Inactive 8 Step Removal Process Help

Status
Not open for further replies.
S

shriv1sj

Hello,

I have been working with this computer for a long time and just followed all the steps in the guide. Here are my results! The computer is very slow and freaks out all the time. Vista

GMER:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-18 20:30:40
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_SP1604N/R rev.TM100-24
Running: ywygnutv.exe; Driver: C:\Users\Krystal\AppData\Local\Temp\kwgyapoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x805E9320]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 621 81CC4D84 4 Bytes [20, 93, 5E, 80]
? System32\drivers\thhaujcd.sys The system cannot find the path specified. !

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[584] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
IAT C:\Windows\system32\services.exe[584] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000

---- EOF - GMER 1.0.15 ----

DDS:

DDS (Ver_10-12-12.02) - NTFSx86
Run by Krystal at 20:32:06.01 on Sat 12/18/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Krystal\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
mSearchAssistant =
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} - hxxp://www.worldwinner.com/games/v53/dealornodeal/dealornodeal.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v50/luxor/luxor.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: Antiwpa - antiwpa.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\krystal\appdata\roaming\mozilla\firefox\profiles\pr9d5wll.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=14196&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=895301AA-18F1-4874-B9CA-CC7CEA77B064&apn_ptnrs=FM&apn_sauid=FFC4C8D7-14E9-4100-A2FD-DEDC8F77AFA6&apn_dtid=TES002YYUS&q=
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\krystal\appdata\roaming\move networks\plugins\071803000001\npqmp071803000001.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: LavaFox V1: info@djzig.com - %profile%\extensions\info@djzig.com
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - %profile%\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
FF - Ext: Pink Fox: {e7348bc0-16f6-11de-8c30-0800200c9a66} - %profile%\extensions\{e7348bc0-16f6-11de-8c30-0800200c9a66}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AutocompletePro - Your handy search suggestions tool: support@predictad.com - c:\program files\autocompletepro\support@predictad.com

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false

============= SERVICES / DRIVERS ===============

R? avast! Mail Scanner;avast! Mail Scanner
R? avast! Web Scanner;avast! Web Scanner
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? ewusbnet;HUAWEI USB-NDIS miniport
R? FontCache;Windows Font Cache Service
R? NWUSBCDFIL;Novatel Wireless Installation CD
R? NWUSBPort2;Novatel Wireless USB Status2 Port Driver
R? TimerStop;TimerStop
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswSP;avast! Self Protection
S? avast! Antivirus;avast! Antivirus
S? Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service
S? SASDIFSV;SASDIFSV
S? SASENUM;SASENUM
S? SASKUTIL;SASKUTIL
S? SBSDWSCService;SBSD Security Center Service

=============== Created Last 30 ================

2010-12-11 02:50:03 749832 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2010-12-11 00:37:53 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{08c043ec-cd45-4948-9b72-32350c84fe30}\mpengine.dll
2010-12-05 00:52:14 -------- d-----w- c:\users\krystal\appdata\roaming\FrostWire
2010-12-05 00:49:27 -------- d-----w- c:\program files\Ask.com
2010-12-05 00:47:55 -------- d-----w- c:\program files\FrostWire
2010-12-02 03:05:06 -------- d-----w- C:\45816b3f845a8522d911053c0a92
2010-11-26 22:13:08 -------- d-----w- c:\program files\Free Offers from Freeze.com

==================== Find3M ====================

2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 20:35:40.46 ===============

MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5351

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

12/18/2010 6:25:55 PM
mbam-log-2010-12-18 (18-25-55).txt

Scan type: Quick scan
Objects scanned: 185580
Time elapsed: 16 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\Boo Roo\AppData\Roaming\WhiteSmoke (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
C:\Users\Brittany\AppData\Roaming\WhiteSmoke (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
C:\Users\Champ\AppData\Roaming\WhiteSmoke (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Brittany\downloads\SetupPlaySushi.exe (Adware.Dropper) -> Quarantined and deleted successfully.
C:\Users\Champ\downloads\CursorMania(2).exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\Champ\downloads\CursorMania.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\Champ\downloads\CursorManiaSetup2.3.70.1.SA.HP.ZCfox000(2).exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Champ\downloads\CursorManiaSetup2.3.70.1.SA.HP.ZCfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Krystal\downloads\ZwinkySetup2.3.69.8.SA.HP.ZJfox000(2).exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Krystal\downloads\ZwinkySetup2.3.69.8.SA.HP.ZJfox000.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\Champ\Desktop\Click to Find and Fix Errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.



THANK YOU EVERYONE FOR READING THIS :)
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

Attach.txt part of DDS is missing.
Please, post it.

When done...

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
I tried to find attach, but I could not find it. So I re ran DDS and found the attach file and will be attaching it to this message. The new DDS report is pasted into this reply :) Hope this helps!

EDIT: I uploaded a zip version because that is what the .txt file told me to do. If you need me to actually copy and paste it please say so :)

DDS


DDS (Ver_10-12-12.02) - NTFSx86
Run by Krystal at 19:41:17.48 on Sun 12/19/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.446.54 [GMT -5:00]

AV: avast! antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Krystal\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page =
uSearch Bar =
mSearchAssistant =
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0B195D55-0AB4-48C7-828F-34BE10BA4266} - hxxp://www.worldwinner.com/games/v53/dealornodeal/dealornodeal.cab
DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} - hxxp://www.worldwinner.com/games/v47/shared/FunGamesLoader.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} - hxxp://www.worldwinner.com/games/v50/luxor/luxor.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: Antiwpa - antiwpa.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\krystal\appdata\roaming\mozilla\firefox\profiles\pr9d5wll.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=895301AA-18F1-4874-B9CA-CC7CEA77B064&apn_ptnrs=FM&apn_sauid=FFC4C8D7-14E9-4100-A2FD-DEDC8F77AFA6&apn_dtid=TES002YYUS&q=
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\krystal\appdata\roaming\move networks\plugins\071803000001\npqmp071803000001.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: LavaFox V1: info@djzig.com - %profile%\extensions\info@djzig.com
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
FF - Ext: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - %profile%\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
FF - Ext: Pink Fox: {e7348bc0-16f6-11de-8c30-0800200c9a66} - %profile%\extensions\{e7348bc0-16f6-11de-8c30-0800200c9a66}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AutocompletePro - Your handy search suggestions tool: support@predictad.com - c:\program files\autocompletepro\support@predictad.com

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-2-19 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-19 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-2-19 53328]

=============== Created Last 30 ================

2010-12-11 02:50:03 749832 ----a-w- c:\progra~2\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll
2010-12-11 00:37:53 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{08c043ec-cd45-4948-9b72-32350c84fe30}\mpengine.dll
2010-12-05 00:52:14 -------- d-----w- c:\users\krystal\appdata\roaming\FrostWire
2010-12-05 00:49:27 -------- d-----w- c:\program files\Ask.com
2010-12-05 00:47:55 -------- d-----w- c:\program files\FrostWire
2010-12-02 03:05:06 -------- d-----w- C:\45816b3f845a8522d911053c0a92
2010-11-26 22:13:08 -------- d-----w- c:\program files\Free Offers from Freeze.com

==================== Find3M ====================

2010-10-19 15:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 19:45:02.27 ===============


Here is the other file log :)

MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: ASUSTek Computer INC.
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Compaq Presario 061
System Product Name: EL435AA-ABA SR1720NX NA610
Logical Drives Mask: 0x000001ec

Kernel Drivers (total 141):
0x81C3F000 \SystemRoot\system32\ntkrnlpa.exe
0x81C0C000 \SystemRoot\system32\hal.dll
0x80405000 \SystemRoot\system32\kdcom.dll
0x8040C000 \SystemRoot\system32\PSHED.dll
0x8041D000 \SystemRoot\system32\BOOTVID.dll
0x80425000 \SystemRoot\system32\CLFS.SYS
0x80466000 \SystemRoot\system32\CI.dll
0x80546000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8060D000 \SystemRoot\system32\drivers\acpi.sys
0x80653000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8065C000 \SystemRoot\system32\drivers\msisadrv.sys
0x80664000 \SystemRoot\system32\drivers\pci.sys
0x8068B000 \SystemRoot\System32\drivers\partmgr.sys
0x8069A000 \SystemRoot\system32\drivers\volmgr.sys
0x806A9000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F3000 \SystemRoot\system32\drivers\pciide.sys
0x806FA000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80708000 \SystemRoot\System32\drivers\mountmgr.sys
0x80718000 \SystemRoot\system32\drivers\atapi.sys
0x80720000 \SystemRoot\system32\drivers\ataport.SYS
0x8073E000 \SystemRoot\system32\drivers\fltmgr.sys
0x80770000 \SystemRoot\system32\drivers\fileinfo.sys
0x80780000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82208000 \SystemRoot\system32\drivers\ndis.sys
0x82313000 \SystemRoot\system32\drivers\msrpc.sys
0x8233E000 \SystemRoot\system32\drivers\NETIO.SYS
0x85801000 \SystemRoot\System32\drivers\tcpip.sys
0x858EB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x85A02000 \SystemRoot\System32\Drivers\Ntfs.sys
0x85B12000 \SystemRoot\system32\drivers\volsnap.sys
0x85B4B000 \SystemRoot\System32\Drivers\spldr.sys
0x85B53000 \SystemRoot\System32\Drivers\mup.sys
0x85B62000 \SystemRoot\System32\drivers\ecache.sys
0x85B89000 \SystemRoot\system32\drivers\disk.sys
0x85B9A000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x85BBB000 \SystemRoot\system32\drivers\crcdisk.sys
0x85BE4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x85BEF000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x85906000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8A600000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8ACD8000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8AD79000 \SystemRoot\System32\drivers\watchdog.sys
0x8AD85000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8AD8F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8ADCD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8ADDC000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8ADF4000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x85916000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0x85927000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x85937000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8D20D000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8D32A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8D32C000 \SystemRoot\system32\drivers\modem.sys
0x8DC00000 \SystemRoot\system32\drivers\RTKVAC.SYS
0x8D339000 \SystemRoot\system32\drivers\portcls.sys
0x8D366000 \SystemRoot\system32\drivers\drmk.sys
0x8D38B000 \SystemRoot\system32\drivers\ks.sys
0x8D3B5000 \SystemRoot\system32\DRIVERS\parport.sys
0x8D3CD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8D3E0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x85945000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x85974000 \SystemRoot\system32\DRIVERS\storport.sys
0x8D3EB000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x859B5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8D200000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x859CC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x859EF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x82379000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8238D000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x823A2000 \SystemRoot\system32\DRIVERS\termdd.sys
0x823B2000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8DFFA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x823BD000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
0x8D3F6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x807F1000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E607000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E63C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E64D000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8E656000 \SystemRoot\System32\Drivers\Null.SYS
0x8E65D000 \SystemRoot\System32\Drivers\Beep.SYS
0x8E664000 \SystemRoot\System32\drivers\vga.sys
0x8E670000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8E691000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8E699000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8E6A1000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8E6AC000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8E6BA000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8E6C3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8E6D9000 \SystemRoot\system32\DRIVERS\smb.sys
0x8E6ED000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8E6F7000 \SystemRoot\system32\drivers\afd.sys
0x8E73F000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8E743000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8E775000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8E78B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8E799000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8E7A2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8E7B2000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8E7B9000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E7CC000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8E7D4000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8E7F5000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x805CF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8E80E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E84A000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E854000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E86B000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8E88C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8E899000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8E8A4000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x96090000 \SystemRoot\System32\win32k.sys
0x8E8AC000 \SystemRoot\System32\drivers\Dxapi.sys
0x8E8B6000 \SystemRoot\system32\DRIVERS\monitor.sys
0x962B0000 \SystemRoot\System32\TSDDD.dll
0x962D0000 \SystemRoot\System32\cdd.dll
0x8E8C5000 \SystemRoot\system32\drivers\luafv.sys
0x8E8E0000 \SystemRoot\system32\DRIVERS\aswMonFlt.sys
0x8E8F7000 \SystemRoot\system32\DRIVERS\aswFsBlk.sys
0x8E8FF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8E90F000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8E922000 \SystemRoot\system32\drivers\HTTP.sys
0x8E98F000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x8E9AC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8E9C5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x97A0C000 \SystemRoot\system32\drivers\spsys.sys
0x97ABC000 \SystemRoot\system32\drivers\mrxdav.sys
0x97ADD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x97AFC000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x97B35000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x97B4D000 \SystemRoot\System32\DRIVERS\srv2.sys
0x97B74000 \SystemRoot\System32\DRIVERS\srv.sys
0x97BC2000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x99C03000 \SystemRoot\system32\drivers\peauth.sys
0x99CE1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x99CEB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x99CFD000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x99D12000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x99D24000 \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
0x99D2A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77490000 \Windows\System32\ntdll.dll

Processes (total 67):
0 System Idle Process
4 System
372 C:\Windows\System32\smss.exe
440 csrss.exe
492 csrss.exe
500 C:\Windows\System32\wininit.exe
532 C:\Windows\System32\winlogon.exe
568 C:\Windows\System32\services.exe
592 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
760 C:\Windows\System32\svchost.exe
832 C:\Windows\System32\svchost.exe
864 C:\Windows\System32\svchost.exe
956 C:\Windows\System32\Ati2evxx.exe
972 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\audiodg.exe
1156 C:\Windows\System32\svchost.exe
1172 C:\Windows\System32\SLsvc.exe
1216 C:\Windows\System32\svchost.exe
1300 C:\Windows\System32\Ati2evxx.exe
1388 C:\Windows\System32\svchost.exe
1492 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
1544 C:\Program Files\Alwil Software\Avast4\ashServ.exe
1856 C:\Windows\System32\spoolsv.exe
1904 C:\Windows\System32\svchost.exe
1972 C:\Windows\System32\taskeng.exe
408 C:\Windows\System32\dwm.exe
400 C:\Windows\explorer.exe
1988 C:\Program Files\LSI SoftModem\agrsmsvc.exe
1888 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1512 C:\Program Files\Bonjour\mDNSResponder.exe
2052 C:\Windows\System32\svchost.exe
2076 C:\Program Files\Windows Defender\MSASCui.exe
2088 C:\Windows\System32\svchost.exe
2160 C:\Windows\System32\svchost.exe
2252 C:\Program Files\Zune\ZuneLauncher.exe
2368 C:\Program Files\Alwil Software\Avast4\ashDisp.exe
2408 C:\Windows\SOUNDMAN.EXE
2508 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2516 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2524 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2532 C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
2540 C:\Windows\ehome\ehtray.exe
2548 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
2556 C:\Program Files\Pando Networks\Media Booster\PMB.exe
2580 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2680 C:\Windows\System32\SearchIndexer.exe
2728 WUDFHost.exe
3024 C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
3212 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3272 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3392 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
3492 C:\Windows\System32\mobsync.exe
3620 C:\Program Files\Windows Media Player\wmplayer.exe
3960 C:\Windows\System32\taskeng.exe
3968 C:\Windows\ehome\ehmsas.exe
484 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
2448 C:\Program Files\iPod\bin\iPodService.exe
1420 C:\Windows\System32\notepad.exe
3004 C:\Program Files\Mozilla Firefox\firefox.exe
2592 C:\Windows\System32\wuauclt.exe
2472 C:\Windows\servicing\TrustedInstaller.exe
3708 taskeng.exe
1796 RacAgent.exe
2444 C:\Users\Krystal\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGSP1604N/R, Rev: TM100-24

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!




~Storm
 

Attachments

  • Attach.zip
    2.1 KB · Views: 1
Please, observe forum's rules.
All logs have to be pasted into your reply.



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/20/2008 2:47:32 PM
System Uptime: 12/19/2010 7:17:30 PM (0 hours ago)

Motherboard: ASUSTek Computer INC. | | Amberine M
Processor: AMD Sempron(tm) Processor 3500+ | Socket 939 | 1000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 149 GiB total, 61.428 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0001
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0001
Service: tunnel

==== System Restore Points ===================


==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Agere Systems PCI-SV92PP Soft Modem
aiofw
aioprnt
aioscnnr
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AutocompletePro
avast! Antivirus
Bonjour
Caillou(R) Party Fun & Games(TM)
CCleaner
center
Chainz 2 (remove only)
Cooking Academy
Defraggler
Fashion Apprentice
ffdshow [rev 3299] [2010-03-03]
FileZilla Client 3.3.5.1
Game Console - WildGames
Ghost Town
GoldRush
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Junk Mail filter update
Kids Cam Show and Share Creativity Center
KODAK AiO Home Center
ksDIP
LSI PCI-SV92PP Soft Modem
Luxor (remove only)
Malwarebytes' Anti-Malware
Masque IGT Slots Little Green Men
Masque IGT Slots Texas Tea
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mobile Broadband Generic Drivers
Move Media Player
Mozilla Firefox (3.6.13)
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nancy Drew: The Haunted Carousel
OGA Notifier 2.0.0048.0
Pando Media Booster
Penguins!
PreReq
QuickTime
Realtek AC'97 Audio
Revo Uninstaller 1.60
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Symphony Mathematics version 5.03
The Naked Brothers Band
The Sims™ Life Stories
Tornado Jockey
Uninstall Dual Mode Camera
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WebFldrs XP
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Zuma Deluxe 1.0
Zune
Zune Language Pack (DE)
Zune Language Pack (ES)
Zune Language Pack (FR)
Zune Language Pack (IT)

==== End Of File ===========================
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Hello,

Sorry it has taken so long. I have been busy. I will get a chance to work on the computer again tomorrow, and I don't expect a response then because it is Christmas. So I will run the software tomorrow and post logs accordingly!

Thanks,

Storm Shriver
 
Merry Christmas Everyone!

I ran rkill and will post the log later, even though it was pretty much empty.

But I have issues with ComboFix. It runs and says that Combofix is preparing to run or something like that...then it backs up the registry and then just sits on that screen. I have tried doing all of the other things (such as renaming and running the computer from safe mode). Not sure what I should do next :/
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
795
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back