TechSpot

Windows recurring crashes - possible rootkit infection - combofix doesn't work

Inactive
By martinsre
Dec 28, 2010
Topic Status:
Not open for further replies.
  1. Hi everyone,
    After skype autoupdated and avast updated, i've been experiencing some very annoying issues with windows. I am running xp pro, SP2. Everytime i open a program, and then use it, or click on the start button, and click on a program, i cannot select anything else on that menu, neither does anything happen - it stops responding. When i hover my cursor over it, it just shows the sandwatch - as though it were loading something. The worst part, is that i cannot end the process of these programs in task manager; it's like its permanently there. Eventually, I am unable to work on any program, as i cannot select anything. The only programs that appear to be useable, when being careful, are google chrome and Steam (Gaming).
    This is driving me insane.

    After spending countless hours on virus scans - spybot, malware doctor, etc. I turned to combofix after a moderator's suggestion on Pcper forums. It is impossible to launch combofix in normal windows - windows xp pro sp2 - it locks up and i cannot end process/task on the installation (So do all other virus/malware/spy detection programs while launching). In safe mode with networking i get two errors:
    After downloading windows recovery console from combofix:
    Error
    Boot Partition cannot be enumerated correctly

    I press ok
    Then it asks me whether I want to search for malware anyways,
    I press yes

    A moment later, after creating a windows registry backup/checkpoint,
    The console reads
    T was unexpected at this time

    Now its been sitting there for some 30 minutes without a move. Not the first try.


    Someone on a different forum suggested:
    "Classic symptom of a PC infected with a MBR Rootkit virus."
    Combofix should be able to fix it.

    Momentarily, there is data on this machine that i would like to keep - i do not have a large enough external HDD to transfer at this moment. Since I would like to upgrade my machine, and in the end, reinstall (after transfering files, as now it is near impossible because of rhetorical crashes) since i've had quite a few bugs and random errors, computer simply restarting while working on something; same effect as pressing reset.

    I hope this helps.
    Happy Holidays,
    Martin

    Foxconn 945 7AE Series, Intel Pentium D 945 3.40 Ghz, 512mbx2 RAM, ASUS EAH4670 1GB, seagate 320GB, Windows xp pro sp2, 4 years of age in a few days, ran ever so smoothly before this misfortune occured


    p.s. If you wish to read through my brief discussion on the PCper forum - see here: might be helpful
    http://forums.pcper.com/showthread.php?t=474313

    Edit: Here is a malwarebytes list of infections of it helps:
    [​IMG]
  2. crunchie

    crunchie Malware Helper Posts: 761

    Hi and welcome to TechSpot forums :).

    ====

    Please read the directions given here and when done, post the requested logs.
    Please paste the logs, do not attach them.
  3. martinsre

    martinsre Newcomer, in training Topic Starter

    Thanks,
    but any help? :)
  4. crunchie

    crunchie Malware Helper Posts: 761

    That is the help. You run the tools and post the logs so that we can see what is going on.
  5. martinsre

    martinsre Newcomer, in training Topic Starter

    Hey, sorry,
    Google translate was on, for some odd reason, so the poor translation made it seem like a signature. I did realize that though, and ran a few scans.:
    I ran TFC,
    Malwarebytes log:
    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5214

    Windows 5.1.2600 Service Pack 2 (Safe Mode)
    Internet Explorer 6.0.2900.2180

    2010.12.28. 18:15:48
    mbam-log-2010-12-28 (18-15-48).txt

    Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|)
    Objects scanned: 294056
    Time elapsed: 2 hour(s), 9 minute(s), 30 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Delete on reboot.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)




    ___________________________________________________________________________________________


    GMER log:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-28 18:37:01
    Windows 5.1.2600 Service Pack 2
    Running: q4p4khtg.exe; Driver: C:\DOCUME~1\Us\LOCALS~1\Temp\fgldapow.sys


    ---- System - GMER 1.0.15 ----

    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7297112]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF72762D6]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF72764C8]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7297900]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7297BB4]
    SSDT sphj.sys ZwEnumerateKey [0xF73A8CA2]
    SSDT sphj.sys ZwEnumerateValueKey [0xF73A9030]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7295E12]
    SSDT sphj.sys ZwQueryKey [0xF73A9108]
    SSDT sphj.sys ZwQueryValueKey [0xF73A8F88]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7298020]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF72973D2]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7275F44]

    INT 0x62 ? 87364BF8
    INT 0x63 ? 87364BF8
    INT 0x63 ? 87364BF8
    INT 0x63 ? 8724CBF8
    INT 0x63 ? 87364BF8
    INT 0x73 ? 8724CBF8
    INT 0x83 ? 8724CBF8
    INT 0xB4 ? 8724CBF8

    Code 8767A4F4 NlsAnsiCodePage

    ---- Kernel code sections - GMER 1.0.15 ----

    ? sphj.sys The system cannot find the file specified. !
    .text USBPORT.SYS!DllUnload F710762C 5 Bytes JMP 8724C1D8
    .text aubvt4qs.SYS F7067384 1 Byte [20]
    .text aubvt4qs.SYS F7067384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
    .text aubvt4qs.SYS F70673AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
    .text aubvt4qs.SYS F70673C4 3 Bytes [00, 00, 00]
    .text aubvt4qs.SYS F70673C9 1 Byte [00]
    .text ...

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F738C040] sphj.sys
    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F738C13C] sphj.sys
    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F738C0BE] sphj.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F738C7FC] sphj.sys
    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F738C6D2] sphj.sys
    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F739BD92] sphj.sys
    IAT \SystemRoot\System32\Drivers\aubvt4qs.SYS[HAL.dll!KfAcquireSpinLock] 0A64D90F
    IAT \SystemRoot\System32\Drivers\aubvt4qs.SYS[HAL.dll!READ_PORT_UCHAR] 046FD406
    IAT \SystemRoot\System32\Drivers\aubvt4qs.SYS[HAL.dll!KeGetCurrentIrql] 1672C31D
    IAT \SystemRoot\System32\Drivers\aubvt4qs.SYS[HAL.dll!KfRaiseIrql] 1879CE14
    IAT \SystemRoot\System32\Drivers\aubvt4qs.SYS[HAL.dll!KfLowerIrql] 3248ED2B
    IAT \SystemRoot\System32\Drivers\aubvt4qs.SYS[HAL.dll!HalGetInterruptVector] 3C43E022
    IAT \SystemRoot\System32\Drivers\aubvt4qs.SYS[HAL.dll!HalTranslateBusAddress] 2E5EF739
    IAT \SystemRoot\System32\Drivers\aubvt4qs.SYS[HAL.dll!KeStallExecutionProcessor] 2055FA30
    IAT \SystemRoot\System32\Drivers\aubvt4qs.SYS[HAL.dll!KfReleaseSpinLock] EC01B79A
    IAT \SystemRoot\System32\Drivers\aubvt4qs.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] E20ABA93
    IAT \SystemRoot\System32\Drivers\aubvt4qs.SYS[HAL.dll!READ_PORT_USHORT] F017AD88
    IAT \SystemRoot\System32\Drivers\aubvt4qs.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] FE1CA081
    IAT \SystemRoot\System32\Drivers\aubvt4qs.SYS[HAL.dll!WRITE_PORT_UCHAR] D42D83BE
    IAT \SystemRoot\System32\Drivers\aubvt4qs.SYS[WMILIB.SYS!WmiSystemControl] C83B99AC
    IAT \SystemRoot\System32\Drivers\aubvt4qs.SYS[WMILIB.SYS!WmiCompleteRequest] C63094A5

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x09 0x02 0xD4 0xF5 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x24 0xE6 0x01 0x1F ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5E 0x1D 0x98 0x40 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x9C 0xB1 0xBC 0x18 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x64 0xAF 0x84 0x6D ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x00 0xD9 0xDB 0x04 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x09 0x02 0xD4 0xF5 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x24 0xE6 0x01 0x1F ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5E 0x1D 0x98 0x40 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x9C 0xB1 0xBC 0x18 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x64 0xAF 0x84 0x6D ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x00 0xD9 0xDB 0x04 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167b8dbf4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -937616427
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -2052722740
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x75 0xCA 0x16 0x50 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x09 0x02 0xD4 0xF5 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7C 0xFF 0x4E 0x5B ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x30 0x77 0x87 0xDE ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC1 0xC1 0x09 0x07 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xC1 0xC1 0x09 0x07 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xC1 0xC1 0x09 0x07 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001167b8dbf4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x75 0xCA 0x16 0x50 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x09 0x02 0xD4 0xF5 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x7C 0xFF 0x4E 0x5B ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x30 0x77 0x87 0xDE ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC1 0xC1 0x09 0x07 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xC1 0xC1 0x09 0x07 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xC1 0xC1 0x09 0x07 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 0

    ---- EOF - GMER 1.0.15 ----

    I have already used GMER to scan, and it has not detected any threats reviously




    ______________________________________________________________




    _______________________________________________________________________
    As the scans progress, I wil edit this post.
  6. martinsre

    martinsre Newcomer, in training Topic Starter

    DDS:
    Attach.txt:

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2006.12.23. 16:19:56
    System Uptime: 2010.12.28. 15:45:54 (3 hours ago)

    Motherboard: Foxconn | | 945 7AE Series
    Processor: Intel(R) Pentium(R) D CPU 3.40GHz | Socket 775 | 3415/200mhz
    Processor: Intel(R) Pentium(R) D CPU 3.40GHz | Socket 775 | 3415/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 298 GiB total, 187,895 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description: PCI Device
    Device ID: PCI\VEN_1002&DEV_AA38&SUBSYS_AA381043&REV_00\4&16B5016D&0&0108
    Manufacturer:
    Name: PCI Device
    PNP Device ID: PCI\VEN_1002&DEV_AA38&SUBSYS_AA381043&REV_00\4&16B5016D&0&0108
    Service:

    Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
    Description: Nokia Windows Portable Device Driver
    Device ID: ROOT\WPD\0000
    Manufacturer: Nokia
    Name: Nokia 5310 XpressMusic
    PNP Device ID: ROOT\WPD\0000
    Service: WUDFRd

    ==== System Restore Points ===================

    RP117: 2010.12.20. 22:48:24 - System Checkpoint
    RP118: 2010.12.21. 22:22:39 - System Checkpoint
    RP119: 2010.12.28. 12:49:12 - System Checkpoint

    ==== Installed Programs ======================

    {smartassembly}
    Źóē˙
    7-Zip 4.65
    AC3Filter 1.63b
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit 1.0
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player ActiveX
    Adobe Fonts All
    Adobe Help Center 2.0
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 7.0.7
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Shockwave Player
    Adobe Stock Photos 1.0
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASUS nVidia Driver
    ATI Display Driver
    µTorrent
    Audacity 1.2.6
    Auslogics Disk Defrag
    avast! Free Antivirus
    Bink and Smacker
    Call of Duty(R) - World at War(TM) 1.2 Patch
    Call of Duty(R) - World at War(TM) 1.3 Patch
    Call of Duty(R) - World at War(TM) 1.4 Patch
    Call of Duty(R) - World at War(TM) 1.5 Patch
    Call of Duty: Black Ops
    Call of Duty: Black Ops - Multiplayer
    Call of Duty: Modern Warfare 2
    Call of Duty: Modern Warfare 2 - Multiplayer
    Compatibility Pack for the 2007 Office system
    Connect
    Counter-Strike: Source
    Creative WebCam Center
    Creative WebCam Instant Driver (1.00.08.0416)
    Creative WebCam Instant User's Guide (English)
    CyArk Viewer Lite
    DivX Setup
    ffdshow [rev 3299] [2010-03-03]
    Fraps (remove only)
    Free Image Converter
    Futuremark SystemInfo
    GIMP 2.4.5
    Gladinet Cloud Desktop
    Google Chrome
    Half-Life Dedicated Server Update Tool
    Half-Life(R) 2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows XP (KB926239)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    HyperCam 2
    ImagXpress
    ImgBurn
    Insurgency Dedicated Server
    Intel(R) Processor ID Utility
    iTunes
    Java(TM) 6 Update 17
    Java(TM) SE Runtime Environment 6 Update 1
    K-Lite Codec Pack 5.1.0 (Full)
    kuler
    LimeWire 5.4.6
    Macromedia Extension Manager
    Macromedia Flash 8
    Macromedia Flash 8 Video Encoder
    Macromedia Flash Player 8
    Magic ISO Maker v5.4 (build 0239)
    Magic ISO Maker v5.5 (build 0281)
    MagicDisk 1.0
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.5
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.5.10)
    MP3 Player Utilities 3.68
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 Parser and SDK
    MSXML 6 Service Pack 2 (KB954459)
    MWSnap 3
    Napoleon: Total War
    neroxml
    NGO NVIDIA Optimized Driver v1.9291
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    NVIDIA PhysX
    Nvu 1.0
    OpenAL
    OpenOffice.org 2.1
    PC Connectivity Solution
    PDF Settings CS4
    Photoshop Camera Raw
    PowerISO
    QuickTime
    RealPlayer
    Realtek AC'97 Audio
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Screenshot Utility version 1.0
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918118)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB919007)
    Security Update for Windows XP (KB920213)
    Security Update for Windows XP (KB920683)
    Security Update for Windows XP (KB920685)
    Security Update for Windows XP (KB921503)
    Security Update for Windows XP (KB922819)
    Security Update for Windows XP (KB923191)
    Security Update for Windows XP (KB923414)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923980)
    Security Update for Windows XP (KB924191)
    Security Update for Windows XP (KB924270)
    Security Update for Windows XP (KB924496)
    Security Update for Windows XP (KB924667)
    Security Update for Windows XP (KB925902)
    Security Update for Windows XP (KB926255)
    Security Update for Windows XP (KB926436)
    Security Update for Windows XP (KB927779)
    Security Update for Windows XP (KB927802)
    Security Update for Windows XP (KB928255)
    Security Update for Windows XP (KB928843)
    Security Update for Windows XP (KB929123)
    Security Update for Windows XP (KB930178)
    Security Update for Windows XP (KB931261)
    Security Update for Windows XP (KB931784)
    Security Update for Windows XP (KB932168)
    Security Update for Windows XP (KB933566)
    Security Update for Windows XP (KB933729)
    Security Update for Windows XP (KB935839)
    Security Update for Windows XP (KB935840)
    Security Update for Windows XP (KB936021)
    Security Update for Windows XP (KB937143)
    Security Update for Windows XP (KB937894)
    Security Update for Windows XP (KB938127)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB938829)
    Security Update for Windows XP (KB939653)
    Security Update for Windows XP (KB941202)
    Security Update for Windows XP (KB941568)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB941644)
    Security Update for Windows XP (KB941693)
    Security Update for Windows XP (KB942615)
    Security Update for Windows XP (KB943055)
    Security Update for Windows XP (KB943460)
    Security Update for Windows XP (KB943485)
    Security Update for Windows XP (KB944338)
    Security Update for Windows XP (KB944533)
    Security Update for Windows XP (KB944653)
    Security Update for Windows XP (KB945553)
    Security Update for Windows XP (KB946026)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB947864)
    Security Update for Windows XP (KB948590)
    Security Update for Windows XP (KB948881)
    Security Update for Windows XP (KB950749)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958470)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Segoe UI
    SimpleDivX
    SIW version 2009-05-12
    Skype Toolbars
    Skype™ 5.0
    Spybot - Search & Destroy
    Spyware Doctor 7.0
    Steam(TM)
    Suite Shared Configuration CS4
    TI Connect 1.6
    Tildes Birojs 2002
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Update for Windows XP (KB920872)
    Update for Windows XP (KB922582)
    Update for Windows XP (KB925720)
    Update for Windows XP (KB927891)
    Update for Windows XP (KB930916)
    Update for Windows XP (KB931836)
    Update for Windows XP (KB933360)
    Update for Windows XP (KB936357)
    Update for Windows XP (KB938828)
    Update for Windows XP (KB942763)
    Update for Windows XP (KB942840)
    Update for Windows XP (KB946627)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    VideoLAN VLC media player 0.8.6d
    WebFldrs XP
    Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
    Windows Driver Package - Nokia Modem (02/15/2007 3.1)
    Windows Driver Package - Nokia Modem (05/24/2007 6.84.0.1)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    WinRAR archiver
    XP Codec Pack
    Xvid 1.2.1 final uninstall

    ==== Event Viewer Messages From Past Week ========

    2010.12.28. 15:48:23, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip WS2IFSL
    2010.12.27. 14:29:33, error: System Error [1003] - Error code 10000050, parameter1 f1de2b04, parameter2 00000000, parameter3 bf265be0, parameter4 00000001.
    2010.12.26. 12:10:25, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
    2010.12.22. 19:48:27, error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The system cannot find the file specified.
    2010.12.22. 19:48:27, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: The system cannot find the file specified.
    2010.12.22. 17:06:35, error: DCOM [10005] - DCOM got error "%2" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    2010.12.22. 0:59:24, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2010.12.21. 23:22:37, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    2010.12.21. 23:00:21, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 aswSP aswTdi Fips intelppm SCDEmu
    2010.12.21. 22:59:00, error: sfsync02 [12] -
    2010.12.21. 22:33:06, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    2010.12.21. 22:14:53, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    2010.12.21. 22:14:48, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    2010.12.21. 17:19:45, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD asuskbnt aswSP aswTdi Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SCDEmu Tcpip WS2IFSL
    2010.12.21. 17:19:45, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    2010.12.21. 17:19:45, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2010.12.21. 17:19:45, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2010.12.21. 17:19:45, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    2010.12.21. 17:19:45, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    2010.12.21. 12:13:08, error: Service Control Manager [7034] - The Symantec AntiVirus Client service terminated unexpectedly. It has done this 1 time(s).
    2010.12.21. 12:02:21, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    2010.12.21. 12:02:17, error: Service Control Manager [7034] - The GladFileMonSvc service terminated unexpectedly. It has done this 1 time(s).
    2010.12.21. 12:02:13, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    2010.12.21. 12:01:52, error: Service Control Manager [7034] - The DefWatch service terminated unexpectedly. It has done this 1 time(s).
    2010.12.21. 11:57:39, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.

    ==== End Of File ===========================

    ________________________________________________________________
    DDS.txt:

    DDS (Ver_10-12-12.02) - NTFSx86 MINIMAL
    Run by Us at 18:41:39,60 on 2010.12.28.
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Professional 5.1.2600.2.1257.371.1033.18.1022.634 [GMT 2:00]

    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\windows\system32\svchost -k DcomLaunch
    svchost.exe
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\explorer.exe
    C:\Documents and Settings\Us\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uInternet Connection Wizard,ShellNext = iexplore
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Dot TK Registry Toolbar: {22eb0f38-22a5-405b-8308-677daa3318cf} - c:\program files\tk-it!\dottktb.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
    BHO: TLFind Class: {8692fed1-9267-4624-96b9-3b94946a0524} - c:\program files\tildes birojs 2002\TLFindAddIn.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Dot TK Registry Toolbar: {22eb0f38-22a5-405b-8308-677daa3318cf} - c:\program files\tk-it!\dottktb.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SkypeCryptoChat] "c:\documents and settings\us\local settings\apps\2.0\22xck3xt.hp1\2clx1ok3.4zx\lfcr..tion_5ec75c53587d555c_0001.0000_e1aa40510fc2bdf6\LFCryptoChat4Skype.exe" /minimized
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
    dRunOnce: [RunNarrator] Narrator.exe
    IE: &Tulkot ar Tildes Datorvārdnīcu - c:\program files\tildes birojs 2002\TDVLauncher.DLL /201
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: E&xport to Microsoft Office Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: S&end to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {11FD30F4-F186-4ebe-A384-E22965FDEC7A} - {8692FED1-9267-4624-96B9-3B94946A0524} - c:\program files\tildes birojs 2002\TLFindAddIn.dll
    IE: {13750BBB-B753-4d3d-B660-3AEEE71535A7} - {22EB0F38-22A5-405B-8308-677DAA3318CF} - c:\program files\tk-it!\dottktb.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} - hxxps://www.e-games.com.my/com/EGamesPlugin.cab
    DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {FC018849-7811-43EB-948E-B9521429848C} - hxxp://www.csdd.lv/Documents/Iesakam/CSN_Tests/TEKSP.inf
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\us\applic~1\mozilla\firefox\profiles\ptcfwumf.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.lv/firefox
    FF - component: c:\documents and settings\us\application data\mozilla\firefox\profiles\ptcfwumf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\documents and settings\us\application data\mozilla\firefox\profiles\ptcfwumf.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\us\application data\mozilla\firefox\profiles\ptcfwumf.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\us\application data\mozilla\firefox\profiles\ptcfwumf.default\extensions\battlefieldheroespatcher@ea.com\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
    FF - plugin: c:\documents and settings\us\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin.dll
    FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin2.dll
    FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin3.dll
    FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin4.dll
    FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin5.dll
    FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin6.dll
    FF - plugin: c:\program files\k-lite codec pack\quicktime\plugins\npqtplugin7.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_HotbarSA.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npigl.dll
    FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

    ============= SERVICES / DRIVERS ===============

    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-28 218592]
    S1 23201b8a;23201b8a;c:\windows\system32\drivers\23201b8a.sys [2009-8-29 0]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-5-5 165584]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-5-5 17744]
    S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-13 40384]
    S2 GladFileMonSvc;GladFileMonSvc;c:\program files\gladinet\gladinet cloud desktop\GladFileMonSvc.exe [2010-6-30 26984]
    S2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2003-5-2 30208]
    S2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\progra~1\symant~1\symant~1\Rtvscan.exe [2003-5-21 610304]
    S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-11-28 366840]
    S2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-11-28 1142224]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-2-5 16512]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-13 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-13 40384]
    S3 NAVAP;NAVAP;c:\progra~1\symant~1\symant~1\NAVAP.sys [2003-5-2 224256]
    S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVENG.sys [2010-10-22 86064]
    S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVEX15.sys [2010-10-22 1371184]
    S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2010-11-28 50704]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
    S3 XDva006;XDva006;\??\c:\windows\system32\xdva006.sys --> c:\windows\system32\XDva006.sys [?]

    =============== Created Last 30 ================

    2010-12-21 15:53:51 79360 ----a-w- c:\windows\system32\swxcacls.exe
    2010-12-21 15:53:51 135168 ----a-w- c:\windows\system32\swreg.exe
    2010-12-21 15:27:27 -------- d-s---w- C:\ModernWarfaretwo
    2010-12-20 20:31:50 0 ----a-w- c:\documents and settings\us\ntuser.tmp
    2010-12-20 17:08:27 98816 ----a-w- c:\windows\sed.exe
    2010-12-20 17:08:27 89088 ----a-w- c:\windows\MBR.exe
    2010-12-20 17:08:27 256512 ----a-w- c:\windows\PEV.exe
    2010-12-20 17:08:27 161792 ----a-w- c:\windows\SWREG.exe
    2010-12-20 15:32:21 -------- d-----w- c:\docume~1\us\applic~1\Malwarebytes
    2010-12-20 14:56:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-20 14:56:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-12-20 14:55:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-20 14:55:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-12-13 16:02:30 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-13 16:01:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software

    ==================== Find3M ====================

    2010-12-21 15:57:46 1100 ----a-w- c:\windows\system32\tmp.reg
    2010-11-28 11:56:47 281104 ----a-w- c:\windows\system32\wpcap.dll
    2010-11-28 11:56:45 100880 ----a-w- c:\windows\system32\Packet.dll
    2010-10-05 18:25:58 218496 ----a-w- c:\windows\system32\PnkBstrB.xtr
    2010-10-05 18:25:58 218496 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-10-05 17:38:04 138056 ----a-w- c:\docume~1\us\applic~1\PnkBstrK.sys
    2010-03-21 19:57:25 220926964 -c--a-w- c:\program files\U_GUNZ_setup.exe

    ============= FINISH: 18:42:21,50 ===============
  7. crunchie

    crunchie Malware Helper Posts: 761

    Nothing much in there that I can see.

    Please delete any copies of combofix from your pc.

    Please Run the ESET Online Scanner and post the ScanLog with your post for assistance.
    • You will need to use Internet Explorer to complete this scan.
    • You will need to temporarily Disable your current Anti-virus program.
    • Be sure the option to Remove found threats is Un-checked at this time (we may have it clean what it finds at a later time), and the option to Scan unwanted applications is Checked.
    • When you have completed that scan, a scanlog ought to have been created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please post that log for us as directed below.

    NOTE: If you are unable to complete the ESET scan, please try another from the list below:

  8. martinsre

    martinsre Newcomer, in training Topic Starter

    Eset scan results

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # IEXPLORE.EXE=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    # OnlineScanner.ocx=1.0.0.6419
    # api_version=3.0.2
    # EOSSerial=d9722a3468b9184eba3df59b633f02a5
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2010-12-30 03:21:05
    # local_time=2010-12-30 05:21:05 (+0200, FLE Standard Time)
    # country="Latvia"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 2
    # compatibility_mode=770 16774141 100 100 1461263 70427317 0 0
    # compatibility_mode=2560 16777215 100 0 0 0 0 0
    # compatibility_mode=8192 67108863 100 0 221 221 0 0
    # scanned=149739
    # found=4
    # cleaned=0
    # scan_time=5021
    C:\Documents and Settings\Us\My Documents\SmitfraudFix\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\DAEMON Tools Lite\SRSAI.exe Win32/Adware.Toolbar.Shopper application (unable to clean) 00000000000000000000000000000000 I
    C:\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe Win32/PrcView application (unable to clean) 00000000000000000000000000000000 I
    C:\WINDOWS\system32\Process.exe Win32/PrcView application (unable to clean)
  9. crunchie

    crunchie Malware Helper Posts: 761

    Did you delete all combofix copies? If so, please do the following:

    Please download ComboFix by sUBs from HERE or HERE
    • You must rename combofix BEFORE saving it to your pc.
    • CF_download_rename.gif
    • You must download it to and run it from your Desktop
    • Physically disconnect from the internet.
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
    • Re-enable all the programs that were disabled during the running of ComboFix..

    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  10. martinsre

    martinsre Newcomer, in training Topic Starter

    After downloading windows recovery console from combofix:
    Error
    Boot Partition cannot be enumerated correctly

    I press ok
    Then it asks me whether I want to search for malware anyways,
    I press yes

    A moment later, after creating a windows registry backup/checkpoint,
    The console reads
    T was unexpected at this time

    When physically disconnecting from the internet, it is unable to update, nor download WRC, yet still:
    T was unexpected at this time
  11. crunchie

    crunchie Malware Helper Posts: 761

    Could you try running in safe mode please. If asked if you want WRC installed, just reply NO.
     
  12. martinsre

    martinsre Newcomer, in training Topic Starter

    I will try in safe mode again - from my first post here - i WAS launching from safe mode. Now it miraculously didnt crash in regular windows. It always displays the message, that T was unexpected at this time - avast on access provider is stopped, and spyware doctor is disabled. In safe mode, they are as well. I shall try again. Yet what does T was unexpected at this time mean?
  13. crunchie

    crunchie Malware Helper Posts: 761

    I have not come across that error message before. I will try to find out what it is.

    Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    • If an infected file is detected, the default action will be Cure, click on Continue.

    • If a suspicious file is detected, the default action will be Skip, click on Continue.

    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.

    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  14. martinsre

    martinsre Newcomer, in training Topic Starter

    I'm not quite sure whether this hypothesis is valid or not,
    but I believe that Avast has been causing the crashses, as when it is turned off, and then temporarily back on, it doesnt crash. Although it stopped crashing as often after all the virus cleaning. Ill try your new suggestion.
  15. martinsre

    martinsre Newcomer, in training Topic Starter

    Shockingly enough, I tried the following:
    STOP avast real time protection - "Note - Avast is not running, your system is not safe"
    I launch Steam - a sandwatch appears next to the crusor, and it opens.
    I quit steam
    START avast on access real time protection
    I launch steam - A sandwatch replaces the cursor and never loads
    I am forced to reboot manually - hitting the reset button
    Should I simply download an older version of avast! and disable Avast! updates?
    Or switch to another anti virus?
  16. crunchie

    crunchie Malware Helper Posts: 761

    Avast may just need configuring. If you want to try another AV, either Avira or Comodo are excellent replacements.
  17. martinsre

    martinsre Newcomer, in training Topic Starter

    Hey,
    I uninstalled Avast, and addittionally, removed quite a few unused files, alongisde defragmentation I freed up ~40Gb. Despite the fact that I previously had over 50% free, alongisde a reinstall of Avast! My system is running very well. No crashes, not yet at least.


    Thanks a lot,
    Martin
  18. crunchie

    crunchie Malware Helper Posts: 761

    No worries. Happy to call this solved?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.