\Mozilla\Firefox\Profiles\ncmgdi9m.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.golfwrx.com/
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16046&locale=en_US&q=
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npipcd3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npiPLATO_22.dll
    FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


    .
    Completion time: 2010-10-20 22:10:04
    ComboFix-quarantined-files.txt 2010-10-21 03:10

    Pre-Run: 281,109,565,440 bytes free
    Post-Run: 281,076,121,600 bytes free

    - - End Of File - - A90DA4D17F787572E38E75B5675AD1E1
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Yeah, you told me about Mac and I didn't know some other computer is connecting, no problem.
    We'll investigate...

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\drivers\vbmadd74.sys
    
    
    Driver::
    vbmadd74
    cerc6
    DFBCFDBA
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  16. madogmurpy

    madogmurpy TS Rookie Topic Starter Posts: 28

    ComboFix 10-10-20.01 - Devin Marks 10/20/2010 22:33:09.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3546.3104 [GMT -5:00]
    Running from: c:\documents and settings\Devin Marks\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Devin Marks\Desktop\CFScript.txt
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    "c:\windows\system32\drivers\vbmadd74.sys"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\drivers\vbmadd74.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_DFBCFDBA
    -------\Service_vbmadd74


    ((((((((((((((((((((((((( Files Created from 2010-09-21 to 2010-10-21 )))))))))))))))))))))))))))))))
    .

    2010-10-19 21:45 . 2010-10-19 21:45 -------- d-----w- c:\documents and settings\mat
    2010-10-19 20:22 . 2008-04-14 12:00 55972 ----a-w- c:\windows\system32\IPNAT.SYs
    2010-10-19 20:21 . 2010-10-19 20:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2010-10-19 20:13 . 2008-04-14 12:00 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll
    2010-10-19 14:16 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-10-19 14:16 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-10-19 14:16 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-10-19 14:16 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-10-19 14:16 . 2010-09-07 14:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-10-19 14:16 . 2010-09-07 14:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-10-19 14:16 . 2010-09-07 14:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-10-19 14:16 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-10-19 14:16 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-10-19 13:06 . 2010-10-19 13:19 -------- d-----w- c:\program files\Spybot
    2010-10-19 11:56 . 2010-10-19 11:56 -------- d-----w- c:\documents and settings\Devin Marks\Local Settings\Application Data\Help
    2010-10-19 11:51 . 2010-10-19 11:51 -------- d-----w- c:\program files\CCleaner
    2010-10-19 11:26 . 2010-10-19 11:27 -------- d-----w- c:\documents and settings\Devin Marks\Application Data\Resource Tuner
    2010-10-19 11:26 . 2010-10-19 11:26 -------- d-----w- c:\program files\Resource Tuner
    2010-10-19 10:29 . 2010-10-19 13:04 -------- d-----w- c:\program files\bisquick
    2010-10-19 10:06 . 2010-10-19 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-10-19 10:06 . 2010-10-19 10:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-10-19 08:20 . 2010-10-19 08:20 -------- d-----w- c:\program files\Alwil Software
    2010-10-19 07:49 . 2010-10-19 07:41 2864 ----a-w- c:\windows\system32\wsock.txt
    2010-10-19 06:39 . 2010-10-19 06:39 388096 ----a-r- c:\documents and settings\Devin Marks\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-10-19 04:36 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
    2010-10-19 04:36 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2010-10-19 04:21 . 2010-10-19 04:21 -------- d--h--w- c:\windows\PIF
    2010-10-19 03:54 . 2010-10-19 03:54 -------- d-----w- c:\windows\system32\Trend Micro
    2010-10-19 03:51 . 2010-10-19 03:51 -------- d-----w- c:\windows\Trend Micro
    2010-10-19 03:49 . 2010-10-19 03:49 -------- d-----w- c:\program files\Trend Micro
    2010-10-19 00:08 . 2010-10-19 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-10-18 23:15 . 2010-10-18 23:15 -------- d-----w- c:\program files\MSSOAP
    2010-10-18 23:08 . 2010-10-18 23:14 -------- d-----w- c:\documents and settings\Administrator
    2010-10-17 19:08 . 2010-10-17 19:08 -------- d-----w- c:\program files\Webroot
    2010-10-17 17:56 . 2010-10-17 17:56 -------- d-----w- c:\documents and settings\Devin Marks\Application Data\Malwarebytes
    2010-10-17 17:56 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-17 17:56 . 2010-10-19 23:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-17 17:56 . 2010-10-17 17:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-17 17:56 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-16 22:46 . 2010-10-16 22:46 -------- d-----w- c:\windows\system32\LogFiles
    2010-10-10 22:31 . 2010-10-10 22:32 -------- d-----w- c:\documents and settings\Devin Marks\tmp
    2010-10-01 05:09 . 2010-10-01 05:09 -------- d-----w- c:\program files\iPod
    2010-10-01 05:09 . 2010-10-01 05:10 -------- d-----w- c:\program files\iTunes
    2010-10-01 05:07 . 2010-10-01 05:07 -------- d-----w- c:\program files\Bonjour
    2010-09-23 20:48 . 2005-01-20 01:48 8192 ----a-w- c:\program files\Mozilla Firefox\plugins\npiPLATO_22.dll
    2010-09-23 20:48 . 2005-01-20 01:48 8192 ----a-w- c:\program files\Internet Explorer\Plugins\npiPLATO_22.dll
    2010-09-23 20:48 . 2002-04-18 13:39 8192 ----a-w- c:\program files\Mozilla Firefox\plugins\npipcd3.dll
    2010-09-23 20:48 . 2002-04-18 13:39 8192 ----a-w- c:\program files\Internet Explorer\Plugins\npipcd3.dll
    2010-09-23 20:48 . 2010-09-23 20:53 -------- d-----w- c:\windows\PWLN
    2010-09-23 20:48 . 1999-09-22 20:56 32768 ----a-w- c:\windows\system32\PHONETIC.FON

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-10-21_03.08.56 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-10-21 03:36 . 2010-10-21 03:36 16384 c:\windows\Temp\Perflib_Perfdata_7f0.dat
    + 2010-10-21 03:36 . 2010-10-21 03:36 16384 c:\windows\Temp\Perflib_Perfdata_7bc.dat
    + 2010-10-19 20:14 . 2010-10-21 03:36 214786 c:\windows\system32\inetsrv\MetaBase.bin
    - 2010-10-19 20:14 . 2010-10-21 03:02 214786 c:\windows\system32\inetsrv\MetaBase.bin
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-07-11 466944]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-07-21 442460]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Lexmark 4200 Series"="c:\program files\Lexmark 4200 Series\lxbmbmgr.exe" [2004-01-16 57344]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\system32\\LEXPPS.EXE"=

    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/19/2010 9:16 AM 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/19/2010 9:16 AM 17744]
    R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [3/23/2010 3:21 AM 108160]
    R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [3/23/2010 3:25 AM 160256]
    S0 cerc6;cerc6; [x]
    S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-15 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

    2010-10-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-06-10 22:28]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Devin Marks\Application Data\Mozilla\Firefox\Profiles\ncmgdi9m.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.golfwrx.com/
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16046&locale=en_US&q=
    FF - prefs.js: network.proxy.type - 4

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\LEXBCES.EXE
    c:\windows\system32\LEXPPS.EXE
    c:\program files\idt\xpm09_6047v002\wdm\STacSV.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\System32\snmp.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Lexmark 4200 Series\lxbmbmon.exe
    .
    **************************************************************************
    .
    Completion time: 2010-10-20 22:38:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-21 03:38
    ComboFix2.txt 2010-10-21 03:10

    Pre-Run: 281,078,525,952 bytes free
    Post-Run: 280,987,451,392 bytes free

    - - End Of File - - 7EDBB8E04F65DD9C6F45289FE0073D3D
     
  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    1. Click Start>Run (Start>"Start search" in Vista).

    2. Type in (or copy and paste):

    cmd /c ping google.com>%temp%\$.$&notepad %temp%\$.$

    and press Enter.

    3. Notepad will open.

    4. Copy all text in Notepad ([Ctrl-A], then [Ctrl-C]), and then post it (paste = [Ctrl-V]) in your next reply.

    =======================================================================

    Go Start>Run ("Start search" in Vista), type in:
    cmd
    Click OK (hit Enter in Vista).

    At Command Prompt, paste this:
    ipconfig /all>c:\ipconfig_all.txt&notepad c:\ipconfig_all.txt&exit
    Hit Enter.

    Copy and paste what you see in Notepad into a Reply here.
     
  18. madogmurpy

    madogmurpy TS Rookie Topic Starter Posts: 28

    Ping request could not find host google.com. Please check the name and try again.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Go on with the second one.
     
  20. madogmurpy

    madogmurpy TS Rookie Topic Starter Posts: 28

    Windows IP Configuration



    Host Name . . . . . . . . . . . . : DEVINSLAPTOP

    Primary Dns Suffix . . . . . . . :

    Node Type . . . . . . . . . . . . : Broadcast

    IP Routing Enabled. . . . . . . . : No

    WINS Proxy Enabled. . . . . . . . : No



    Ethernet adapter Wireless Network Connection:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN

    Physical Address. . . . . . . . . : 00-22-FB-30-29-F4

    Dhcp Enabled. . . . . . . . . . . : Yes

    Autoconfiguration Enabled . . . . : Yes

    IP Address. . . . . . . . . . . . : 192.168.1.2

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    IP Address. . . . . . . . . . . . : fe80::222:fbff:fe30:29f4%5

    Default Gateway . . . . . . . . . : 192.168.1.1

    DHCP Server . . . . . . . . . . . : 192.168.1.1

    DNS Servers . . . . . . . . . . . : 192.168.1.1

    fec0:0:0:ffff::1%1

    fec0:0:0:ffff::2%1

    fec0:0:0:ffff::3%1

    Lease Obtained. . . . . . . . . . : Wednesday, October 20, 2010 10:50:33 PM

    Lease Expires . . . . . . . . . . : Thursday, October 21, 2010 10:50:33 PM



    Tunnel adapter Teredo Tunneling Pseudo-Interface:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

    Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF

    Dhcp Enabled. . . . . . . . . . . : No

    IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%4

    Default Gateway . . . . . . . . . :

    NetBIOS over Tcpip. . . . . . . . : Disabled



    Tunnel adapter Automatic Tunneling Pseudo-Interface:



    Connection-specific DNS Suffix . :

    Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

    Physical Address. . . . . . . . . : C0-A8-01-02

    Dhcp Enabled. . . . . . . . . . . : No

    IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.2%2

    Default Gateway . . . . . . . . . :

    DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

    fec0:0:0:ffff::2%1

    fec0:0:0:ffff::3%1

    NetBIOS over Tcpip. . . . . . . . : Disabled
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    All settings seems to be correct.

    Do you have ant errors in Device Mamager?

    Did you try wired connection?
     
  22. madogmurpy

    madogmurpy TS Rookie Topic Starter Posts: 28

    Non-Plug and Play Drivers

    Serial- Device not present, working, or does not have all drivers installed
    Parport- Device not present, working, or does not have all drivers installed


    System Devices
    [cmz vmkd] Virtual Bus- Device configuration info is incomplete or damaged


    Other Devices
    SM Bus Controller- Drivers not installed

    Plugged directly into the router and still connected but no internet. Also just tried connecting directly to the cable modem, still nothing.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Let's try some basic troubleshooting....

    Make sure, your computer is set to obtain IP address automatically.
    1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
    2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
    3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
    4. For a wired network connection, right-click Local Area Connection, and then select Properties.
    For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
    5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol (TCP/IP), make sure it is checked, and then click Properties
    6. Click Obtain an IP Address Automatically, and then click OK.

    If that doesn't work...
    Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
    Reconnect everything.
    Restart computer.

    If that doesn't work, bypass router, and connect computer straight to the modem.

    If that doesn't work...
    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Restart computer.

    If that doesn't work...
    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

    At Command Prompt, type in:
    netsh int ip reset reset.log
    Hit Enter.
    Type in:
    netsh winsock reset catalog
    Hit Enter.

    Restart computer.


    If that doesn't work...
    Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista)
    Restart computer, and check again.

    If that doesn't work...
    Download Dial-A-Fix (DAF) (doesn't work in Vista):
    http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

    Have XP CD available in case DAF needs a file. Likely not!

    Check all boxes on the screen (clear any restrictions if it shows any)
    Then click GO!

    When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

    Here, one at a time, do the below:

    Reinstall BITS
    Reinstall Windows Firewall
    Repair Permissions
    Reset networking

    Watch for any File not found or other errors and make note as this may lead to the fix!

    Restart computer.
     
  24. madogmurpy

    madogmurpy TS Rookie Topic Starter Posts: 28

    Hellloooo netsh.exe could not be started because framedyn.dll was not found. This is new. I'll try to reinstall the dnl file via the windows reinstall disc. In the meantime nothing above the netsh commands worked.
     
  25. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Let me know...
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...