TechSpot

Redirecting Problem

By Valkyrja
Feb 14, 2011
  1. I've been having a redirecting problem with firefox, I've run Malwarebytes and Super Antispyware in safemode like 6 times and only SAS finds the trojan and as soon as i get booted up and try firefox it starts again.


    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5665

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    2/10/2011 4:02:59 PM
    mbam-log-2011-02-10 (16-02-59).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 120841
    Time elapsed: 24 minute(s), 31 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-02-10 12:07:36
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD800JB-00JJC0 rev.05.01C05
    Running: lsc4vmnn.exe; Driver: C:\Users\Chaos\AppData\Local\Temp\kglcqpog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAllocateVirtualMemory [0x91666328]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAlpcConnectPort [0x91664A8C]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAlpcCreatePort [0x9166455E]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwAssignProcessToJobObject [0x91665824]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwConnectPort [0x9166464C]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateFile [0x9166B1F8]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreatePort [0x9166446A]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateSection [0x916624F2]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateThread [0x91663634]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwCreateThreadEx [0x91663768]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwDebugActiveProcess [0x91663D22]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwDuplicateObject [0x9166432C]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwLoadDriver [0x9166524C]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenFile [0x9166B554]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenSection [0x916627B4]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwOpenThread [0x916638B0]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwProtectVirtualMemory [0x916655D6]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwQueueApcThread [0x91665940]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRequestPort [0x91664CB0]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwRequestWaitReplyPort [0x91664F14]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwResumeThread [0x916640CE]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSecureConnectPort [0x9166486E]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSetContextThread [0x91663BCC]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSetSystemInformation [0x91665FDC]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwShutdownSystem [0x91665186]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSuspendProcess [0x916641FE]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSuspendThread [0x91663F7A]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwSystemDebugControl [0x91663E40]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwTerminateProcess [0x91663472]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwTerminateThread [0x91663A66]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwUnloadDriver [0x91665414]
    SSDT \??\C:\Windows\system32\drivers\OADriver.sys ZwWriteVirtualMemory [0x91665700]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83289579 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832ADF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!RtlSidHashLookup + 23C 832B573C 4 Bytes [28, 63, 66, 91] {SUB [EBX+0x66], AH; XCHG ECX, EAX}
    .text ntkrnlpa.exe!RtlSidHashLookup + 248 832B5748 8 Bytes [8C, 4A, 66, 91, 5E, 45, 66, ...] {MOV WORD [EDX+0x66], CS; XCHG ECX, EAX; POP ESI; INC EBP; XCHG CX, AX}
    .text ntkrnlpa.exe!RtlSidHashLookup + 29C 832B579C 4 Bytes [24, 58, 66, 91] {AND AL, 0x58; XCHG CX, AX}
    .text ntkrnlpa.exe!RtlSidHashLookup + 2DC 832B57DC 4 Bytes [4C, 46, 66, 91] {DEC ESP; INC ESI; XCHG CX, AX}
    .text ntkrnlpa.exe!RtlSidHashLookup + 2F8 832B57F8 4 Bytes [F8, B1, 66, 91] {CLC ; MOV CL, 0x66; XCHG ECX, EAX}
    .text ...
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91E3A000, 0x2D5378, 0xE8000020]
    .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x97BAE300, 0x1BCE, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\Explorer.EXE[300] ntdll.dll!NtProtectVirtualMemory 76ED5360 5 Bytes JMP 009B000A
    .text C:\Windows\Explorer.EXE[300] ntdll.dll!NtWriteVirtualMemory 76ED5EE0 5 Bytes JMP 009C000A
    .text C:\Windows\Explorer.EXE[300] ntdll.dll!KiUserExceptionDispatcher 76ED6448 5 Bytes JMP 009A000A
    .text C:\Windows\Explorer.EXE[300] ADVAPI32.dll!CreateServiceW 75A5DBC1 6 Bytes JMP 71900F5A
    .text C:\Windows\Explorer.EXE[300] ADVAPI32.dll!CreateServiceA 75A72120 6 Bytes JMP 71930F5A
    .text C:\Windows\Explorer.EXE[300] GDI32.dll!DeleteDC 75776A2C 6 Bytes JMP 717E0F5A
    .text C:\Windows\Explorer.EXE[300] GDI32.dll!BitBlt 75777180 6 Bytes JMP 717B0F5A
    .text C:\Windows\Explorer.EXE[300] GDI32.dll!CreateDCA 75779975 6 Bytes JMP 71840F5A
    .text C:\Windows\Explorer.EXE[300] GDI32.dll!CreateDCW 7577BD21 6 Bytes JMP 71810F5A
    .text C:\Windows\Explorer.EXE[300] USER32.dll!RegisterRawInputDevices 757C5C2F 3 Bytes [FF, 25, 1E]
    .text C:\Windows\Explorer.EXE[300] USER32.dll!RegisterRawInputDevices + 4 757C5C33 2 Bytes [86, 71]
    .text C:\Windows\Explorer.EXE[300] USER32.dll!RegisterHotKey 757CC8F9 3 Bytes [FF, 25, 1E]
    .text C:\Windows\Explorer.EXE[300] USER32.dll!RegisterHotKey + 4 757CC8FD 2 Bytes [89, 71]
    .text C:\Windows\Explorer.EXE[300] USER32.dll!ExitWindowsEx 758106EF 6 Bytes JMP 719F0F5A
    .text C:\Windows\Explorer.EXE[300] USER32.dll!DdeClientTransaction 7582329C 6 Bytes JMP 718D0F5A
    .text C:\Windows\Explorer.EXE[300] IPHLPAPI.DLL!IcmpSendEcho2Ex 71A8561D 6 Bytes JMP 71960F5A
    .text C:\Windows\Explorer.EXE[300] IPHLPAPI.DLL!IcmpSendEcho 71A867C3 6 Bytes JMP 719C0F5A
    .text C:\Windows\Explorer.EXE[300] IPHLPAPI.DLL!IcmpSendEcho2 71A867F3 6 Bytes JMP 71990F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] ntdll.dll!NtCreateSymbolicLinkObject 76ED4B50 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] ntdll.dll!NtCreateSymbolicLinkObject + 4 76ED4B54 2 Bytes [78, 71] {JS 0x73}
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] ntdll.dll!NtOpenFile 76ED5120 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] ntdll.dll!NtOpenFile + 4 76ED5124 2 Bytes [75, 71] {JNZ 0x73}
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] KERNEL32.dll!CreateProcessW 75B0202D 6 Bytes JMP 71A30F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] KERNEL32.dll!CreateProcessA 75B02062 6 Bytes JMP 71A70F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] KERNEL32.dll!LoadLibraryA 75B52864 6 Bytes JMP 71730F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] KERNEL32.dll!LoadLibraryW 75B528B2 6 Bytes JMP 71700F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] user32.dll!RegisterRawInputDevices 757C5C2F 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] user32.dll!RegisterRawInputDevices + 4 757C5C33 2 Bytes [87, 71]
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] user32.dll!RegisterHotKey 757CC8F9 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] user32.dll!RegisterHotKey + 4 757CC8FD 2 Bytes [8A, 71]
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] user32.dll!ExitWindowsEx 758106EF 6 Bytes JMP 71A00F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] user32.dll!DdeClientTransaction 7582329C 6 Bytes JMP 718E0F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] GDI32.dll!DeleteDC 75776A2C 6 Bytes JMP 717F0F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] GDI32.dll!BitBlt 75777180 6 Bytes JMP 717C0F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] GDI32.dll!CreateDCA 75779975 6 Bytes JMP 71850F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] GDI32.dll!CreateDCW 7577BD21 6 Bytes JMP 71820F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] advapi32.dll!CreateServiceW 75A5DBC1 6 Bytes JMP 71910F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] advapi32.dll!CreateServiceA 75A72120 6 Bytes JMP 71940F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] WS2_32.dll!socket 75893F00 6 Bytes JMP 71AF0F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] IPHLPAPI.DLL!IcmpSendEcho2Ex 71A8561D 6 Bytes JMP 71970F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] IPHLPAPI.DLL!IcmpSendEcho 71A867C3 6 Bytes JMP 719D0F5A
    .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[896] IPHLPAPI.DLL!IcmpSendEcho2 71A867F3 6 Bytes JMP 719A0F5A
    .text C:\Windows\system32\svchost.exe[1300] ntdll.dll!NtProtectVirtualMemory 76ED5360 5 Bytes JMP 0037000A
    .text C:\Windows\system32\svchost.exe[1300] ntdll.dll!NtWriteVirtualMemory 76ED5EE0 5 Bytes JMP 0038000A
    .text C:\Windows\system32\svchost.exe[1300] ntdll.dll!KiUserExceptionDispatcher 76ED6448 5 Bytes JMP 0036000A
    .text C:\Windows\system32\svchost.exe[1300] ole32.dll!CoCreateInstance 759257FC 5 Bytes JMP 0052000A
    .text C:\Windows\system32\svchost.exe[1300] USER32.dll!GetCursorPos 757CC198 5 Bytes JMP 00EE000A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] ntdll.dll!NtCreateSymbolicLinkObject 76ED4B50 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] ntdll.dll!NtCreateSymbolicLinkObject + 4 76ED4B54 2 Bytes [71, 71] {JNO 0x73}
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] ntdll.dll!NtOpenFile 76ED5120 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] ntdll.dll!NtOpenFile + 4 76ED5124 2 Bytes [6E, 71]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] kernel32.dll!CreateProcessW 75B0202D 6 Bytes JMP 71A20F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] kernel32.dll!CreateProcessA 75B02062 6 Bytes JMP 71A50F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] kernel32.dll!CloseHandle 75B505B7 6 Bytes JMP 71900F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] kernel32.dll!CreateFileW 75B50B5D 6 Bytes JMP 71930F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] kernel32.dll!LoadLibraryA 75B52864 6 Bytes JMP 716C0F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] kernel32.dll!LoadLibraryW 75B528B2 6 Bytes JMP 71690F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] ADVAPI32.dll!CreateServiceW 75A5DBC1 6 Bytes JMP 718A0F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] ADVAPI32.dll!CreateServiceA 75A72120 6 Bytes JMP 718D0F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] GDI32.dll!DeleteDC 75776A2C 6 Bytes JMP 71780F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] GDI32.dll!BitBlt 75777180 6 Bytes JMP 71750F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] GDI32.dll!CreateDCA 75779975 6 Bytes JMP 717E0F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] GDI32.dll!CreateDCW 7577BD21 6 Bytes JMP 717B0F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] USER32.dll!RegisterRawInputDevices 757C5C2F 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] USER32.dll!RegisterRawInputDevices + 4 757C5C33 2 Bytes [80, 71]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] USER32.dll!RegisterHotKey 757CC8F9 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] USER32.dll!RegisterHotKey + 4 757CC8FD 2 Bytes [83, 71]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] USER32.dll!ExitWindowsEx 758106EF 6 Bytes JMP 719F0F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] USER32.dll!DdeClientTransaction 7582329C 6 Bytes JMP 71870F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] WS2_32.dll!socket 75893F00 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] IPHLPAPI.DLL!IcmpSendEcho2Ex 71A8561D 6 Bytes JMP 71960F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] IPHLPAPI.DLL!IcmpSendEcho 71A867C3 6 Bytes JMP 719C0F5A
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1688] IPHLPAPI.DLL!IcmpSendEcho2 71A867F3 6 Bytes JMP 71990F5A
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] ntdll.dll!NtCreateSymbolicLinkObject 76ED4B50 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] ntdll.dll!NtCreateSymbolicLinkObject + 4 76ED4B54 2 Bytes [71, 71] {JNO 0x73}
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] ntdll.dll!NtOpenFile 76ED5120 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] ntdll.dll!NtOpenFile + 4 76ED5124 2 Bytes [6E, 71]
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] kernel32.dll!CreateProcessW 75B0202D 6 Bytes JMP 71A20F5A
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] kernel32.dll!CreateProcessA 75B02062 6 Bytes JMP 71A50F5A
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] kernel32.dll!CloseHandle 75B505B7 6 Bytes JMP 71900F5A
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] kernel32.dll!CreateFileW 75B50B5D 6 Bytes JMP 71930F5A
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] kernel32.dll!LoadLibraryA 75B52864 6 Bytes JMP 716C0F5A
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] kernel32.dll!LoadLibraryW 75B528B2 6 Bytes JMP 71690F5A
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] USER32.dll!RegisterRawInputDevices 757C5C2F 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] USER32.dll!RegisterRawInputDevices + 4 757C5C33 2 Bytes [80, 71]
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] USER32.dll!RegisterHotKey 757CC8F9 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] USER32.dll!RegisterHotKey + 4 757CC8FD 2 Bytes [83, 71]
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] USER32.dll!ExitWindowsEx 758106EF 6 Bytes JMP 719F0F5A
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] USER32.dll!DdeClientTransaction 7582329C 6 Bytes JMP 71870F5A
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] GDI32.dll!DeleteDC 75776A2C 6 Bytes JMP 71780F5A
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] GDI32.dll!BitBlt 75777180 6 Bytes JMP 71750F5A
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] GDI32.dll!CreateDCA 75779975 6 Bytes JMP 717E0F5A
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] GDI32.dll!CreateDCW 7577BD21 6 Bytes JMP 717B0F5A
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] ADVAPI32.dll!CreateServiceW 75A5DBC1 6 Bytes JMP 718A0F5A
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] ADVAPI32.dll!CreateServiceA 75A72120 6 Bytes JMP 718D0F5A
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] WS2_32.dll!socket 75893F00 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] IPHLPAPI.DLL!IcmpSendEcho2Ex 71A8561D 6 Bytes JMP 71960F5A
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] IPHLPAPI.DLL!IcmpSendEcho 71A867C3 6 Bytes JMP 719C0F5A
    .text C:\Program Files\AVG\AVG9\avgtray.exe[1692] IPHLPAPI.DLL!IcmpSendEcho2 71A867F3 6 Bytes JMP 71990F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] ntdll.dll!NtCreateSymbolicLinkObject 76ED4B50 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Online Armor\oaui.exe[1768] ntdll.dll!NtCreateSymbolicLinkObject + 4 76ED4B54 2 Bytes [71, 71] {JNO 0x73}
    .text C:\Program Files\Online Armor\oaui.exe[1768] ntdll.dll!NtOpenFile 76ED5120 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Online Armor\oaui.exe[1768] ntdll.dll!NtOpenFile + 4 76ED5124 2 Bytes [6E, 71]
    .text C:\Program Files\Online Armor\oaui.exe[1768] kernel32.dll!CreateProcessW 75B0202D 6 Bytes JMP 71A20F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] kernel32.dll!CreateProcessA 75B02062 6 Bytes JMP 71A50F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] kernel32.dll!CloseHandle 75B505B7 6 Bytes JMP 71900F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] kernel32.dll!CreateFileW 75B50B5D 6 Bytes JMP 71930F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] kernel32.dll!LoadLibraryA 75B52864 6 Bytes JMP 71660F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] kernel32.dll!LoadLibraryW 75B528B2 6 Bytes JMP 71630F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] advapi32.dll!CreateServiceW 75A5DBC1 6 Bytes JMP 718A0F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] advapi32.dll!CreateServiceA 75A72120 6 Bytes JMP 718D0F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] GDI32.dll!DeleteDC 75776A2C 6 Bytes JMP 71780F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] GDI32.dll!BitBlt 75777180 6 Bytes JMP 71750F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] GDI32.dll!CreateDCA 75779975 6 Bytes JMP 717E0F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] GDI32.dll!CreateDCW 7577BD21 6 Bytes JMP 717B0F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] USER32.dll!RegisterRawInputDevices 757C5C2F 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Online Armor\oaui.exe[1768] USER32.dll!RegisterRawInputDevices + 4 757C5C33 2 Bytes [80, 71]
    .text C:\Program Files\Online Armor\oaui.exe[1768] USER32.dll!LoadStringA 757C6563 6 Bytes JMP 71600F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] USER32.dll!RegisterHotKey 757CC8F9 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Online Armor\oaui.exe[1768] USER32.dll!RegisterHotKey + 4 757CC8FD 2 Bytes [83, 71]
    .text C:\Program Files\Online Armor\oaui.exe[1768] USER32.dll!LoadStringW 757D5533 6 Bytes JMP 715C0F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] USER32.dll!ExitWindowsEx 758106EF 6 Bytes JMP 719F0F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] USER32.dll!DdeClientTransaction 7582329C 6 Bytes JMP 71870F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] WS2_32.dll!ioctlsocket 75893131 6 Bytes JMP 71450F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] WS2_32.dll!sendto 75893AED 6 Bytes JMP 714D0F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] WS2_32.dll!closesocket 75893BED 6 Bytes JMP 71590F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] WS2_32.dll!socket 75893F00 6 Bytes JMP 71AE0F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] WS2_32.dll!recv 758947DF 6 Bytes JMP 71350F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] WS2_32.dll!connect 758948BE 6 Bytes JMP 71560F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] WS2_32.dll!select 75894981 6 Bytes JMP 714A0F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] WS2_32.dll!WSASend 758968A7 6 Bytes JMP 712E0F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] WS2_32.dll!WSARecv 7589C29F 6 Bytes JMP 71310F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] WS2_32.dll!send 7589C4C8 6 Bytes JMP 71500F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] WS2_32.dll!WSAAsyncSelect 758AAACC 6 Bytes JMP 713A0F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] IPHLPAPI.DLL!IcmpSendEcho2Ex 71A8561D 6 Bytes JMP 71960F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] IPHLPAPI.DLL!IcmpSendEcho 71A867C3 6 Bytes JMP 719C0F5A
    .text C:\Program Files\Online Armor\oaui.exe[1768] IPHLPAPI.DLL!IcmpSendEcho2 71A867F3 6 Bytes JMP 71990F5A
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] ntdll.dll!NtCreateSymbolicLinkObject 76ED4B50 3 Bytes [FF, 25, 1E]
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] ntdll.dll!NtCreateSymbolicLinkObject + 4 76ED4B54 2 Bytes [6E, 71]
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] ntdll.dll!NtOpenFile 76ED5120 3 Bytes [FF, 25, 1E]
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] ntdll.dll!NtOpenFile + 4 76ED5124 2 Bytes [6B, 71]
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] ntdll.dll!LdrGetProcedureAddressEx 76EEEB05 6 Bytes JMP 71600F5A
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] ntdll.dll!LdrGetProcedureAddress 76EEEE27 6 Bytes JMP 71630F5A
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] kernel32.dll!CreateProcessW 75B0202D 6 Bytes JMP 71A20F5A
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] kernel32.dll!CreateProcessA 75B02062 6 Bytes JMP 71A50F5A
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] kernel32.dll!LoadLibraryA 75B52864 6 Bytes JMP 71690F5A
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] kernel32.dll!LoadLibraryW 75B528B2 6 Bytes JMP 71660F5A
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] kernel32.dll!WriteProcessMemory 75B6859F 6 Bytes JMP 715A0F5A
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] kernel32.dll!VirtualProtectEx 75B8F651 6 Bytes JMP 715D0F5A
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] ADVAPI32.dll!CreateServiceW 75A5DBC1 6 Bytes JMP 71870F5A
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] ADVAPI32.dll!CreateServiceA 75A72120 6 Bytes JMP 718A0F5A
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] ole32.dll!CoGetClassObject 7590A2D4 6 Bytes JMP 718D0F5A
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] ole32.dll!CoCreateInstance 759257FC 6 Bytes JMP 71930F5A
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] ole32.dll!CoCreateInstanceEx 7592583F 6 Bytes JMP 71900F5A
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] GDI32.dll!DeleteDC 75776A2C 6 Bytes JMP 71750F5A
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] GDI32.dll!BitBlt 75777180 6 Bytes JMP 71720F5A
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] GDI32.dll!CreateDCA 75779975 6 Bytes JMP 717B0F5A
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] GDI32.dll!CreateDCW 7577BD21 6 Bytes JMP 71780F5A
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] USER32.dll!RegisterRawInputDevices 757C5C2F 3 Bytes [FF, 25, 1E]
    .text C:\Users\Chaos\AppData\Local\Google\Update\GoogleUpdate.exe[1844] USER32.dll!RegisterRawInputDevices + 4 757C5C33 2 Bytes [7D, 71] {JGE 0x73}
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll help with the malware, but you need to complete the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Important!
    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    Since you have run Malwarebytes and GMER, the additional scan will be DDS which generates 2 logs. Please complete the additional steps in the thread as well as the scans.
     
  3. Valkyrja

    Valkyrja TS Rookie Topic Starter

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/11/2009 3:50:23 PM
    System Uptime: 2/10/2011 1:09:06 PM (0 hours ago)

    Motherboard: MSI | | MSI P6N SLI
    Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | CPU 1 | 2200/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 75 GiB total, 36.732 GiB free.
    D: is FIXED (NTFS) - 74 GiB total, 28.559 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&1A84B5A3&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&1A84B5A3&0
    Service: i8042prt

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: SASDIFSV
    Device ID: ROOT\LEGACY_SASDIFSV\0000
    Manufacturer:
    Name: SASDIFSV
    PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
    Service: SASDIFSV

    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: SASKUTIL
    Device ID: ROOT\LEGACY_SASKUTIL\0000
    Manufacturer:
    Name: SASKUTIL
    PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
    Service: SASKUTIL

    ==== System Restore Points ===================

    RP188: 2/1/2011 10:00:03 AM - Avg Update
    RP190: 2/1/2011 10:13:29 AM - Avg Update
    RP191: 2/1/2011 7:17:26 PM - Installed COMODO Internet Security
    RP192: 2/1/2011 7:38:29 PM - Removed COMODO Internet Security
    RP193: 2/3/2011 1:27:37 PM - Windows Update
    RP194: 2/4/2011 5:35:37 AM - Installed COMODO Internet Security
    RP195: 2/8/2011 10:55:09 AM - Removed COMODO Internet Security
    RP196: 2/8/2011 1:34:57 PM - Online Armor installation
    RP197: 2/8/2011 1:35:29 PM - Device Driver Package Install: TLEM Network Service

    ==== Installed Programs ======================

    µTorrent
    3DMark06
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 6.0.1
    Advanced SystemCare 3
    AMD Drag and Drop Transcoding
    ATI Catalyst Install Manager
    ATI Catalyst Registration
    AVG Free 9.0
    Belkin F7D1101 Basic Wireless USB Adapter
    Burn4Free CD and DVD
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    ccc-core-static
    ccc-utility
    CCC Help English
    CCleaner
    Comical 0.8
    Curse Client
    EverQuest II Extended
    Fallout New Vegas
    FLV Player 2.0 (build 25)
    Free YouTube Download 2.9
    Game Booster
    Google Chrome
    Grand Theft Auto IV
    HijackThis 1.99.1
    Java Auto Updater
    Java(TM) 6 Update 22
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Choice Guard
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office Excel Viewer 2003
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.5.5)
    MSVCRT
    NVIDIA PhysX
    O&O Defrag Professional Edition
    Online Armor 4.5
    Personal Media Manager 2.86 MAJ
    Rawr
    Safe Returner version 1.27.9
    Spybot - Search & Destroy
    Steam
    TeamSpeak 3 Client
    The Lord of the Rings FREE Trial
    TruePing 1.0.576.207
    Uninstall 1.0.0.1
    Ventrilo Client
    WildBlue Optimizer Ver 2010-01-15
    WildBlue Pulse
    Windows Live Essentials
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Upload Tool
    WinRAR archiver
    World of Warcraft
    YouTube Downloader 2.5.6

    ==== Event Viewer Messages From Past Week ========

    2/9/2011 6:07:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
    2/9/2011 6:07:00 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/8/2011 6:39:52 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    2/8/2011 6:39:50 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    2/8/2011 6:39:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    2/8/2011 6:39:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    2/8/2011 6:39:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/8/2011 6:39:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    2/8/2011 6:39:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 discache OADevice oahlpXX pklwqndi SASDIFSV SASKUTIL spldr sptd Wanarpv6
    2/8/2011 4:52:06 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    2/8/2011 4:48:32 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: pklwqndi SASDIFSV SASKUTIL
    2/8/2011 4:27:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Winmgmt service.
    2/8/2011 4:27:01 AM, Error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    2/8/2011 4:27:01 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    2/8/2011 4:24:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    2/8/2011 4:24:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    2/8/2011 4:24:31 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX cmdGuard cmdHlp CSC DfsC discache inspect NetBIOS NetBT nsiproxy pklwqndi Psched rdbss SASDIFSV SASKUTIL spldr sptd tdx trueping vwififlt Wanarpv6 WfpLwf
    2/8/2011 4:24:31 AM, Error: Service Control Manager [7001] - The SBSD Security Center Service service depends on the Security Center service which failed to start because of the following error: The dependency service or group failed to start.
    2/8/2011 4:24:01 AM, Error: Service Control Manager [7022] - The User Profile Service service hung on starting.
    2/8/2011 4:24:01 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/8/2011 4:24:01 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/8/2011 4:24:01 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    2/8/2011 4:24:01 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/8/2011 4:24:01 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    2/8/2011 4:24:01 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    2/8/2011 4:24:01 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/8/2011 4:24:01 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    2/8/2011 4:24:01 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2/8/2011 4:24:01 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    2/8/2011 4:21:42 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    2/8/2011 12:55:40 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX cmdGuard cmdHlp CSC DfsC discache inspect NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr sptd tdx trueping vwififlt Wanarpv6 WfpLwf
    2/8/2011 10:00:12 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: pklwqndi
    2/7/2011 8:37:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX cmdGuard cmdHlp CSC DfsC discache inspect NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx trueping vwififlt Wanarpv6 WfpLwf
    2/7/2011 8:36:30 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    2/7/2011 8:36:30 AM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    2/7/2011 8:36:30 AM, Error: Service Control Manager [7038] - The lmhosts service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    2/7/2011 8:36:30 AM, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not start due to a logon failure.
    2/7/2011 8:36:30 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
    2/7/2011 8:36:30 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
    2/5/2011 7:49:42 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 cmdGuard discache spldr sptd Wanarpv6
    2/5/2011 6:10:25 PM, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
    2/3/2011 9:56:21 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer RHONDA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{54C6F9BE-B9D9-4A53-90B3-7717414E. The master browser is stopping or an election is being forced.
    2/3/2011 5:20:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 discache spldr sptd Wanarpv6
    2/3/2011 4:49:38 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    2/3/2011 4:49:38 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    2/3/2011 4:48:38 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    2/3/2011 4:47:38 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/3/2011 4:47:38 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/3/2011 4:47:38 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/3/2011 4:47:38 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/3/2011 4:47:38 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/3/2011 4:47:38 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/3/2011 4:47:38 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/3/2011 4:47:38 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/3/2011 4:47:38 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/3/2011 4:47:38 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/3/2011 4:47:38 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/3/2011 4:47:38 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/3/2011 4:47:38 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    2/3/2011 4:47:38 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2/10/2011 1:24:28 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: pklwqndi sptd
    2/10/2011 1:10:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: pklwqndi SASDIFSV SASKUTIL sptd
    2/10/2011 1:10:13 PM, Error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
    2/10/2011 1:10:13 PM, Error: Service Control Manager [7000] - The O&O Defrag service failed to start due to the following error: The system cannot find the path specified.
    2/10/2011 1:10:11 PM, Error: Service Control Manager [7000] - The atksgt service failed to start due to the following error: This driver has been blocked from loading
    2/10/2011 1:10:11 PM, Error: Application Popup [875] - Driver atksgt.sys has been blocked from loading.
    2/10/2011 1:09:33 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    2/10/2011 1:09:33 PM, Error: atikmdag [43029] - Display is not active
    2/10/2011 1:09:22 PM, Error: volmgr [46] - Crash dump initialization failed!
    2/10/2011 1:09:17 PM, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

    ==== End Of File ===========================

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 02/14/2011 at 10:27 AM

    Application Version : 4.48.1000

    Core Rules Database Version : 6343
    Trace Rules Database Version: 4155

    Scan type : Complete Scan
    Total Scan Time : 01:41:17

    Memory items scanned : 395
    Memory threats detected : 0
    Registry items scanned : 9099
    Registry threats detected : 0
    File items scanned : 124786
    File threats detected : 101

    Trojan.Unclassified/Dropper
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\AHAV2W1G\BUSINESSSEARCHTOOLBARSETUP[3].EXE
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\AHAV2W1G\BUSINESSSEARCHTOOLBARSETUP[8].EXE
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\AHAV2W1G\BUSINESSSEARCHTOOLBARSETUP[7].EXE
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\AHAV2W1G\BUSINESSSEARCHTOOLBARSETUP[6].EXE
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\AHAV2W1G\BUSINESSSEARCHTOOLBARSETUP[2].EXE
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\AHAV2W1G\BUSINESSSEARCHTOOLBARSETUP[4].EXE
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\D08T8OTY\BUSINESSSEARCHTOOLBARSETUP[5].EXE
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\D08T8OTY\BUSINESSSEARCHTOOLBARSETUP[1].EXE
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\D08T8OTY\BUSINESSSEARCHTOOLBARSETUP[2].EXE
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\D08T8OTY\BUSINESSSEARCHTOOLBARSETUP[3].EXE
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\D08T8OTY\BUSINESSSEARCHTOOLBARSETUP[4].EXE
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QJTXYHZO\BUSINESSSEARCHTOOLBARSETUP[1].EXE
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QJTXYHZO\BUSINESSSEARCHTOOLBARSETUP[2].EXE
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\CONTENT.IE5\QJTXYHZO\BUSINESSSEARCHTOOLBARSETUP[3].EXE

    Adware.Tracking Cookie
    serving-sys.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\CPUCDBYH ]
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediabrandsww[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.googleadservices[6].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adecn[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@lucidmedia[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@theclickcheck[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@collective-media[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cdn.jemamedia[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@imrworldwide[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@theclickcheck[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickthrough.kanoodle[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@technoratimedia[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[6].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@kitaramedia.122.2o7[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.googleadservices[9].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.trafficengine[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@admarketplace[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@revsci[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@admarketplace[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@findology[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.mediatraffic[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.googleadservices[7].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@interclick[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@findology[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@admarketplace[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adtech[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@businessfind[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.undertone[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.burstbeacon[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.googleadservices[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tracker.roitesting[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@p211t1s1579522.kronos.bravenetmedia[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cdn.jemamedia[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@xml.click9[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.lycos[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@invitemedia[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@mediatraffic[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.googleadservices[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.googleadservices[5].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@theclickcheck[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bizzclick[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.googleadservices[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ru4[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@tribalfusion[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bridge1.admarketplace[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.businessfind[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.cpxcenter[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.googleadservices[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@uiadserver[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bridge1.admarketplace[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clickpayz10.91462.information-seeking[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bridge2.admarketplace[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@2o7[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ad.yieldmanager[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@bridge2.admarketplace[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@a1.interclick[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adserver.adtechus[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@discountgolfworld[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[2].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@findology[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.mediatraffic[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@content.yieldmanager[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@findology[4].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@click.fastpartner[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@admarketplace[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@technoratimedia[1].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@www.googleadservices[10].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@pointroll[3].txt
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@creditpaymentservices.122.2o7[2].txt
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please post the DDS.txt log. You only left the Attach.txt log.

    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    This will include running TFC which contains 101 infected files.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
    =====================================
    µTorrent> disable or uninstall
    Adobe Reader 6.0.1> update: Adobe Reader site . Uninstall any earlier updates as they are vulnerabilities.
    Advanced SystemCare 3> uninstall. Bad program, bad site.
    AVG Free 9.0> update version
    HijackThis 1.99.1> outdated, uninstall.
    Java(TM) 6 Update 22: update to v6u23:Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    Mozilla Firefox (3.5.5)> out of date, update.
    =========================================
    Reset Cookies
    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List

    For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
     
  5. Valkyrja

    Valkyrja TS Rookie Topic Starter

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Chaos at 13:14:42.57 on Thu 02/10/2011
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.2015 [GMT -5:00]

    AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Online Armor Firewall *Enabled* {5841EF60-F43F-AE8D-642F-D79F12883626}
    ============== Running Processes ===============
    C:\Windows\system32\wininit.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Online Armor\OAcat.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\Online Armor\OAreg.exe
    C:\Program Files\Online Armor\OAreg.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Online Armor\OAreg.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Users\Chaos\AppData\Local\Temp\1209.tmp\MBR.DAT
    C:\Users\Chaos\Desktop\dds(2).scr
    C:\Windows\system32\conhost.exe
     
  6. Valkyrja

    Valkyrja TS Rookie Topic Starter

    I would like to post the other half of of DDS log but everytime I try to post a log file i get the The connection to the server was reset while the page was loading.
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    There is a long list of Errors in the Event Viewer. Many of these reflect internet connection or failure thereof.

    There is also a long list of temporary internet files with Trojans. Please repeat running TFC> Temporary Internet File cleaner in the thread steps. Be sure to reboot when through.

    See if this makes any difference in staying connected> if it does not, you will need to contact your ISP tomorrow.

    There also appears to be multiple problems with the Services. This one, for instance may address the need for a driver update in one of the connected devices:
    2/10/2011 1:09:17 PM, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

    Connections problems are not new and there are indications that little or no maintenance has been done on the system.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...