Hey there everyone! Boy am I getting tired of these insidious viruses. Remember when virus removal was as simple as running Norton or McAfee? Now it seems like everything you get requires expert help. Fortunately, there are indeed experts, like all of you! Consider this my thanks in advance for whoever can help me get rid of this one.
I've run an AVG antivirus scan, MBAM scan, and an AdAware scan on my machine prior to coming here for help. That cleaned up a lot of sludge - about 18 infections that MBAM found over the past 3 scans - but I'm still having redirection from Google. When I tried to run full system scans, 3 out of 4 times the scan would complete halfway, then result in a BSOD - either "MEMORY_MANAGEMENT" or "IRQL_NOT_LESS_OR_EQUAL". This has occurred in both normal mode and Safe mode. The full MBAM scan was finally completed in safe mode; I have not been able to successfully complete a full AdAware scan, only a quick scan. The AVG scan does not even complete a "Scan specific files or folders" scan, so I do not have an antivirus log. Seems like this little bug will go to some extreme lengths to keep itself from being found.
Anyway, before I post the logs, here's the checklist I followed from the stickied thread - I did have one question to clear up meaning I may have done one of the scans wrong.
*I'm using AVG but can switch to Avira or Avast if those are more highly recommended. Cannot complete a scan but have tried in normal and safe modes.
**My log since starting the 8-step process on this forum had nothing in it. However, I had run MBAM previously the last couple of days in order to try to clear this up on my own, so I will attach those logs at the end of this post.
***I disabled protection from AdAware, and followed these instructions to disable AVG: http://www.ehow.com/how_5052104_disable-avg-antivirus.html. However, my log is quite short and references AVG, so I may have done this incorrectly. My apologies if that is the case.
Here are the requested logs.
MBAM:
GMER:
DDS Attach:
DDS:
And as promised, my MBAM logs that actually removed things.
Earlier today:
I've run an AVG antivirus scan, MBAM scan, and an AdAware scan on my machine prior to coming here for help. That cleaned up a lot of sludge - about 18 infections that MBAM found over the past 3 scans - but I'm still having redirection from Google. When I tried to run full system scans, 3 out of 4 times the scan would complete halfway, then result in a BSOD - either "MEMORY_MANAGEMENT" or "IRQL_NOT_LESS_OR_EQUAL". This has occurred in both normal mode and Safe mode. The full MBAM scan was finally completed in safe mode; I have not been able to successfully complete a full AdAware scan, only a quick scan. The AVG scan does not even complete a "Scan specific files or folders" scan, so I do not have an antivirus log. Seems like this little bug will go to some extreme lengths to keep itself from being found.
Anyway, before I post the logs, here's the checklist I followed from the stickied thread - I did have one question to clear up meaning I may have done one of the scans wrong.
- 1. Antivirus Software - Check!*
- 2. TFC - Check!
- 3. MBAM - Check!**
- 4. GMER - ????
- 5. DDS - Check!
*I'm using AVG but can switch to Avira or Avast if those are more highly recommended. Cannot complete a scan but have tried in normal and safe modes.
**My log since starting the 8-step process on this forum had nothing in it. However, I had run MBAM previously the last couple of days in order to try to clear this up on my own, so I will attach those logs at the end of this post.
***I disabled protection from AdAware, and followed these instructions to disable AVG: http://www.ehow.com/how_5052104_disable-avg-antivirus.html. However, my log is quite short and references AVG, so I may have done this incorrectly. My apologies if that is the case.
Here are the requested logs.
MBAM:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5557
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18865
1/20/2011 8:17:36 PM
mbam-log-2011-01-20 (20-17-36).txt
Scan type: Quick scan
Objects scanned: 175706
Time elapsed: 10 minute(s), 29 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-01-20 20:25:35
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\00000032 WDC_WD16 rev.08.0
Running: 90gplgzd.exe; Driver: C:\Users\Alex\AppData\Local\Temp\kxldrpog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Ip avgtdix.sys (AVG Network connection
watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection
watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection
watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection
watcher/AVG Technologies CZ, s.r.o.)
Device \Device\00000061 -> \??\SCSI#Disk&Ven_WDC_WD16&Prod_00JB-00GVC0#4&3bad3e4&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
---- EOF - GMER 1.0.15 ----
DDS Attach:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 8/15/2009 10:18:34 PM
System Uptime: 1/20/2011 8:27:17 PM (0 hours ago)
Motherboard: ECS-USA | | GeForce6100PM-M2
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ | Socket AM2 | 2600/201mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 149 GiB total, 30.673 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 466 GiB total, 291.381 GiB free.
G: is FIXED (NTFS) - 466 GiB total, 274.972 GiB free.
I: is FIXED (NTFS) - 1863 GiB total, 918.367 GiB free.
==== Disabled Device Manager Items =============
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Belkin Wireless G Desktop Card
Device ID: PCI\VEN_1799&DEV_700F&SUBSYS_700F1799&REV_20\4&2CF26B65&0&3020
Manufacturer: Belkin Corporation
Name: Belkin Wireless G Desktop Card
PNP Device ID: PCI\VEN_1799&DEV_700F&SUBSYS_700F1799&REV_20\4&2CF26B65&0&3020
Service: BLKWGDv8
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
TWiT TV
"Champetre" template for ConvertXToDVD 3
"Christmas" template for ConvertXToDVD 3
"Film" template for ConvertXToDVD 3
Über Jedi Mod Manager
ABC Amber LIT Converter
Ad-Aware
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe After Effects CS3 Third Party Content
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Setup
Adobe Shockwave Player 11.5
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIM 7
Aimersoft Video Studio Express(Build 1.2.0.25)
Air Video Server 2.4.1
AJScreensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AudibleManager
AudioShell 1.3.5
Audiosurf
Auto Gordian Knot 2.55
AVG Free 9.0
AviSynth 2.5
Barnes & Noble Desktop Reader
Battlefield 2 Complete Collection
Battlefield 2142
Beyond the Red Line
BIMP Lite 1.62
BioShock 2
BitTorrent
Black and White
BlockCAD 3.19
Bonjour
Call of Duty 4: Modern Warfare
CamStudio
Camtasia Studio 6
Celestia 1.6.0
Comparator
Convert Doc
ConvertXtoDVD 3.8.0.193f
CPUID CPU-Z 1.55
Crysis(R)
dBpowerAMP Music Converter
Descent and Descent 2
Descent Manager Tools
Doctor Who - The Adventure Games 3.0
Download Manager 2.3.9
Download Updater (AOL LLC)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EA Download Manager
Easy Video Splitter 1.28
Enemy Territory - Quake Wars(TM)
ESET Online Scanner v3
Evernote
Far Cry
FeedForAll v2.0
FileZilla Client 3.3.4.1
Flash Slideshow Maker Pro 5.00
Fraps (remove only)
Free M4a to MP3 Converter 6.1
FreeSpace 2
GameShadow
GameSpy Arcade
GameSpy Comrade
Garry's Mod
GOG.com Downloader
GoldWave v5.22
GoldWave v5.52
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Graphing Calculator 3D 3.1
Half-Life
Half-Life: Blue Shift
HandBrake 0.9.3
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Casino
ImgBurn
iPhone Configuration Utility
iTunes
Java(TM) 6 Update 17
Jeopardy! 2003
Knight
LAME v3.98.2 for Audacity
Left 4 Dead
Left 4 Dead 2
Logitech QuickCam
Logitech QuickCam Driver Package
LucasArts' Jedi Knight
LucasArts' X-Wing Alliance
Malwarebytes' Anti-Malware
MechWarrior 3
MechWarrior 3 Pirate's Moon
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox (3.5.11)
NET Installation Assistance for VB6 App (Runtime Only)
Notepad++
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
Opposing Force
PageNest
Pamela Pro 4.6
PDF Settings
Peggle Deluxe 1.0
Photo Story 3 for Windows
Poker Night at the Inventory
Portal
PowerISO
Pradis 6: Understanding the Bible Library 6.0
Prey
Psychonauts
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
Safari
Scrabble 2
Scrivener for Windows Beta
SecondLife (remove only)
SecondLifeViewer2 (remove only)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Silent Hunter III
Silent Hunter Wolves of the Pacific
Skype Toolbars
Skype™ 5.0
Space Quest Collection(TM)
SpaceBattle ScreenSaver 3.1
SpeedFan (remove only)
Spybot - Search & Destroy
Star Trek Elite Force II
Star Trek Legacy
Star Trek: Armada
Star Wars Battlefront
Star Wars Empire at War
Star Wars Empire at War Forces of Corruption
Star Wars Jedi Knight: Mysteries of the Sith
Star Wars JK II Jedi Outcast
Star Wars Knights of the Old Republic
Star Wars Republic Commando
Star Wars Starfighter
Starcraft
Steam
Subtitle Workshop 2.51
SUPERAntiSpyware Free Edition
System Requirements Lab
Tag - IGF Professional 2008
TalkShoe Live! 2.0
Tardis Screensaver- Widescreen
The Sims Complete Collection
TightVNC 2.0.2
TortoiseSVN 1.6.7.18415 (32 bit)
TweetDeck
TWiT Live Desktop
Ultimate Extras sounds from Microsoft® Tinker™
UltraLott Powerball and Mega Millions 1.2.6
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb976884)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.1
VobSub v2.23 (Remove Only)
WAV to MP3 Encoder
Winamp
Winamp Detector Plug-in
WinDirStat 1.1.2
Windows Sound Schemes
WinHTTrack Website Copier 3.43-9C
WinPatrol
WinRAR archiver
WordWeb
Xfire (remove only)
XfireXO Toolbar
XviD MPEG4 Video Codec (remove only)
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
1/20/2011 8:28:18 PM, Error: EventLog [6008] - The previous system shutdown at 8:22:19 PM on 1/20/2011 was unexpected.
1/20/2011 7:58:34 PM, Error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
1/20/2011 7:58:34 PM, Error: Service Control Manager [7031] - The TightVNC Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action
will be taken in 5000 milliseconds: Restart the service.
1/20/2011 7:41:57 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
1/20/2011 7:35:52 PM, Error: EventLog [6008] - The previous system shutdown at 7:16:08 PM on 1/20/2011 was unexpected.
1/20/2011 1:08:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service winmgmt with arguments "" in order to run the
server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
1/19/2011 8:52:20 PM, Error: EventLog [6008] - The previous system shutdown at 8:47:24 PM on 1/19/2011 was unexpected.
1/19/2011 8:14:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the
server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/19/2011 8:13:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the
server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/19/2011 8:13:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the
server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/19/2011 8:13:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the
server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/19/2011 8:13:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the
server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/19/2011 8:13:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run
the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/19/2011 8:13:34 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX CSC DfsC
i8042prt NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL SCDEmu Smb spldr tdx Wanarpv6
1/19/2011 8:13:34 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of
the following error: The dependency service or group failed to start.
1/19/2011 8:13:34 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed
to start because of the following error: A device attached to the system is not functioning.
1/19/2011 8:13:34 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the
following error: The dependency service or group failed to start.
1/19/2011 8:13:34 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to
start because of the following error: A device attached to the system is not functioning.
1/19/2011 8:13:34 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which
failed to start because of the following error: A device attached to the system is not functioning.
1/19/2011 8:13:34 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to
start because of the following error: The dependency service or group failed to start.
1/19/2011 8:13:34 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to
start because of the following error: The dependency service or group failed to start.
1/19/2011 8:13:34 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because
of the following error: A device attached to the system is not functioning.
1/19/2011 8:13:34 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to
start because of the following error: The dependency service or group failed to start.
1/19/2011 8:13:34 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because
of the following error: The dependency service or group failed to start.
1/19/2011 8:13:34 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start
because of the following error: The dependency service or group failed to start.
1/19/2011 8:13:34 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the
following error: The dependency service or group failed to start.
1/19/2011 8:13:34 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the
following error: A device attached to the system is not functioning.
1/19/2011 8:13:34 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start
because of the following error: A device attached to the system is not functioning.
1/19/2011 8:13:34 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
1/19/2011 8:13:29 PM, Error: Microsoft-Windows-TerminalServices-LocalSessionManager [1048] - Terminal Service start failed. The relevant status code was This service cannot be
started in Safe Mode .
1/19/2011 8:13:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the
server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
1/19/2011 8:13:19 PM, Error: EventLog [6008] - The previous system shutdown at 8:09:18 PM on 1/19/2011 was unexpected.
1/19/2011 8:11:47 PM, Error: Service Control Manager [7034] - The LVCOMSer service terminated unexpectedly. It has done this 1 time(s).
1/19/2011 8:11:30 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 30000 milliseconds: Restart the service.
1/19/2011 8:08:11 PM, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of
the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/19/2011 8:07:32 PM, Error: EventLog [6008] - The previous system shutdown at 7:40:08 PM on 1/19/2011 was unexpected.
1/19/2011 12:09:34 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected
termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
1/19/2011 12:09:33 AM, Error: Service Control Manager [7022] - The Server service hung on starting.
1/19/2011 12:09:33 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error:
After starting, the service hung in a start-pending state.
1/19/2011 12:06:44 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: Not enough server storage is available to process this
command.
1/19/2011 12:06:05 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action
will be taken in 60000 milliseconds: Restart the service.
1/19/2011 12:06:05 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The
following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2011 12:06:05 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective
action will be taken in 120000 milliseconds: Restart the service.
1/19/2011 12:06:05 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be
taken in 60000 milliseconds: Restart the service.
1/19/2011 12:06:05 AM, Error: Service Control Manager [7031] - The Terminal Services Configuration service terminated unexpectedly. It has done this 1 time(s). The following
corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2011 12:06:05 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action
will be taken in 60000 milliseconds: Restart the service.
1/19/2011 12:06:05 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The
following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2011 12:06:05 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following
corrective action will be taken in 60000 milliseconds: Restart the service.
1/19/2011 12:06:05 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be
taken in 60000 milliseconds: Restart the service.
1/19/2011 12:06:05 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective
action will be taken in 120000 milliseconds: Restart the service.
1/19/2011 12:06:05 AM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following
corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2011 12:06:05 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following
corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2011 12:06:05 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 120000 milliseconds: Restart the service.
1/19/2011 12:06:05 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The
following corrective action will be taken in 120000 milliseconds: Restart the service.
1/19/2011 11:19:22 PM, Error: EventLog [6008] - The previous system shutdown at 11:16:22 PM on 1/19/2011 was unexpected.
1/19/2011 1:26:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected
termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
1/19/2011 1:23:22 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected
termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
1/15/2011 8:58:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
1/15/2011 8:58:18 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the
start or control request in a timely fashion.
1/15/2011 8:48:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
1/15/2011 8:44:25 PM, Error: nvstor32 [5] - A parity error was detected on \Device\RaidPort1.
==== End Of File ===========================
DDS:
DDS (Ver_10-12-12.02) - NTFSx86
Run by Alex at 20:36:28.75 on Thu 01/20/2011
Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2046.796 [GMT -7:00]
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {DAAC1C79-1A96-9DFE-FC4C-6940214C33E6}
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\tvnserver.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AirVideoServer\AirVideoServer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Alex\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\tbXfir.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AirVideoServer] c:\program files\airvideoserver\AirVideoServer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [<NO NAME>]
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\wordweb.lnk - c:\program files\wordweb\wweb32.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: Add to Evernote - e:\program files\evernote\evernote3\enbar.dll/2000
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - e:\program files\evernote\evernote3\enbar.dll
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
TCP: {45B82F13-8CAA-44B2-A0BF-232ABD77AF8C} = 68.87.85.102,68.87.69.150
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - %SystemRoot%\system32\soundschemes.exe /AddRegistration
mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - %SystemRoot%\system32\soundschemes2.exe /AddRegistration
================= FIREFOX ===================
FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\14mmi5nt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\14mmi5nt.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: e:\program files\download manager\npfpdlm.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npwachk.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Multi Links: multilinks@plugin - %profile%\extensions\multilinks@plugin
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - %profile%\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation
foundation\DotNetAssistantExtension
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-26 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-19 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-19 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-19 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-9-25 20328]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1402272]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2010-7-8 815704]
S2 gupdate1ca1ebe79c66296;Google Update Service (gupdate1ca1ebe79c66296);c:\program files\google\update\GoogleUpdate.exe [2009-8-16 133104]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-21 1153368]
S3 BLKWGDv8;Belkin Wireless G Desktop Card Service v8;c:\windows\system32\drivers\BLKWGDv8.sys [2006-11-18 312832]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
=============== Created Last 30 ================
2011-01-19 04:55:54 98304 --sha-r- c:\windows\system32\FXSCOVERS.dll
2011-01-19 04:55:30 -------- d-----w- c:\users\alex\appdata\roaming\0AA35AA340E408D76C950D7A0C838F79
2011-01-19 04:35:59 -------- d-----w- c:\program files\Aimersoft
2011-01-19 04:06:28 -------- d-----w- c:\program files\Easy Video Splitter
2011-01-18 03:33:43 -------- d-----w- c:\program files\SpaceBattle ScreenSaver
2011-01-12 04:15:40 -------- d-----w- C:\wav2voc
2011-01-09 08:09:21 -------- d-----w- C:\bmpdf
2011-01-08 21:53:13 -------- d-----w- c:\windows\system32\Adobe
2011-01-08 18:14:34 -------- d-----w- C:\WDFUSE
2010-12-29 05:37:59 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-12-25 04:23:44 -------- d--h--w- c:\windows\PIF
==================== Find3M ====================
2010-11-28 05:12:15 4252 ----a-w- c:\windows\warp1px.drv
2010-11-18 04:56:10 234536 ----a-w- c:\windows\system32\PnkBstrB.xtr
2010-11-18 04:36:14 234536 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-10-29 05:35:43 139152 ----a-w- c:\users\alex\appdata\roaming\PnkBstrK.sys
=================== ROOTKIT ====================
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6001 Disk: WDC_WD16 rev.08.0 -> Harddisk0\DR0 -> \Device\00000061
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8698D555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x869937b0]; MOV EAX, [0x8699382c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI;
JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x820FDF6F] -> \Device\Harddisk0\DR0[0x864F7AC8]
3 CLASSPNP[0x883C8745] -> ntkrnlpa!IofCallDriver[0x820FDF6F] -> [0x85657700]
5 acpi[0x8260E6A0] -> ntkrnlpa!IofCallDriver[0x820FDF6F] -> [0x84876030]
\Driver\nvstor32[0x866FD1D8] -> IRP_MJ_CREATE -> 0x8698D555
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX,
0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\00000060 -> \??\SCSI#Disk&Ven_WDC_WD16&Prod_00JB-00GVC0#4&3bad3e4&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 312581806 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
============= FINISH: 20:37:21.02 ===============
And as promised, my MBAM logs that actually removed things.
Earlier today:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5557
Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18865
1/20/2011 6:28:37 PM
mbam-log-2011-01-20 (18-28-37).txt
Scan type: Full scan (C:\|E:\|G:\|I:\|)
Objects scanned: 706072
Time elapsed: 1 hour(s), 44 minute(s), 36 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Alex\AppData\Roaming\0aa35aa340e408d76c950d7a0c838f79\bootmdlink700sys.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Alex\AppData\Roaming\bc3fc61ebd2390be003660698b68eba6\releaseversion70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
g:\!!!Final\installers\convertxtodvd 3\convertxtodvd.v3.x-keygen_brd\Keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
g:\!!!Final\installers\feedforall\feedforall.v2.0.2.9.patch.by.foff\nfo viewer.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
c:\Windows\temp\0.3673486574633026.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\temp\0.9723782123328527.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
