TechSpot

Search.fast-find.net (Google Hijacker/Redirector) and blue screen

By ENDZYM3
Oct 17, 2010
  1. I've tried fixing this problem on my own, but to no avail.
    I already completed the 8-step Viruses/Spyware/Malware Preliminary Removal Instructions.
    I first noticed something wrong when my computer blue screened.
    No symptoms before that.
    Also worth noting, this thing doesn't like Techspot.
    I was unable to post a thread (this thread) on my own computer (It would say that the page couldn't be loaded).
    And it then blue screened after repeated attempts at posting.
    I'm posting this now on my dad's computer.

    Just got this problem yesterday, so it's pretty fresh in my system.
    A big thank you to those who take my request into consideration, and the help that later comes with it. :)

    mbam-log-2010-10-17 (12-20-53).txt

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4861

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    10/17/2010 12:20:53 PM
    mbam-log-2010-10-17 (12-20-53).txt

    Scan type: Quick scan
    Objects scanned: 150838
    Time elapsed: 8 minute(s), 3 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)




    DDS.txt

    DDS (Ver_10-10-10.03) - NTFSx86
    Run by ENDZYM3 at 12:41:49.05 on Sun 10/17/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2812.1935 [GMT -7:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    C:\Windows\system32\LxrSII1s.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\ENDZYM3\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Babylon IE plugin: {9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [Google Update] "c:\users\endzym3\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [LxrAutorun] c:\users\endzym3\appdata\local\lexar media\LxrAutorun.exe
    mRun: [WireLessMouse] c:\program files\mouse driver\StartAutorun.exe MouseDrv.exe
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
    mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    dRun: [exe.exe] c:\windows\temp\exe.exe
    StartupFolder: c:\users\endzym3\appdata\roaming\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
    IE: Translate this web page with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
    IE: Translate with Babylon - c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/Action.htm
    IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\babylon\babylon-pro\utils\BabylonIEPI.dll/ActionTU.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\program files\stardock\object desktop\iconpackager\iprepair.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\endzym3\appdata\roaming\mozilla\firefox\profiles\wtgp5iib.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - prefs.js: keyword.URL - hxxp://www.google.com.my/search?q=
    FF - component: c:\program files\adobe\adobe contribute cs5\plugins\firefoxplugin\{01a8ca0a-4c96-465b-a49b-65c46fad54f9}\components\Contribute.dll
    FF - component: c:\users\endzym3\appdata\roaming\mozilla\firefox\profiles\wtgp5iib.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
    FF - component: c:\users\endzym3\appdata\roaming\mozilla\firefox\profiles\wtgp5iib.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\mozilla firefox\plugins\npContribute.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\endzym3\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\users\endzym3\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\endzym3\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-10-17 165584]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-10-17 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-10-17 50768]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-17 40384]
    R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2010-9-14 63448]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2009-6-10 50688]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-17 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-10-17 40384]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-6-28 16472]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-24 1343400]

    =============== Created Last 30 ================

    2010-10-17 15:11:18 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-10-17 15:10:41 38848 ----a-w- c:\windows\avastSS.scr
    2010-10-17 14:34:31 -------- d-----w- c:\users\endzym3\appdata\roaming\Malwarebytes
    2010-10-17 14:34:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-17 14:34:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-17 14:34:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware (NEW)
    2010-10-17 14:34:06 -------- d-----w- c:\progra~2\Malwarebytes
    2010-10-17 02:52:19 -------- d-----w- c:\windows\system32\MpEngineStore
    2010-10-17 02:27:52 -------- d-----w- c:\progra~2\Update
    2010-10-17 02:27:48 -------- d-----w- c:\users\endzym3\appdata\roaming\Wyyr
    2010-10-17 02:27:48 -------- d-----w- c:\users\endzym3\appdata\roaming\Acgi
    2010-10-16 23:57:26 6084944 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{2fac1885-57a4-463c-9e81-13086c8182c4}\mpengine.dll
    2010-10-16 23:22:40 187 ----a-w- c:\users\endzym3\appdata\roaming\7775.bat
    2010-10-16 23:22:39 70144 ----a-w- c:\windows\system32\wdmaudr.dll
    2010-10-16 23:22:07 -------- d-----w- c:\users\endzym3\appdata\roaming\Zoni
    2010-10-16 23:22:07 -------- d-----w- c:\users\endzym3\appdata\roaming\Ymfel
    2010-10-16 06:06:09 737072 ----a-w- c:\progra~2\microsoft\ehome\packages\sportsv2\sportstemplatecore-2\Microsoft.MediaCenter.Sports.UI.dll
    2010-10-16 06:05:33 4277016 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll
    2010-10-16 06:05:05 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll
    2010-10-14 05:21:29 -------- d-----w- c:\program files\Winamp Detect
    2010-10-14 02:38:23 38160 ----a-w- c:\windows\system32\LMRTREND.dll
    2010-10-14 02:38:23 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
    2010-10-14 02:38:23 155408 ----a-w- c:\windows\system32\LMRT.dll
    2010-10-14 02:38:19 63488 ----a-w- c:\windows\system32\unam4ie.exe
    2010-10-14 02:38:19 217984 ----a-w- c:\windows\system32\strmdll.dll
    2010-10-14 02:38:19 109840 ----a-w- c:\program files\windows media player\mplayer2.exe
    2010-10-14 02:37:40 -------- d-----w- C:\TELL ME MORE NV
    2010-10-13 23:37:00 4247040 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2010-10-13 23:36:58 1413632 ----a-w- c:\windows\system32\ole32.dll
    2010-10-13 23:14:17 109056 ----a-w- c:\windows\system32\t2embed.dll
    2010-10-13 23:13:41 224256 ----a-w- c:\windows\system32\schannel.dll
    2010-10-13 23:13:27 530432 ----a-w- c:\windows\system32\comctl32.dll
    2010-10-13 23:13:10 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-10-13 23:13:10 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-10-13 23:12:12 164864 ----a-w- c:\program files\windows media player\wmplayer.exe
    2010-10-13 23:12:10 12625408 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-13 23:11:26 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-10-13 23:11:18 310784 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-13 23:11:18 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-13 23:11:18 168448 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-13 23:11:18 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-13 23:10:49 738816 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-13 23:10:07 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
    2010-10-12 04:12:16 -------- d-----w- c:\windows\system32\appmgmt
    2010-10-12 02:36:04 -------- d-----w- c:\program files\Rosetta Stone
    2010-10-08 22:23:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-10-07 18:32:12 -------- d-----w- c:\progra~2\Rosetta Stone
    2010-10-02 21:04:46 -------- d-----w- c:\progra~2\2DBoy
    2010-10-02 19:32:56 -------- dc-h--w- c:\progra~2\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
    2010-10-02 19:32:43 -------- d-----w- c:\program files\Stardock
    2010-09-29 10:00:56 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2010-09-29 07:30:33 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-29 07:29:11 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
    2010-09-26 23:18:35 -------- d-----w- c:\users\endzym3\.dvdcss
    2010-09-26 23:14:20 -------- d-----w- c:\program files\PS3 Media Server
    2010-09-26 23:12:43 737072 ----a-w- c:\progra~2\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll
    2010-09-26 23:11:17 4277016 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll
    2010-09-26 23:07:38 42776 ----a-w- c:\progra~2\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll
    2010-09-26 23:07:08 588096 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
    2010-09-26 23:03:53 -------- d-----w- c:\users\endzym3\appdata\local\Microsoft Games
    2010-09-23 01:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2010-09-23 01:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

    ==================== Find3M ====================

    2010-10-02 20:02:34 20521984 ----a-w- c:\windows\system32\imageres.dll
    2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-08 04:30:04 978432 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 03:22:31 386048 ----a-w- c:\windows\system32\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-08-21 05:32:37 316928 ----a-w- c:\windows\system32\spoolsv.exe
    2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
    2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
    2010-07-27 15:14:12 539232 ----a-w- c:\windows\system32\LVUI2RC.dll
    2010-07-27 15:14:00 543328 ----a-w- c:\windows\system32\LVUI2.dll
    2010-07-27 15:08:34 203360 ----a-w- c:\windows\system32\lvci1311021.dll
    2010-07-27 15:07:56 416352 ----a-w- c:\windows\system32\lvcodec2.dll
    2010-07-27 15:03:20 10829656 ----a-w- c:\windows\system32\LogiDPP.dll
    2010-07-27 15:03:20 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
    2010-07-27 15:03:18 290648 ----a-w- c:\windows\system32\DevManagerCore.dll
    2010-07-27 14:55:50 37518 ----a-w- c:\windows\system32\Repository.reg

    ============= FINISH: 12:42:40.33 ===============
     

    Attached Files:

  2. ENDZYM3

    ENDZYM3 TS Rookie Topic Starter Posts: 43

    Attach.txt


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-10.03)

    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/24/2010 3:17:47 PM
    System Uptime: 10/17/2010 12:08:09 PM (0 hours ago)

    Motherboard: Acer | | Aspire 5532
    Processor: AMD Athlon(tm) Processor TF-20 | Socket S1G1 | 1600/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 137 GiB total, 55.966 GiB free.
    D: is CDROM ()
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP108: 10/12/2010 2:33:10 AM - Windows Update
    RP109: 10/13/2010 6:33:22 PM - Windows Update
    RP110: 10/13/2010 7:33:20 PM - Windows Update
    RP111: 10/16/2010 3:07:48 AM - Windows Update
    RP112: 10/17/2010 8:01:33 AM - avast! Free Antivirus Setup
    RP113: 10/17/2010 8:10:11 AM - avast! Free Antivirus Setup

    ==== Installed Programs ======================

    ĀµTorrent
    abgx360 v1.0.2
    Adobe AIR
    Adobe Community Help
    Adobe Creative Suite 5 Master Collection
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Reader 9.4.0
    Akamai NetSession Interface
    Algodoo v1.7.1
    Apple Application Support
    Apple Software Update
    Arena
    ASIO4ALL
    avast! Free Antivirus
    AVS Update Manager 1.0
    AVS Video Converter 6
    AVS4YOU Software Navigator 1.4
    Babylon
    Cakewalk Rapture Expansion Pack 1
    Cakewalk Rapture Expansion Pack 2
    CameraHelperMsi
    CCleaner
    Combined Community Codec Pack 2009-09-09
    Crayon Physics Deluxe - release 51
    Daggerfall
    Definition update for Microsoft Office 2010 (KB982726)
    erLT
    FL Studio 9
    GNU Aspell 0.50-3
    Google Talk (remove only)
    Google Talk Plugin
    Guitar Pro 6
    Hardcore
    IconPackager
    IL Download Manager
    ImgBurn
    Java(TM) 6 Update 17
    JDownloader
    Logitech Vid HD
    Logitech Webcam Software
    LWS Facebook
    LWS Gallery
    LWS Help_main
    LWS Launcher
    LWS Motion Detection
    LWS Pictures And Video
    LWS Video Mask Maker
    LWS VideoEffects
    LWS Webcam Software
    LWS WLM Plugin
    LWS YouTube Plugin
    Malwarebytes' Anti-Malware
    MediaCoder 0.7.5.4740
    Medieval CUE Splitter
    Messenger Plus! Live
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Default Manager
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mouse Driver
    Mozilla Firefox (3.6.10)
    MSVCRT
    Pando Media Booster
    PDF Settings CS5
    PeerBlock 1.0.0 (r181)
    PoiZone
    PxMergeModule
    QuickTime
    Rainmeter (remove only)
    Rapture 1.0
    reFX Nexus 1.0.9
    SAMSUNG Intelli-studio
    Sawer
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Word 2010 (KB2345000)
    Snagit 9.1.3
    TeLL me More
    Toxic Biohazard
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft OneNote 2010 (KB2288640)
    Update for Microsoft Outlook Social Connector (KB2289116)
    VLC media player 1.1.2
    Winamp
    Winamp Detector Plug-in
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Sync ActiveX Control for Remote Connections
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    WinRAR archiver
    Zune
    Zune Language Pack (DE)
    Zune Language Pack (ES)
    Zune Language Pack (FR)
    Zune Language Pack (IT)

    ==== Event Viewer Messages From Past Week ========

    10/17/2010 8:53:55 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    10/17/2010 8:53:55 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    10/17/2010 8:50:55 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    10/17/2010 8:48:55 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
    10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/17/2010 8:48:55 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    10/17/2010 8:35:46 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/17/2010 8:35:46 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The pipe has been ended.
    10/17/2010 12:08:55 PM, Error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
    10/17/2010 12:08:29 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    10/17/2010 12:08:29 PM, Error: atikmdag [43029] - Display is not active
    10/17/2010 12:06:50 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 7:35:37 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
    10/16/2010 7:34:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
    10/16/2010 7:32:17 PM, Error: Service Control Manager [7000] - The WinUSB service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:32:16 PM, Error: Service Control Manager [7000] - The Wd service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:32:15 PM, Error: Service Control Manager [7000] - The Wacom Serial Pen HID Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:32:15 PM, Error: Service Control Manager [7000] - The vsmraid service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:32:13 PM, Error: Service Control Manager [7000] - The Virtual Machine Bus service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:32:12 PM, Error: Service Control Manager [7000] - The viaide service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:32:11 PM, Error: Service Control Manager [7000] - The VIA C7 Processor Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:32:10 PM, Error: Service Control Manager [7000] - The VIA AGP Bus Filter service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:32:08 PM, Error: Service Control Manager [7000] - The vhdmp service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:32:05 PM, Error: Service Control Manager [7000] - The Microsoft USB Universal Host Controller Miniport Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:32:04 PM, Error: Service Control Manager [7000] - The USB Mass Storage Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:32:03 PM, Error: Service Control Manager [7000] - The Microsoft USB PRINTER Class service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:32:02 PM, Error: Service Control Manager [7000] - The eHome Infrared Receiver (USBCIR) service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:32:01 PM, Error: Service Control Manager [7000] - The Microsoft USB Generic Parent Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:32:00 PM, Error: Service Control Manager [7000] - The USB Audio Driver (WDM) service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:59 PM, Error: Service Control Manager [7000] - The Microsoft UMPass Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:58 PM, Error: Service Control Manager [7000] - The Uli AGP Bus Filter service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:57 PM, Error: Service Control Manager [7000] - The Microsoft AGPv3.5 Filter service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:50 PM, Error: Service Control Manager [7000] - The storvsc service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:49 PM, Error: Service Control Manager [7000] - The stexstor service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:48 PM, Error: Service Control Manager [7000] - The SiSRaid4 service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:47 PM, Error: Service Control Manager [7000] - The SiSRaid2 service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:46 PM, Error: Service Control Manager [7000] - The SIS AGP Bus Filter service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:45 PM, Error: Service Control Manager [7000] - The High-Capacity Floppy Disk Drive service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:44 PM, Error: Service Control Manager [7000] - The SFF Storage Protocol Driver for SDBus service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:43 PM, Error: Service Control Manager [7000] - The SFF Storage Protocol Driver for MMC service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:43 PM, Error: Service Control Manager [7000] - The SFF Storage Class Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:42 PM, Error: Service Control Manager [7000] - The Serial Mouse Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:40 PM, Error: Service Control Manager [7000] - The Serenum Filter Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:39 PM, Error: Service Control Manager [7000] - The sbp2port service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:38 PM, Error: Service Control Manager [7000] - The s3cap service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:37 PM, Error: Service Control Manager [7000] - The ql40xx service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:36 PM, Error: Service Control Manager [7000] - The ql2300 service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:35 PM, Error: Service Control Manager [7000] - The Processor Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:33 PM, Error: Service Control Manager [7000] - The pcmcia service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:30 PM, Error: Service Control Manager [7000] - The pciide service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:21 PM, Error: Service Control Manager [7000] - The 1394 OHCI Compliant Host Controller (Legacy) service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:17 PM, Error: Service Control Manager [7000] - The NVIDIA nForce AGP Bus Filter service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:15 PM, Error: Service Control Manager [7000] - The nvstor service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:13 PM, Error: Service Control Manager [7000] - The nvraid service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:10 PM, Error: Service Control Manager [7000] - The nfrd960 service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:07 PM, Error: Service Control Manager [7000] - The Microsoft Input Configuration Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:31:03 PM, Error: Service Control Manager [7000] - The msdsm service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:30:56 PM, Error: Service Control Manager [7000] - The mpio service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:30:50 PM, Error: Service Control Manager [7000] - The MegaSR service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:30:47 PM, Error: Service Control Manager [7000] - The megasas service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:30:43 PM, Error: Service Control Manager [7000] - The Logitech HD Webcam C510(UVC) service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:30:40 PM, Error: Service Control Manager [7000] - The Logitech RightSound Filter Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:30:37 PM, Error: Service Control Manager [7000] - The LSI_SCSI service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:30:34 PM, Error: Service Control Manager [7000] - The LSI_SAS2 service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:30:31 PM, Error: Service Control Manager [7000] - The LSI_SAS service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:30:29 PM, Error: Service Control Manager [7000] - The LSI_FC service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:30:24 PM, Error: Service Control Manager [7000] - The iScsiPort Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:30:21 PM, Error: Service Control Manager [7000] - The isapnp service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:30:18 PM, Error: Service Control Manager [7000] - The IPMIDRV service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:30:15 PM, Error: Service Control Manager [7000] - The Intel Processor Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:30:12 PM, Error: Service Control Manager [7000] - The intelide service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:30:09 PM, Error: Service Control Manager [7000] - The iirsp service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:30:04 PM, Error: Service Control Manager [7000] - The iaStorV service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:30:01 PM, Error: Service Control Manager [7000] - The HpSAMD service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:29:44 PM, Error: Service Control Manager [7000] - The HID UPS Battery Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:29:40 PM, Error: Service Control Manager [7000] - The Hauppauge Consumer Infrared Receiver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:29:33 PM, Error: Service Control Manager [7000] - The Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:29:29 PM, Error: Service Control Manager [7000] - The Floppy Disk Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:29:25 PM, Error: Service Control Manager [7000] - The Floppy Disk Controller Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:29:22 PM, Error: Service Control Manager [7000] - The Microsoft Hardware Error Device Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:29:18 PM, Error: Service Control Manager [7000] - The elxstor service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:29:15 PM, Error: Service Control Manager [7000] - The Broadcom NetXtreme II 10 GigE VBD service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:29:12 PM, Error: Service Control Manager [7000] - The Microsoft Trusted Audio Drivers service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:29:10 PM, Error: Service Control Manager [7000] - The CrystalSysInfo service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:29:08 PM, Error: Service Control Manager [7000] - The cmdide service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:29:03 PM, Error: Service Control Manager [7000] - The Consumer IR Devices service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:29:00 PM, Error: Service Control Manager [7000] - The Bluetooth Serial Communications Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:57 PM, Error: Service Control Manager [7000] - The Brother MFC USB Serial WDM Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:54 PM, Error: Service Control Manager [7000] - The Brother MFC USB Fax Only Modem service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:48 PM, Error: Service Control Manager [7000] - The Brother WDM Serial driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:43 PM, Error: Service Control Manager [7000] - The Brother MFC Serial Port Interface Driver (WDM) service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:41 PM, Error: Service Control Manager [7000] - The Brother USB Mass-Storage Upper Filter Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:38 PM, Error: Service Control Manager [7000] - The Brother USB Mass-Storage Lower Filter Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:35 PM, Error: Service Control Manager [7000] - The Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:32 PM, Error: Service Control Manager [7000] - The Broadcom NetXtreme II VBD service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:28 PM, Error: Service Control Manager [7000] - The arcsas service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:21 PM, Error: Service Control Manager [7000] - The arc service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:17 PM, Error: Service Control Manager [7000] - The amdsbs service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:16 PM, Error: Service Control Manager [7000] - The amdsata service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:15 PM, Error: Service Control Manager [7000] - The AMD Processor Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:14 PM, Error: Service Control Manager [7000] - The amdide service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:12 PM, Error: Service Control Manager [7000] - The AMD AGP Bus Filter Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:11 PM, Error: Service Control Manager [7000] - The aliide service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:10 PM, Error: Service Control Manager [7000] - The Intel AGP Bus Filter service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:10 PM, Error: Service Control Manager [7000] - The aic78xx service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:09 PM, Error: Service Control Manager [7000] - The adpu320 service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:08 PM, Error: Service Control Manager [7000] - The adpahci service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:07 PM, Error: Service Control Manager [7000] - The adp94xx service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:06 PM, Error: Service Control Manager [7000] - The ACPI Power Meter Driver service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:28:05 PM, Error: Service Control Manager [7000] - The 1394 OHCI Compliant Host Controller service failed to start due to the following error: The system cannot find the file specified.
    10/16/2010 7:27:51 PM, Error: Service Control Manager [7023] - The FastUserSwitchingCompatibility service terminated with the following error: The specified module could not be found.
    10/16/2010 6:14:23 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    10/16/2010 4:56:08 PM, Error: Service Control Manager [7022] - The avast! Antivirus service hung on starting.
    10/16/2010 4:39:56 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    10/16/2010 4:37:52 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    10/16/2010 4:37:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/16/2010 4:37:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/16/2010 4:37:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/16/2010 4:37:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/16/2010 4:37:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSP aswTdi discache spldr sptd Wanarpv6
    10/16/2010 4:37:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000076, 0x00000002, 0x00000001, 0x82a8c784). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101610-35084-01.
    10/16/2010 4:36:55 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    10/16/2010 4:27:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000be (0x8a63368f, 0x037b6121, 0x807f3790, 0x0000000a). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 101610-34382-01.
    10/15/2010 8:07:42 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{9EF6DFC1-AE19-4820-9167-682575DBE925} because another computer on the network has the same name. The server could not start.
    10/13/2010 7:34:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Zune Software 4.7.
    10/13/2010 6:41:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Cumulative Security Update for Internet Explorer 8 for Windows 7 (KB2360131).
    10/13/2010 6:41:20 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 (KB979687).
    10/11/2010 8:08:45 AM, Error: Service Control Manager [7022] - The Function Discovery Resource Publication service hung on starting.
    10/11/2010 8:08:45 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: After starting, the service hung in a start-pending state.

    ==== End Of File ===========================
     
  3. ENDZYM3

    ENDZYM3 TS Rookie Topic Starter Posts: 43

    gmer.log

    GMER 1.0.15.15319 - http://www.gmer.net
    Rootkit scan 2010-10-17 12:40:56
    Windows 6.1.7600
    Running: 40elus7d.exe; Driver: C:\Users\ENDZYM3\AppData\Local\Temp\fgrdyfow.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8FFA1BAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8FFA19D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8FFA1B0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A7E599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AA2F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    PAGE ntkrnlpa.exe!ZwLoadDriver 82BDC291 7 Bytes JMP 8FFA1B10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82C43FBF 5 Bytes JMP 8FF9D5D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject + 27 82C5DCF3 5 Bytes JMP 8FF9F012 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!NtCreateSection 82C6BD63 7 Bytes JMP 8FFA19D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 82D15EAC 7 Bytes JMP 8FFA1BB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    ? System32\Drivers\spzo.sys The system cannot find the path specified. !
    .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90014000, 0x2D5378, 0xE8000020]
    .text USBPORT.SYS!DllUnload 909D2CA0 5 Bytes JMP 863C91D8
    .text ak66v8bh.SYS 9060B000 12 Bytes [44, 98, A0, 82, EE, 96, A0, ...]
    .text ak66v8bh.SYS 9060B00D 9 Bytes [77, A0, 82, 48, 9B, A0, 82, ...] {JA 0xffffffffffffffa2; OR BYTE [EAX-0x65], -0x60; ADD BYTE [EAX], 0x0}
    .text ak66v8bh.SYS 9060B017 170 Bytes [00, DE, 77, 33, 83, E6, 75, ...]
    .text ak66v8bh.SYS 9060B0C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
    .text ak66v8bh.SYS 9060B0CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
    .text ...

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtProtectVirtualMemory 77355380 5 Bytes JMP 003E000A
    .text C:\Windows\system32\svchost.exe[988] ntdll.dll!NtWriteVirtualMemory 77355F00 5 Bytes JMP 003F000A
    .text C:\Windows\system32\svchost.exe[988] ntdll.dll!KiUserExceptionDispatcher 77356448 5 Bytes JMP 001C000A
    .text C:\Windows\system32\svchost.exe[988] ole32.dll!CoCreateInstance 765B590C 5 Bytes JMP 005F000A
    .text C:\Windows\system32\svchost.exe[988] USER32.dll!GetCursorPos 75ADC198 5 Bytes JMP 005B000A
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!SetUnhandledExceptionFilter 764D3162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Windows\Explorer.EXE[2028] ntdll.dll!NtProtectVirtualMemory 77355380 5 Bytes JMP 01AF000A
    .text C:\Windows\Explorer.EXE[2028] ntdll.dll!NtWriteVirtualMemory 77355F00 5 Bytes JMP 01B0000A
    .text C:\Windows\Explorer.EXE[2028] ntdll.dll!KiUserExceptionDispatcher 77356448 5 Bytes JMP 0078000A
    .text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[2580] kernel32.dll!SetUnhandledExceptionFilter 764D3162 5 Bytes JMP 660B85A4 C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation)
    .text C:\Program Files\Microsoft Office\Office14\WINWORD.EXE[2580] ole32.dll!OleLoadFromStream 76565BF6 5 Bytes JMP 6669940D C:\Program Files\Common Files\Microsoft Shared\office14\mso.dll (Microsoft Office 2010 component/Microsoft Corporation)
    .text C:\Windows\system32\wuauclt.exe[3132] ntdll.dll!NtProtectVirtualMemory 77355380 5 Bytes JMP 002F000A
    .text C:\Windows\system32\wuauclt.exe[3132] ntdll.dll!NtWriteVirtualMemory 77355F00 5 Bytes JMP 0030000A
    .text C:\Windows\system32\wuauclt.exe[3132] ntdll.dll!KiUserExceptionDispatcher 77356448 5 Bytes JMP 0029000A

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8323B042] \SystemRoot\System32\Drivers\spzo.sys
    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8323B6D6] \SystemRoot\System32\Drivers\spzo.sys
    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8323B800] \SystemRoot\System32\Drivers\spzo.sys
    IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8323B13E] \SystemRoot\System32\Drivers\spzo.sys
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortNotification] 00147880
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortStallExecution] C25DC033
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortInitialize] 157B805E
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500
    IAT \SystemRoot\System32\Drivers\ak66v8bh.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [741F2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741D5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [741D56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [741F250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [741E8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741E4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [741E50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [741E51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [741E66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [741E82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [741E8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [741E907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [741EE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[2028] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [741E4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe[2916] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [753B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe[2916] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [753B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe[2916] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [753B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe[2916] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [753B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe[2916] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [753B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe[2916] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [753B5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs 851BE1F8
    Device \Driver\volmgr \Device\VolMgrControl 851B91F8
    Device \Driver\usbohci \Device\USBPDO-0 863FA1F8
    Device \Driver\usbohci \Device\USBPDO-1 863FA1F8
    Device \Driver\usbehci \Device\USBPDO-2 863D51F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{BABE11A9-747D-47C9-BA71-3E1435A1D613} 8628B1F8

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\volmgr \Device\HarddiskVolume1 851B91F8

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

    Device \Driver\sptd \Device\2770641978 spzo.sys
    Device \Driver\PCI_PNP3971 \Device\00000059 spzo.sys
    Device \Driver\cdrom \Device\CdRom0 863191F8
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-2 86095292
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 851BB1F8
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 86095292
    Device \Driver\atapi \Device\Ide\IdePort0 851BB1F8
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 86095292
    Device \Driver\atapi \Device\Ide\IdePort1 851BB1F8
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 86095292
    Device \Driver\atapi \Device\Ide\IdePort2 851BB1F8
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 86095292
    Device \Driver\atapi \Device\Ide\IdePort3 851BB1F8
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort4 86095292
    Device \Driver\atapi \Device\Ide\IdePort4 851BB1F8
    Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort5 86095292
    Device \Driver\atapi \Device\Ide\IdePort5 851BB1F8
    Device \Driver\msahci \Device\Ide\PciIde0Channel0 851BC1F8
    Device \Driver\msahci \Device\Ide\PciIde0Channel1 851BC1F8
    Device \Driver\msahci \Device\Ide\PciIde0Channel2 851BC1F8
    Device \Driver\msahci \Device\Ide\PciIde0Channel3 851BC1F8
    Device \Driver\msahci \Device\Ide\PciIde0Channel4 851BC1F8
    Device \Driver\msahci \Device\Ide\PciIde0Channel5 851BC1F8
    Device \Driver\cdrom \Device\CdRom1 863191F8
    Device \Driver\NetBT \Device\NetBt_Wins_Export 8628B1F8
    Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \Driver\NetBT \Device\NetBT_Tcpip_{9EF6DFC1-AE19-4820-9167-682575DBE925} 8628B1F8
    Device \Driver\usbohci \Device\USBFDO-0 863FA1F8
    Device \Driver\usbohci \Device\USBFDO-1 863FA1F8
    Device \Driver\usbehci \Device\USBFDO-2 863D51F8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{C881DEA6-2AD2-4FA9-9694-1C96561ED0F6} 8628B1F8
    Device \Driver\ak66v8bh \Device\Scsi\ak66v8bh1 864281F8
    Device \Driver\ak66v8bh \Device\Scsi\ak66v8bh1Port6Path0Target0Lun0 864281F8

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0x3D 0x84 0x72 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1B 0xF4 0x6D 0xE8 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x62 0x13 0x29 0x81 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0x3D 0x84 0x72 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1B 0xF4 0x6D 0xE8 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x62 0x13 0x29 0x81 ...
    Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\ENDZYM3\Downloads\ 1

    ---- EOF - GMER 1.0.15 ----
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    So far, I don't see much....

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  5. ENDZYM3

    ENDZYM3 TS Rookie Topic Starter Posts: 43

    Okay, will do.
    Thanks for looking into this!
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You're very welcome :)
     
  7. ENDZYM3

    ENDZYM3 TS Rookie Topic Starter Posts: 43

    Here you go, sir.


    MBRCheck_10.17.10_15.05.19.txt

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Ultimate Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: Acer
    BIOS Manufacturer: Acer
    System Manufacturer: Acer
    System Product Name: Aspire 5532
    Logical Drives Mask: 0x0000002c

    Kernel Drivers (total 160):
    0x82A3A000 \SystemRoot\system32\ntkrnlpa.exe
    0x82A03000 \SystemRoot\system32\halmacpi.dll
    0x86303000 \SystemRoot\system32\kdcom.dll
    0x8300F000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x8301A000 \SystemRoot\system32\PSHED.dll
    0x8302B000 \SystemRoot\system32\BOOTVID.dll
    0x83033000 \SystemRoot\system32\CLFS.SYS
    0x83075000 \SystemRoot\system32\CI.dll
    0x83120000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x83191000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x83237000 \SystemRoot\System32\Drivers\spes.sys
    0x8332A000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x83333000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x83359000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x833A1000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x833A9000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x833B4000 \SystemRoot\system32\DRIVERS\pci.sys
    0x833DE000 \SystemRoot\System32\drivers\partmgr.sys
    0x833EF000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x83200000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x8320B000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x8319F000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8321B000 \SystemRoot\System32\drivers\mountmgr.sys
    0x833F7000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x8A627000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x8A64A000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x8A654000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x8A662000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x8A66B000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8A69F000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8A6B0000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x8A6BA000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8A804000 \SystemRoot\System32\Drivers\msrpc.sys
    0x8A82F000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8A842000 \SystemRoot\System32\Drivers\cng.sys
    0x8A89F000 \SystemRoot\System32\drivers\pcw.sys
    0x8A8AD000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x8A8B6000 \SystemRoot\system32\drivers\ndis.sys
    0x8A96D000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8A9AB000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x8AA38000 \SystemRoot\System32\drivers\tcpip.sys
    0x8AB81000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8ABB2000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x8ABBB000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x8AA00000 \SystemRoot\System32\Drivers\spldr.sys
    0x8AA08000 \SystemRoot\System32\drivers\rdyboost.sys
    0x8A9D0000 \SystemRoot\System32\Drivers\mup.sys
    0x8A9E0000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x8AC0F000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8AC41000 \SystemRoot\system32\DRIVERS\disk.sys
    0x8AC52000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x8ACAA000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8ACC9000 \SystemRoot\System32\Drivers\Null.SYS
    0x8ACD0000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8ACD7000 \SystemRoot\System32\drivers\vga.sys
    0x8ACE3000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8AD04000 \SystemRoot\System32\drivers\watchdog.sys
    0x8AD11000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8AD19000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8AD21000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x8AD29000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8AD34000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8AD42000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8AD59000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8AD64000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x8AD6E000 \SystemRoot\system32\drivers\afd.sys
    0x8ADC8000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x8ADCD000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8AC00000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x8A600000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8A9E8000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x8A7E9000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x831EA000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8FE2F000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8FE3F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8FE80000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8FE8A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8FE94000 \SystemRoot\System32\drivers\discache.sys
    0x8FEA0000 \SystemRoot\system32\drivers\csc.sys
    0x8FF04000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8FF1C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x8FF2A000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x8FF51000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8FF72000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x90010000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x90525000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8FF84000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x9063D000 \SystemRoot\system32\DRIVERS\athr.sys
    0x9076A000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x90774000 \SystemRoot\system32\DRIVERS\L1C62x86.sys
    0x90784000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x9078E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x907D9000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x90600000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x9061F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x907E8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x905DC000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8FFBD000 \SystemRoot\System32\Drivers\astggatb.SYS
    0x907F5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x90637000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x905E9000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x8FE00000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x8FE12000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x90000000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x90C07000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x90C29000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x90C41000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x90C58000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x90C6F000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x90C79000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x90C7B000 \SystemRoot\system32\DRIVERS\ks.sys
    0x90CAF000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x90CBD000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x90D01000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x90D12000 \SystemRoot\system32\drivers\HdAudio.sys
    0x90D62000 \SystemRoot\system32\drivers\portcls.sys
    0x90D91000 \SystemRoot\system32\drivers\drmk.sys
    0x90DAA000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x90DB7000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x90DC2000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x90DCC000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x959A0000 \SystemRoot\System32\win32k.sys
    0x90DDD000 \SystemRoot\System32\drivers\Dxapi.sys
    0x90DE7000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x95800000 \SystemRoot\System32\TSDDD.dll
    0x95830000 \SystemRoot\System32\cdd.dll
    0x95850000 \SystemRoot\System32\ATMFD.DLL
    0x8AC77000 \SystemRoot\system32\drivers\luafv.sys
    0x95E01000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x95E38000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x95E3B000 \SystemRoot\system32\drivers\WudfPf.sys
    0x95E55000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x95E65000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x95EAB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x95EBB000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x95ECE000 \SystemRoot\system32\DRIVERS\vwifimp.sys
    0x95ED7000 \SystemRoot\system32\drivers\HTTP.sys
    0x95F5C000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x95F75000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x95F87000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x95FAA000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x95FE5000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x90DF2000 \??\C:\Windows\System32\Drivers\LxrSII1d.sys
    0xA2416000 \SystemRoot\system32\drivers\peauth.sys
    0xA24AD000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xA24B7000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xA24D8000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xA24E5000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xA2534000 \SystemRoot\System32\DRIVERS\srv.sys
    0xA2585000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
    0x77970000 \Windows\System32\ntdll.dll
    0x47F20000 \Windows\System32\smss.exe
    0x77BB0000 \Windows\System32\apisetschema.dll
    0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll
    0x006E0000 \Windows\System32\autochk.exe
    0x77770000 \Windows\System32\iertutil.dll
    0x77B00000 \Windows\System32\advapi32.dll
    0x77610000 \Windows\System32\ole32.dll
    0x77470000 \Windows\System32\setupapi.dll
    0x773D0000 \Windows\System32\usp10.dll

    Processes (total 51):
    0 System Idle Process
    4 System
    272 C:\Windows\System32\smss.exe
    348 csrss.exe
    420 C:\Windows\System32\wininit.exe
    432 csrss.exe
    488 C:\Windows\System32\winlogon.exe
    504 C:\Windows\System32\services.exe
    512 C:\Windows\System32\lsass.exe
    520 C:\Windows\System32\lsm.exe
    636 C:\Windows\System32\svchost.exe
    708 C:\Windows\System32\svchost.exe
    756 C:\Windows\System32\atiesrxx.exe
    836 C:\Windows\System32\svchost.exe
    872 C:\Windows\System32\svchost.exe
    924 C:\Windows\System32\svchost.exe
    1032 C:\Windows\System32\audiodg.exe
    1124 C:\Windows\System32\svchost.exe
    1176 C:\Windows\System32\atieclxx.exe
    1332 C:\Windows\System32\svchost.exe
    1408 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1568 C:\Windows\System32\dwm.exe
    1580 C:\Windows\explorer.exe
    1752 C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
    1760 C:\Program Files\Google\Google Talk\googletalk.exe
    1792 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    1800 C:\Program Files\DAEMON Tools Lite\DTLite.exe
    1816 C:\Users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe
    1956 C:\Program Files\Mouse Driver\MouseDrv.exe
    1992 C:\Users\ENDZYM3\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    2012 C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    996 C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
    652 C:\Windows\System32\spoolsv.exe
    1204 C:\Windows\System32\taskhost.exe
    1728 C:\Windows\System32\svchost.exe
    2084 C:\Windows\System32\svchost.exe
    2140 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
    2180 C:\Windows\System32\LxrSII1s.exe
    2220 C:\Windows\System32\svchost.exe
    2480 C:\Windows\System32\SearchIndexer.exe
    2556 C:\Windows\System32\svchost.exe
    2728 C:\Windows\System32\svchost.exe
    2908 C:\Windows\System32\svchost.exe
    724 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3636 C:\Windows\System32\wuauclt.exe
    3668 C:\Program Files\Mozilla Firefox\firefox.exe
    1152 C:\Windows\System32\SearchProtocolHost.exe
    2960 C:\Windows\System32\SearchFilterHost.exe
    3140 C:\Users\ENDZYM3\Desktop\MBRCheck.exe
    2232 C:\Windows\System32\conhost.exe
    2216 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`069e5800 (NTFS)

    PhysicalDrive0 Model Number: WDCWD1600BEVT-22ZCT0, Rev: 11.01A11

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Looks good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. ENDZYM3

    ENDZYM3 TS Rookie Topic Starter Posts: 43

    Okay, doing it now. :)
     
  10. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    OK :).................
     
  11. ENDZYM3

    ENDZYM3 TS Rookie Topic Starter Posts: 43

    Okay, it said error when I ran it, but then it booted and did the scan just fine, or so it would seem.

    combofix log

    ComboFix 10-10-17.01 - ENDZYM3 10/17/2010 15:38:49.1.1 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2812.1999 [GMT -7:00]
    Running from: c:\users\ENDZYM3\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Mozilla Firefox\searchplugins\google_search.xml
    c:\users\ENDZYM3\AppData\Roaming\Ymfel
    c:\users\ENDZYM3\AppData\Roaming\Ymfel\syas.exe
    c:\users\ENDZYM3\Documents\cc_20101011_224246.reg
    c:\users\Guest\AppData\Roaming\Syixob
    c:\users\Guest\AppData\Roaming\Syixob\iqaz.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))
    .

    2010-10-17 22:54 . 2010-10-17 22:54 -------- d-----w- c:\users\ENDZYM3\AppData\Local\temp
    2010-10-17 22:54 . 2010-10-17 22:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-10-17 15:11 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-10-17 15:11 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-10-17 15:11 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-10-17 15:11 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-10-17 15:11 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-10-17 15:10 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-10-17 15:10 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-10-17 15:10 . 2010-10-17 15:10 -------- d-----w- c:\program files\Alwil Software
    2010-10-17 14:34 . 2010-10-17 14:34 -------- d-----w- c:\users\ENDZYM3\AppData\Roaming\Malwarebytes
    2010-10-17 14:34 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-17 14:34 . 2010-10-17 14:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware (NEW)
    2010-10-17 14:34 . 2010-10-17 14:34 -------- d-----w- c:\programdata\Malwarebytes
    2010-10-17 14:34 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-17 02:52 . 2010-10-17 14:33 -------- d-----w- c:\windows\system32\MpEngineStore
    2010-10-17 02:27 . 2010-10-17 14:50 -------- d-----w- c:\programdata\Update
    2010-10-17 02:27 . 2010-10-17 14:50 -------- d-----w- c:\users\ENDZYM3\AppData\Roaming\Acgi
    2010-10-17 02:27 . 2010-10-17 02:28 -------- d-----w- c:\users\ENDZYM3\AppData\Roaming\Wyyr
    2010-10-17 02:27 . 2010-10-17 02:27 148480 ----a-w- c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\evuvk.exe
    2010-10-16 23:57 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FAC1885-57A4-463C-9E81-13086C8182C4}\mpengine.dll
    2010-10-16 23:22 . 2010-10-16 23:22 187 ----a-w- c:\users\ENDZYM3\AppData\Roaming\7775.bat
    2010-10-16 23:22 . 2010-10-16 23:22 70144 ----a-w- c:\windows\system32\wdmaudr.dll
    2010-10-16 23:22 . 2010-10-16 23:22 -------- d-----w- c:\users\ENDZYM3\AppData\Roaming\Zoni
    2010-10-16 06:06 . 2010-10-16 06:06 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2010-10-16 06:05 . 2010-10-16 06:05 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2010-10-16 06:05 . 2010-10-16 06:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2010-10-14 05:21 . 2010-10-14 05:21 -------- d-----w- c:\program files\Winamp Detect
    2010-10-14 02:38 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
    2010-10-14 02:38 . 1998-09-02 08:28 155408 ----a-w- c:\windows\system32\LMRT.dll
    2010-10-14 02:38 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
    2010-10-14 02:38 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
    2010-10-14 02:38 . 1998-09-02 08:02 109840 ----a-w- c:\program files\Windows Media Player\mplayer2.exe
    2010-10-14 02:38 . 1998-08-20 10:38 217984 ----a-w- c:\windows\system32\strmdll.dll
    2010-10-14 02:37 . 2010-10-14 02:39 -------- d-----w- C:\TELL ME MORE NV
    2010-10-13 23:37 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2010-10-13 23:36 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
    2010-10-13 23:14 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
    2010-10-13 23:13 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
    2010-10-13 23:13 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
    2010-10-13 23:13 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-10-13 23:13 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-10-13 23:12 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-10-13 23:12 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-13 23:11 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-10-13 23:11 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-13 23:11 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-13 23:11 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-13 23:11 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-13 23:10 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-13 23:10 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
    2010-10-12 02:36 . 2010-10-12 02:36 -------- d-----w- c:\program files\Rosetta Stone
    2010-10-08 22:23 . 2004-01-12 07:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-10-07 18:33 . 2010-10-12 02:34 -------- d-----w- c:\programdata\FLEXnet
    2010-10-07 18:32 . 2010-10-12 04:11 -------- d-----w- c:\programdata\Rosetta Stone
    2010-10-02 21:04 . 2010-10-02 21:04 -------- d-----w- c:\programdata\2DBoy
    2010-10-02 19:32 . 2010-10-02 19:32 -------- dc-h--w- c:\programdata\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
    2010-10-02 19:32 . 2010-10-02 19:32 -------- d-----w- c:\program files\Stardock
    2010-09-29 10:00 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2010-09-29 07:30 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-29 07:29 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2010-09-26 23:18 . 2010-10-12 01:58 -------- d-----w- c:\users\ENDZYM3\.dvdcss
    2010-09-26 23:14 . 2010-09-26 23:14 -------- d-----w- c:\program files\PS3 Media Server
    2010-09-26 23:12 . 2010-10-17 14:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2010-09-26 23:11 . 2010-10-17 14:04 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2010-09-26 23:07 . 2010-10-17 14:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2010-09-26 23:07 . 2010-09-26 23:07 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-09-26 23:03 . 2010-09-26 23:04 -------- d-----w- c:\users\ENDZYM3\AppData\Local\Microsoft Games
    2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
    2010-09-20 00:52 . 2010-09-20 00:52 -------- d-----w- c:\programdata\Apple Computer
    2010-09-18 02:51 . 2010-10-17 00:50 -------- d-----w- c:\users\Guest

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
    "Google Update"="c:\users\ENDZYM3\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-30 136176]
    "LxrAutorun"="c:\users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe" [2009-12-18 24576]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WireLessMouse"="c:\program files\Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

    c:\users\ENDZYM3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-6-13 113664]

    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    evuvk.exe [2010-10-16 148480]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
    2009-08-18 02:46 3730832 ----a-w- c:\program files\Babylon\Babylon-Pro\Babylon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    2010-01-07 21:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-11-12 3403420]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-24 1343400]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-06 691696]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
    S2 LxrSII1d;Secure II Driver;c:\windows\System32\Drivers\LxrSII1d.sys [2009-12-30 63448]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1737863448-878849073-962364827-1000Core.job
    - c:\users\ENDZYM3\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 09:12]

    2010-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1737863448-878849073-962364827-1000UA.job
    - c:\users\ENDZYM3\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 09:12]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - prefs.js: keyword.URL - hxxp://www.google.com.my/search?q=
    FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
    FF - component: c:\users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
    FF - component: c:\users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
    FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\ENDZYM3\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\users\ENDZYM3\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\ENDZYM3\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)



    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8600D446]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
    SecurityProcedure -> 0x85203dc0
    QueryNameProcedure -> 0x85203f50
    user & kernel MBR OK

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2010-10-17 15:59:28
    ComboFix-quarantined-files.txt 2010-10-17 22:59

    Pre-Run: 59,022,217,216 bytes free
    Post-Run: 58,939,572,224 bytes free

    - - End Of File - - 03403F961983CFCB64C1944BBF778A11
     
  12. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Delete your Combofix file, download fresh one and....

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\evuvk.exe
    c:\users\ENDZYM3\AppData\Roaming\7775.bat
    
    
    Folder::
    c:\users\ENDZYM3\AppData\Roaming\Acgi
    c:\users\ENDZYM3\AppData\Roaming\Wyyr
    c:\users\ENDZYM3\AppData\Roaming\Zoni
    
    
    Driver::
    Akamai
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  13. ENDZYM3

    ENDZYM3 TS Rookie Topic Starter Posts: 43

    I'm on it.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    :).......................
     
  15. ENDZYM3

    ENDZYM3 TS Rookie Topic Starter Posts: 43

    ComboFix.txt

    ComboFix 10-10-17.01 - ENDZYM3 10/17/2010 16:40:10.2.1 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2812.2210 [GMT -7:00]
    Running from: c:\users\ENDZYM3\Desktop\ComboFix.exe
    Command switches used :: c:\users\ENDZYM3\Desktop\CFScript.txt

    FILE ::
    "c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\evuvk.exe"
    "c:\users\ENDZYM3\AppData\Roaming\7775.bat"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\evuvk.exe
    c:\users\ENDZYM3\AppData\Roaming\7775.bat
    c:\users\ENDZYM3\AppData\Roaming\Acgi
    c:\users\ENDZYM3\AppData\Roaming\Wyyr
    c:\users\ENDZYM3\AppData\Roaming\Zoni
    c:\users\ENDZYM3\AppData\Roaming\Zoni\roeq.pii

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_Akamai


    ((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))
    .

    2010-10-17 23:55 . 2010-10-17 23:57 -------- d-----w- c:\users\ENDZYM3\AppData\Local\temp
    2010-10-17 15:11 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-10-17 15:11 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-10-17 15:11 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-10-17 15:11 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-10-17 15:11 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-10-17 15:10 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-10-17 15:10 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-10-17 15:10 . 2010-10-17 15:10 -------- d-----w- c:\program files\Alwil Software
    2010-10-17 14:34 . 2010-10-17 14:34 -------- d-----w- c:\users\ENDZYM3\AppData\Roaming\Malwarebytes
    2010-10-17 14:34 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-17 14:34 . 2010-10-17 14:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware (NEW)
    2010-10-17 14:34 . 2010-10-17 14:34 -------- d-----w- c:\programdata\Malwarebytes
    2010-10-17 14:34 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-17 02:52 . 2010-10-17 14:33 -------- d-----w- c:\windows\system32\MpEngineStore
    2010-10-17 02:27 . 2010-10-17 14:50 -------- d-----w- c:\programdata\Update
    2010-10-16 23:57 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FAC1885-57A4-463C-9E81-13086C8182C4}\mpengine.dll
    2010-10-16 23:22 . 2010-10-16 23:22 70144 ----a-w- c:\windows\system32\wdmaudr.dll
    2010-10-16 06:06 . 2010-10-16 06:06 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2010-10-16 06:05 . 2010-10-16 06:05 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2010-10-16 06:05 . 2010-10-16 06:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2010-10-14 05:21 . 2010-10-14 05:21 -------- d-----w- c:\program files\Winamp Detect
    2010-10-14 02:38 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
    2010-10-14 02:38 . 1998-09-02 08:28 155408 ----a-w- c:\windows\system32\LMRT.dll
    2010-10-14 02:38 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
    2010-10-14 02:38 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
    2010-10-14 02:38 . 1998-09-02 08:02 109840 ----a-w- c:\program files\Windows Media Player\mplayer2.exe
    2010-10-14 02:38 . 1998-08-20 10:38 217984 ----a-w- c:\windows\system32\strmdll.dll
    2010-10-14 02:37 . 2010-10-14 02:39 -------- d-----w- C:\TELL ME MORE NV
    2010-10-13 23:37 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2010-10-13 23:36 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
    2010-10-13 23:14 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
    2010-10-13 23:13 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
    2010-10-13 23:13 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
    2010-10-13 23:13 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-10-13 23:13 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-10-13 23:12 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-10-13 23:12 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-13 23:11 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-10-13 23:11 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-13 23:11 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-13 23:11 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-13 23:11 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-13 23:10 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-13 23:10 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
    2010-10-12 02:36 . 2010-10-12 02:36 -------- d-----w- c:\program files\Rosetta Stone
    2010-10-08 22:23 . 2004-01-12 07:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-10-07 18:33 . 2010-10-12 02:34 -------- d-----w- c:\programdata\FLEXnet
    2010-10-07 18:32 . 2010-10-12 04:11 -------- d-----w- c:\programdata\Rosetta Stone
    2010-10-02 21:04 . 2010-10-02 21:04 -------- d-----w- c:\programdata\2DBoy
    2010-10-02 19:32 . 2010-10-02 19:32 -------- dc-h--w- c:\programdata\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
    2010-10-02 19:32 . 2010-10-02 19:32 -------- d-----w- c:\program files\Stardock
    2010-09-29 10:00 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2010-09-29 07:30 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-29 07:29 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2010-09-26 23:18 . 2010-10-12 01:58 -------- d-----w- c:\users\ENDZYM3\.dvdcss
    2010-09-26 23:14 . 2010-09-26 23:14 -------- d-----w- c:\program files\PS3 Media Server
    2010-09-26 23:12 . 2010-10-17 14:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2010-09-26 23:11 . 2010-10-17 14:04 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2010-09-26 23:07 . 2010-10-17 14:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2010-09-26 23:07 . 2010-09-26 23:07 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-09-26 23:03 . 2010-09-26 23:04 -------- d-----w- c:\users\ENDZYM3\AppData\Local\Microsoft Games
    2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
    2010-09-20 00:52 . 2010-09-20 00:52 -------- d-----w- c:\programdata\Apple Computer
    2010-09-18 02:51 . 2010-10-17 00:50 -------- d-----w- c:\users\Guest

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
    "Google Update"="c:\users\ENDZYM3\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-30 136176]
    "LxrAutorun"="c:\users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe" [2009-12-18 24576]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WireLessMouse"="c:\program files\Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

    c:\users\ENDZYM3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-6-13 113664]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
    2009-08-18 02:46 3730832 ----a-w- c:\program files\Babylon\Babylon-Pro\Babylon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    2010-01-07 21:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-11-12 3403420]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-24 1343400]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-06 691696]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
    S2 LxrSII1d;Secure II Driver;c:\windows\System32\Drivers\LxrSII1d.sys [2009-12-30 63448]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1737863448-878849073-962364827-1000Core.job
    - c:\users\ENDZYM3\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 09:12]

    2010-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1737863448-878849073-962364827-1000UA.job
    - c:\users\ENDZYM3\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 09:12]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - prefs.js: keyword.URL - hxxp://www.google.com.my/search?q=
    FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
    FF - component: c:\users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
    FF - component: c:\users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
    FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\ENDZYM3\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\users\ENDZYM3\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\ENDZYM3\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x86009446]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
    SecurityProcedure -> 0x85203dc0
    QueryNameProcedure -> 0x85203f50
    user & kernel MBR OK

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\atieclxx.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
    c:\windows\system32\LxrSII1s.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Mouse Driver\MouseDrv.exe
    c:\program files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\users\ENDZYM3\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\sppsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2010-10-17 17:03:49 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-18 00:03
    ComboFix2.txt 2010-10-17 22:59

    Pre-Run: 58,938,519,552 bytes free
    Post-Run: 58,549,137,408 bytes free

    - - End Of File - - F66B918D1F719422D3B586489EC38171
     
  16. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    I'm still not fully satisfied....

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  17. ENDZYM3

    ENDZYM3 TS Rookie Topic Starter Posts: 43

    Okay, but I'm going out of town right now.
    I'll be out for almost a week, and won't have any internet access.
    I'll try and do this now, but I won't be able to reply for a while.

    But I am very happy that you helped me this far.
    I can't stress that very enough.

    I did everything within my own power to fix this, and it looks like it's nearly done.
    Thank you, thank you, thank you.
    :)
     
  18. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You're most welcome :)
     
  19. ENDZYM3

    ENDZYM3 TS Rookie Topic Starter Posts: 43

    Ahh, it looks like fortune smiles upon me!
    Got internet (for now).
    Here were the results.

    TDSSKiller.2.4.4.0_17.10.2010_19.53.19_log

    2010/10/17 19:53:19.0222 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59
    2010/10/17 19:53:19.0222 ================================================================================
    2010/10/17 19:53:19.0222 SystemInfo:
    2010/10/17 19:53:19.0222
    2010/10/17 19:53:19.0222 OS Version: 6.1.7600 ServicePack: 0.0
    2010/10/17 19:53:19.0222 Product type: Workstation
    2010/10/17 19:53:19.0222 ComputerName: ENDZYM3-PC
    2010/10/17 19:53:19.0222 UserName: ENDZYM3
    2010/10/17 19:53:19.0222 Windows directory: C:\Windows
    2010/10/17 19:53:19.0222 System windows directory: C:\Windows
    2010/10/17 19:53:19.0222 Processor architecture: Intel x86
    2010/10/17 19:53:19.0222 Number of processors: 1
    2010/10/17 19:53:19.0222 Page size: 0x1000
    2010/10/17 19:53:19.0222 Boot type: Normal boot
    2010/10/17 19:53:19.0222 ================================================================================
    2010/10/17 19:53:19.0487 Initialize success
    2010/10/17 19:53:23.0871 ================================================================================
    2010/10/17 19:53:23.0871 Scan started
    2010/10/17 19:53:23.0871 Mode: Manual;
    2010/10/17 19:53:23.0871 ================================================================================
    2010/10/17 19:53:24.0822 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2010/10/17 19:53:25.0041 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2010/10/17 19:53:25.0321 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2010/10/17 19:53:25.0446 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2010/10/17 19:53:25.0524 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2010/10/17 19:53:25.0665 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\Windows\system32\drivers\aswFsBlk.sys
    2010/10/17 19:53:25.0758 aswMonFlt (bd9119468c32b7ecd1e0544d3f286a73) C:\Windows\system32\drivers\aswMonFlt.sys
    2010/10/17 19:53:25.0867 aswRdr (69823954bbd461a73d69774928c9737e) C:\Windows\system32\drivers\aswRdr.sys
    2010/10/17 19:53:26.0008 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\Windows\system32\drivers\aswSP.sys
    2010/10/17 19:53:26.0164 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\Windows\system32\drivers\aswTdi.sys
    2010/10/17 19:53:26.0226 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/10/17 19:53:26.0304 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2010/10/17 19:53:26.0445 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
    2010/10/17 19:53:26.0788 atikmdag (04f09923a393e4e0e8453a8f78361e73) C:\Windows\system32\DRIVERS\atikmdag.sys
    2010/10/17 19:53:27.0240 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2010/10/17 19:53:27.0396 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2010/10/17 19:53:27.0490 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
    2010/10/17 19:53:27.0942 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/10/17 19:53:28.0207 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/10/17 19:53:28.0301 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2010/10/17 19:53:28.0473 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/10/17 19:53:28.0660 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2010/10/17 19:53:28.0769 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2010/10/17 19:53:28.0863 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2010/10/17 19:53:28.0956 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2010/10/17 19:53:29.0128 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    2010/10/17 19:53:29.0315 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2010/10/17 19:53:29.0393 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2010/10/17 19:53:29.0471 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2010/10/17 19:53:29.0658 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/10/17 19:53:29.0814 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2010/10/17 19:53:29.0877 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2010/10/17 19:53:30.0095 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2010/10/17 19:53:30.0173 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2010/10/17 19:53:30.0329 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2010/10/17 19:53:30.0469 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2010/10/17 19:53:30.0516 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/10/17 19:53:30.0641 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
    2010/10/17 19:53:30.0750 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
    2010/10/17 19:53:30.0844 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/10/17 19:53:31.0015 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2010/10/17 19:53:31.0109 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2010/10/17 19:53:31.0203 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/10/17 19:53:31.0327 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/10/17 19:53:31.0390 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2010/10/17 19:53:31.0468 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2010/10/17 19:53:31.0561 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/10/17 19:53:31.0702 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2010/10/17 19:53:31.0811 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2010/10/17 19:53:31.0951 L1C (6c32bfeab708915d6bbf4b20d4f3ef7b) C:\Windows\system32\DRIVERS\L1C62x86.sys
    2010/10/17 19:53:32.0061 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/10/17 19:53:32.0139 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2010/10/17 19:53:32.0263 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
    2010/10/17 19:53:32.0404 LxrSII1d (59045011f52b81cd411419b558dd50ff) C:\Windows\System32\Drivers\LxrSII1d.sys
    2010/10/17 19:53:32.0529 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2010/10/17 19:53:32.0607 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2010/10/17 19:53:32.0685 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/10/17 19:53:32.0841 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2010/10/17 19:53:32.0934 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2010/10/17 19:53:32.0997 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2010/10/17 19:53:33.0090 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/10/17 19:53:33.0153 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/10/17 19:53:33.0215 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/10/17 19:53:33.0309 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2010/10/17 19:53:33.0418 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2010/10/17 19:53:33.0511 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2010/10/17 19:53:33.0621 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2010/10/17 19:53:33.0730 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/10/17 19:53:33.0792 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/10/17 19:53:33.0839 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2010/10/17 19:53:33.0901 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2010/10/17 19:53:34.0011 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/10/17 19:53:34.0057 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2010/10/17 19:53:34.0182 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2010/10/17 19:53:34.0260 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/10/17 19:53:34.0401 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2010/10/17 19:53:34.0479 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2010/10/17 19:53:34.0541 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/10/17 19:53:34.0588 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/10/17 19:53:34.0635 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/10/17 19:53:34.0697 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2010/10/17 19:53:34.0806 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2010/10/17 19:53:34.0915 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2010/10/17 19:53:35.0118 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2010/10/17 19:53:35.0243 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2010/10/17 19:53:35.0352 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2010/10/17 19:53:35.0415 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2010/10/17 19:53:35.0680 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2010/10/17 19:53:35.0836 pbfilter (4dfe4cef1aeec1025380d7ebf40e8e2b) C:\Program Files\PeerBlock\pbfilter.sys
    2010/10/17 19:53:35.0961 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2010/10/17 19:53:36.0070 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2010/10/17 19:53:36.0179 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2010/10/17 19:53:36.0382 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/10/17 19:53:36.0491 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2010/10/17 19:53:36.0631 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
    2010/10/17 19:53:36.0756 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2010/10/17 19:53:36.0819 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/10/17 19:53:36.0881 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2010/10/17 19:53:36.0959 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/10/17 19:53:37.0037 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/10/17 19:53:37.0099 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/10/17 19:53:37.0209 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/10/17 19:53:37.0318 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2010/10/17 19:53:37.0396 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/10/17 19:53:37.0474 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    2010/10/17 19:53:37.0599 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2010/10/17 19:53:37.0692 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2010/10/17 19:53:37.0801 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2010/10/17 19:53:37.0911 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2010/10/17 19:53:38.0082 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/10/17 19:53:38.0191 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2010/10/17 19:53:38.0301 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2010/10/17 19:53:38.0503 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2010/10/17 19:53:38.0659 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2010/10/17 19:53:38.0831 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
    2010/10/17 19:53:38.0971 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
    2010/10/17 19:53:39.0049 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
    2010/10/17 19:53:39.0127 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/10/17 19:53:39.0283 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2010/10/17 19:53:39.0377 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2010/10/17 19:53:39.0736 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2010/10/17 19:53:39.0907 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/10/17 19:53:39.0985 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2010/10/17 19:53:40.0048 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2010/10/17 19:53:40.0110 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2010/10/17 19:53:40.0219 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2010/10/17 19:53:40.0313 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2010/10/17 19:53:40.0485 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/10/17 19:53:40.0563 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/10/17 19:53:40.0703 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2010/10/17 19:53:40.0812 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2010/10/17 19:53:40.0890 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/10/17 19:53:40.0953 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/10/17 19:53:41.0015 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2010/10/17 19:53:41.0140 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2010/10/17 19:53:41.0249 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2010/10/17 19:53:41.0358 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2010/10/17 19:53:41.0467 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2010/10/17 19:53:41.0639 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2010/10/17 19:53:41.0795 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
    2010/10/17 19:53:41.0935 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    2010/10/17 19:53:42.0013 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
    2010/10/17 19:53:42.0123 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/10/17 19:53:42.0216 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/10/17 19:53:42.0388 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2010/10/17 19:53:42.0559 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2010/10/17 19:53:42.0622 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2010/10/17 19:53:42.0793 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2010/10/17 19:53:42.0949 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/10/17 19:53:43.0059 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2010/10/17 19:53:43.0137 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/10/17 19:53:43.0324 \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
    2010/10/17 19:53:43.0324 ================================================================================
    2010/10/17 19:53:43.0324 Scan finished
    2010/10/17 19:53:43.0324 ================================================================================
    2010/10/17 19:53:43.0355 Detected object count: 1
    2010/10/17 19:54:01.0342 \HardDisk0\MBR - will be cured after reboot
    2010/10/17 19:54:01.0342 Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
    2010/10/17 19:54:07.0956 Deinitialize success
     
  20. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Very good :)

    Delete your Combofix file, download fresh one and post new log.
     
  21. ENDZYM3

    ENDZYM3 TS Rookie Topic Starter Posts: 43

    Alright, doing it now. :)
     
  22. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Cool :)..................
     
  23. ENDZYM3

    ENDZYM3 TS Rookie Topic Starter Posts: 43

    ComboFix.txt [2]

    ComboFix 10-10-18.01 - ENDZYM3 10/18/2010 17:12:03.3.1 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2812.1887 [GMT -7:00]
    Running from: c:\users\ENDZYM3\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((( Files Created from 2010-09-19 to 2010-10-19 )))))))))))))))))))))))))))))))
    .

    2010-10-19 00:25 . 2010-10-19 00:25 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2010-10-19 00:25 . 2010-10-19 00:25 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-10-17 23:55 . 2010-10-19 00:25 -------- d-----w- c:\users\ENDZYM3\AppData\Local\temp
    2010-10-17 15:11 . 2010-09-07 14:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-10-17 15:11 . 2010-09-07 14:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-10-17 15:11 . 2010-09-07 14:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-10-17 15:11 . 2010-09-07 14:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-10-17 15:11 . 2010-09-07 14:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-10-17 15:10 . 2010-09-07 15:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-10-17 15:10 . 2010-09-07 15:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-10-17 15:10 . 2010-10-17 15:10 -------- d-----w- c:\program files\Alwil Software
    2010-10-17 14:34 . 2010-10-17 14:34 -------- d-----w- c:\users\ENDZYM3\AppData\Roaming\Malwarebytes
    2010-10-17 14:34 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-17 14:34 . 2010-10-17 14:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware (NEW)
    2010-10-17 14:34 . 2010-10-17 14:34 -------- d-----w- c:\programdata\Malwarebytes
    2010-10-17 14:34 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-17 02:52 . 2010-10-17 14:33 -------- d-----w- c:\windows\system32\MpEngineStore
    2010-10-17 02:27 . 2010-10-17 14:50 -------- d-----w- c:\programdata\Update
    2010-10-17 02:27 . 2010-10-17 02:28 -------- d-----w- c:\users\Guest\AppData\Roaming\Xefya
    2010-10-16 23:57 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2FAC1885-57A4-463C-9E81-13086C8182C4}\mpengine.dll
    2010-10-16 23:22 . 2010-10-16 23:22 70144 ----a-w- c:\windows\system32\wdmaudr.dll
    2010-10-16 06:06 . 2010-10-16 06:06 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2010-10-16 06:05 . 2010-10-16 06:05 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2010-10-16 06:05 . 2010-10-16 06:05 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2010-10-14 05:21 . 2010-10-14 05:21 -------- d-----w- c:\program files\Winamp Detect
    2010-10-14 02:38 . 1998-09-02 08:28 38160 ----a-w- c:\windows\system32\LMRTREND.dll
    2010-10-14 02:38 . 1998-09-02 08:28 155408 ----a-w- c:\windows\system32\LMRT.dll
    2010-10-14 02:38 . 1998-08-27 04:51 182032 ----a-w- c:\windows\system32\dxtmsft3.dll
    2010-10-14 02:38 . 1998-09-02 08:28 63488 ----a-w- c:\windows\system32\unam4ie.exe
    2010-10-14 02:38 . 1998-09-02 08:02 109840 ----a-w- c:\program files\Windows Media Player\mplayer2.exe
    2010-10-14 02:38 . 1998-08-20 10:38 217984 ----a-w- c:\windows\system32\strmdll.dll
    2010-10-13 23:37 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2010-10-13 23:36 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
    2010-10-13 23:14 . 2010-08-26 04:39 109056 ----a-w- c:\windows\system32\t2embed.dll
    2010-10-13 23:13 . 2010-08-21 05:36 224256 ----a-w- c:\windows\system32\schannel.dll
    2010-10-13 23:13 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
    2010-10-13 23:13 . 2010-08-31 04:32 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-10-13 23:13 . 2010-08-31 04:32 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-10-13 23:12 . 2010-09-01 04:26 164864 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-10-13 23:12 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-13 23:11 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-10-13 23:11 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-13 23:11 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-13 23:11 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-13 23:11 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-13 23:10 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-13 23:10 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll
    2010-10-12 02:36 . 2010-10-12 02:36 -------- d-----w- c:\program files\Rosetta Stone
    2010-10-08 22:23 . 2004-01-12 07:00 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-10-07 18:33 . 2010-10-12 02:34 -------- d-----w- c:\programdata\FLEXnet
    2010-10-07 18:32 . 2010-10-12 04:11 -------- d-----w- c:\programdata\Rosetta Stone
    2010-10-02 21:04 . 2010-10-02 21:04 -------- d-----w- c:\programdata\2DBoy
    2010-10-02 19:32 . 2010-10-02 19:32 -------- dc-h--w- c:\programdata\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
    2010-10-02 19:32 . 2010-10-02 19:32 -------- d-----w- c:\program files\Stardock
    2010-09-29 10:00 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
    2010-09-29 07:30 . 2010-06-19 06:15 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-29 07:29 . 2010-08-27 05:30 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2010-09-26 23:18 . 2010-10-12 01:58 -------- d-----w- c:\users\ENDZYM3\.dvdcss
    2010-09-26 23:14 . 2010-09-26 23:14 -------- d-----w- c:\program files\PS3 Media Server
    2010-09-26 23:12 . 2010-10-17 14:05 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2010-09-26 23:11 . 2010-10-17 14:04 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2010-09-26 23:07 . 2010-10-17 14:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2010-09-26 23:07 . 2010-09-26 23:07 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-09-26 23:03 . 2010-09-26 23:04 -------- d-----w- c:\users\ENDZYM3\AppData\Local\Microsoft Games
    2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2010-09-23 01:10 . 2010-09-23 01:10 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
    2010-09-20 00:52 . 2010-09-20 00:52 -------- d-----w- c:\programdata\Apple Computer

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
    "Google Update"="c:\users\ENDZYM3\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-30 136176]
    "LxrAutorun"="c:\users\ENDZYM3\AppData\Local\Lexar Media\LxrAutorun.exe" [2009-12-18 24576]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WireLessMouse"="c:\program files\Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-23 402432]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-08 165208]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
    2009-08-18 02:46 3730832 ----a-w- c:\program files\Babylon\Babylon-Pro\Babylon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    2010-01-07 21:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-11-12 3403420]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-24 1343400]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-07-06 691696]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
    S2 LxrSII1d;Secure II Driver;c:\windows\System32\Drivers\LxrSII1d.sys [2009-12-30 63448]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-13 50688]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - klmd25

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1737863448-878849073-962364827-1000Core.job
    - c:\users\ENDZYM3\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 09:12]

    2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1737863448-878849073-962364827-1000UA.job
    - c:\users\ENDZYM3\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-30 09:12]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
    IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - prefs.js: keyword.URL - hxxp://www.google.com.my/search?q=
    FF - component: c:\program files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}\components\Contribute.dll
    FF - component: c:\users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
    FF - component: c:\users\ENDZYM3\AppData\Roaming\Mozilla\Firefox\Profiles\wtgp5iib.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
    FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\MIF5BA~1\Office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npContribute.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\ENDZYM3\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\users\ENDZYM3\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\ENDZYM3\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: network.cookie.cookieBehavior - 0
    FF - user.js: privacy.clearOnShutdown.cookies - false
    FF - user.js: security.warn_viewing_mixed - false
    FF - user.js: security.warn_viewing_mixed.show_once - false
    FF - user.js: security.warn_submit_insecure - false
    FF - user.js: security.warn_submit_insecure.show_once - false
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2010-10-18 17:29:50
    ComboFix-quarantined-files.txt 2010-10-19 00:29
    ComboFix2.txt 2010-10-17 22:59

    Pre-Run: 83,961,966,592 bytes free
    Post-Run: 83,680,489,472 bytes free

    - - End Of File - - 01B112CC36B12932410D7D29FE7502DC
     
  24. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Now, it looks good.
    I'm happy :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  25. ENDZYM3

    ENDZYM3 TS Rookie Topic Starter Posts: 43

    It's doing great, it would seem!
    I haven't noticed anything buggy, aside from DAEMONtools needing a fresh install, but I'm sure that was part of the cleaning process.

    /starts on OTL
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...