Inactive Random pop ups and search links redirect (using firefox)

[MaxS]

Hello!

I've been getting these random pop ups lately while using Firefox that send me to these terrible shopping websites that are pure garbage. More recently, it seems as though when I search in Google and click on a link it will automatically redirect me to another of these same garbage websites

I've run through the preliminary instructions to complete before posting on here and so here are the 4 logs that should be included:

[Thanks in advance for anyone who can help me! I really appreciate it ]

MBAM Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5121

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15-Nov-10 2:46:03 PM
mbam-log-2010-11-15 (14-46-03).txt

Scan type: Quick scan
Objects scanned: 148827
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-15 15:16:26
Windows 6.1.7600
Running: mbi57hvu.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0xFE 0x79 0x9A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC5 0x50 0xFC 0xD1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8F 0xDB 0x69 0x59 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0xFE 0x79 0x9A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC5 0x50 0xFC 0xD1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8F 0xDB 0x69 0x59 ...

---- EOF - GMER 1.0.15 ----



DDS logs:

DDS.txt


DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by Max at 15:04:55.34 on 15-Nov-10
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3764.2313 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Users\Max\Downloads\TwoFingerScroll.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\Max\Desktop\mbi57hvu.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Max\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - C:\Program Files (x86)\SMART Technologies\Notebook Software\NotebookPlugin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [TwoFingerScroll] C:\Users\Max\Downloads\TwoFingerScroll.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\Users\Max\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\5hejxiiz.default\
FF - prefs.js: browser.startup.homepage - google.ca
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-21 202752]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-8 312400]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2010-9-17 11576]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-16 2320920]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-4-21 6406144]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-4-21 188928]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-26 151936]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-4-21 10322848]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-9-16 74280]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 SMARTMouseFilterx64;HID-compliant mouse;C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [2008-7-30 12584]
R3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [2008-7-30 15784]
R3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [2008-7-30 17832]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-18 1255736]

=============== Created Last 30 ================

2010-11-15 20:03:16 8006480 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{5C4666E2-3FD8-485C-A83D-7CD81F2363D4}\mpengine.dll
2010-11-15 19:38:04 -------- d-----w- C:\Users\Max\AppData\Roaming\Malwarebytes
2010-11-15 19:37:53 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-15 19:37:51 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-11-15 19:37:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-11-15 19:37:51 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-11-08 23:07:44 -------- d-----w- C:\Users\Max\AppData\Roaming\KompoZer
2010-10-27 01:36:09 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2010-10-27 01:36:09 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2010-10-27 01:36:09 552960 ----a-w- C:\Windows\System32\msdri.dll
2010-10-27 01:36:08 288256 ----a-w- C:\Windows\System32\MSNP.ax
2010-10-27 01:36:08 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
2010-10-27 01:36:08 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
2010-10-27 01:36:08 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2010-10-27 01:35:17 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2010-10-19 15:39:42 -------- d-----w- C:\PROGRA~3\IObit
2010-10-19 15:39:36 -------- d-----w- C:\Program Files (x86)\IObit
2010-10-19 04:46:50 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys

==================== Find3M ====================

2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-09-21 13:11:55 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-17 05:16:51 0 ----a-w- C:\Windows\ativpsrm.bin
2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

============= FINISH: 15:05:42.92 ===============


Attach.txt


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-10.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 17-Sep-10 12:41:47 AM
System Uptime: 15-Nov-10 2:32:11 PM (1 hours ago)

Motherboard: Acer | | Aspire 3820
Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | CPU 1 | 1314/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 400.118 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP71: 07-Nov-10 1:33:07 PM - Windows Update
RP72: 08-Nov-10 4:05:20 PM - Windows Update
RP73: 09-Nov-10 5:13:26 PM - Windows Update
RP74: 10-Nov-10 10:10:45 PM - Windows Update
RP75: 11-Nov-10 3:00:16 AM - Windows Update
RP76: 11-Nov-10 11:25:25 PM - Windows Update
RP77: 14-Nov-10 8:05:42 PM - Windows Update

==== Installed Programs ======================

µTorrent
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Alcor Micro USB Card Reader
Alien Swarm
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Atheros Driver Installation Program
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Definition update for Microsoft Office 2010 (KB982726)
DivX Web Player
FileZilla Client 3.3.4.1
Half-Life 2
Inspiration 9 IE
Intel(R) Management Engine Components
Intel(R) Turbo Boost Technology Driver
Java Auto Updater
Java(TM) 6 Update 21
Launch Manager
Malwarebytes' Anti-Malware
MediaMonkey 3.2
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.12)
Notebook Software
PX Profile Update
Realtek High Definition Audio Driver
Samsung ML-1710 Series
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Skype Toolbars
Skype™ 4.2
SMART Board Drivers
Steam
Torchlight Demo
VC80CRTRedist - 8.0.50727.762
VLC media player 1.1.4

==== Event Viewer Messages From Past Week ========

15-Nov-10 2:33:04 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
15-Nov-10 2:33:02 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126
15-Nov-10 2:32:48 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12-Nov-10 1:20:40 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
09-Nov-10 1:03:04 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
09-Nov-10 1:01:04 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

Can you check, if IE is having same issue?

======================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

 

[MaxS]

MBRCheck report

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 3820
Logical Drives Mask: 0x00000014

Kernel Drivers (total 196):
0x02C5C000 \SystemRoot\system32\ntoskrnl.exe
0x02C13000 \SystemRoot\system32\hal.dll
0x00B9E000 \SystemRoot\system32\kdcom.dll
0x00C10000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C54000 \SystemRoot\system32\PSHED.dll
0x00C68000 \SystemRoot\system32\CLFS.SYS
0x00CC6000 \SystemRoot\system32\CI.dll
0x00E5C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F00000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x0101E000 \SystemRoot\System32\Drivers\spbk.sys
0x01144000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x0114D000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x0117C000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x011D3000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x011DD000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F0F000 \SystemRoot\system32\DRIVERS\pci.sys
0x011EA000 \SystemRoot\System32\drivers\partmgr.sys
0x01000000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x01009000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F42000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F57000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FB3000 \SystemRoot\System32\drivers\mountmgr.sys
0x01015000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00FCD000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00E0B000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E1B000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00D86000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E26000 \SystemRoot\system32\drivers\fileinfo.sys
0x01237000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0148D000 \SystemRoot\System32\Drivers\msrpc.sys
0x014EB000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01505000 \SystemRoot\System32\Drivers\cng.sys
0x01578000 \SystemRoot\System32\drivers\pcw.sys
0x01589000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01623000 \SystemRoot\system32\drivers\ndis.sys
0x01715000 \SystemRoot\system32\drivers\NETIO.SYS
0x01775000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x017A0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01593000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x017EA000 \SystemRoot\System32\Drivers\spldr.sys
0x01400000 \SystemRoot\System32\drivers\rdyboost.sys
0x01600000 \SystemRoot\System32\Drivers\mup.sys
0x01612000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0143A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01474000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x00DD2000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x015F6000 \SystemRoot\System32\Drivers\Null.SYS
0x0161B000 \SystemRoot\System32\Drivers\Beep.SYS
0x013ED000 \SystemRoot\System32\drivers\vga.sys
0x02C92000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02CB7000 \SystemRoot\System32\drivers\watchdog.sys
0x02CC7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02CD0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02CD9000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02CE2000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02CED000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02CFE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02D1C000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02D29000 \SystemRoot\system32\drivers\afd.sys
0x02DB3000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02C00000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02C09000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02C2F000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02C45000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02C54000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02C6F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03A7F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03AD0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03ADC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03AE7000 \SystemRoot\System32\drivers\discache.sys
0x03AF6000 \SystemRoot\System32\Drivers\dfsc.sys
0x03B14000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03B25000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03B4B000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04811000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x05619000 \SystemRoot\system32\DRIVERS\igdpmd64.sys
0x04E80000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04F74000 \SystemRoot\System32\drivers\dxgmms1.sys
0x05600000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04FBA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x03B7F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04FCB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03BD5000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x04291000 \SystemRoot\system32\DRIVERS\athrx.sys
0x044B5000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x044C2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x044C7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x044E5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x044F4000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04541000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04543000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04552000 \SystemRoot\system32\DRIVERS\Impcd.sys
0x04578000 \SystemRoot\System32\Drivers\avt40w1m.SYS
0x045BD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x045D3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x045DC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x045EC000 \SystemRoot\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
0x04200000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04219000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04222000 \SystemRoot\system32\DRIVERS\SMARTVTabletPCx64.sys
0x04226000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0423C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04260000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03A00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0426C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03A2F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03A50000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04287000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03CE5000 \SystemRoot\system32\DRIVERS\ks.sys
0x03D28000 \SystemRoot\system32\DRIVERS\umbus.sys
0x03D3A000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x03D94000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x03DA1000 \SystemRoot\system32\DRIVERS\SMARTMouseFilterx64.sys
0x03DA9000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0649B000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x066BD000 \SystemRoot\system32\drivers\portcls.sys
0x066FA000 \SystemRoot\system32\drivers\drmk.sys
0x0671C000 \SystemRoot\system32\drivers\ksthunk.sys
0x06722000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0674C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0675A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x06766000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x06771000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00030000 \SystemRoot\System32\win32k.sys
0x06784000 \SystemRoot\System32\drivers\Dxapi.sys
0x06790000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x067AD000 \SystemRoot\System32\Drivers\usbvideo.sys
0x067DB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00480000 \SystemRoot\System32\TSDDD.dll
0x00770000 \SystemRoot\System32\cdd.dll
0x06400000 \SystemRoot\system32\drivers\luafv.sys
0x06423000 \SystemRoot\system32\drivers\WudfPf.sys
0x06444000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x03C00000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x06459000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0646C000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02AF9000 \SystemRoot\system32\drivers\HTTP.sys
0x02BC1000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02BDF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02A00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02A2D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02A7B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06224000 \SystemRoot\system32\drivers\peauth.sys
0x062CA000 \SystemRoot\System32\Drivers\secdrv.SYS
0x062D5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06302000 \??\C:\Windows\system32\Drivers\SSPORT.sys
0x0630A000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0631C000 \SystemRoot\System32\DRIVERS\srv2.sys
0x078DF000 \SystemRoot\System32\DRIVERS\srv.sys
0x07975000 \SystemRoot\system32\drivers\tdtcp.sys
0x07980000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x0798F000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x07871000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x0787C000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x770F0000 \Windows\System32\ntdll.dll
0x484C0000 \Windows\System32\smss.exe
0xFF410000 \Windows\System32\apisetschema.dll
0xFF4A0000 \Windows\System32\autochk.exe
0xFF2D0000 \Windows\System32\wininet.dll
0xFF1C0000 \Windows\System32\msctf.dll
0xFF140000 \Windows\System32\difxapi.dll
0xFEFC0000 \Windows\System32\urlmon.dll
0xFEDE0000 \Windows\System32\setupapi.dll
0xFED40000 \Windows\System32\clbcatq.dll
0xFECD0000 \Windows\System32\gdi32.dll
0x772C0000 \Windows\System32\psapi.dll
0xFEA70000 \Windows\System32\iertutil.dll
0xFEA50000 \Windows\System32\sechost.dll
0xFE920000 \Windows\System32\rpcrt4.dll
0xFE850000 \Windows\System32\usp10.dll
0xFE7B0000 \Windows\System32\comdlg32.dll
0xFE730000 \Windows\System32\shlwapi.dll
0x76FD0000 \Windows\System32\kernel32.dll
0xFE700000 \Windows\System32\imm32.dll
0xFD970000 \Windows\System32\shell32.dll
0xFD920000 \Windows\System32\ws2_32.dll
0xFD900000 \Windows\System32\imagehlp.dll
0xFD8B0000 \Windows\System32\Wldap32.dll
0xFD6A0000 \Windows\System32\ole32.dll
0xFD5C0000 \Windows\System32\advapi32.dll
0xFD5B0000 \Windows\System32\lpk.dll
0xFD510000 \Windows\System32\msvcrt.dll
0xFD500000 \Windows\System32\nsi.dll
0xFD420000 \Windows\System32\oleaut32.dll
0x76ED0000 \Windows\System32\user32.dll
0x772B0000 \Windows\System32\normaliz.dll
0xFD400000 \Windows\System32\devobj.dll
0xFD3C0000 \Windows\System32\cfgmgr32.dll
0xFD380000 \Windows\System32\wintrust.dll
0xFD310000 \Windows\System32\KernelBase.dll
0xFD270000 \Windows\System32\comctl32.dll
0xFD100000 \Windows\System32\crypt32.dll
0xFD0F0000 \Windows\System32\msasn1.dll

Processes (total 67):
0 System Idle Process
4 System
304 C:\Windows\System32\smss.exe
420 csrss.exe
484 C:\Windows\System32\wininit.exe
504 csrss.exe
556 C:\Windows\System32\services.exe
576 C:\Windows\System32\lsass.exe
584 C:\Windows\System32\lsm.exe
608 C:\Windows\System32\winlogon.exe
720 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\svchost.exe
916 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1008 C:\Windows\System32\atiesrxx.exe
444 C:\Windows\System32\svchost.exe
632 C:\Windows\System32\svchost.exe
736 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\atieclxx.exe
1316 C:\Windows\System32\wisptis.exe
1344 C:\Windows\System32\svchost.exe
1696 C:\Windows\System32\spoolsv.exe
1812 C:\Windows\System32\svchost.exe
1336 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
1208 C:\Windows\System32\wisptis.exe
1204 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
1764 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
1732 C:\Windows\System32\taskhost.exe
1848 C:\Windows\explorer.exe
1872 C:\Windows\System32\dwm.exe
1920 C:\Windows\System32\svchost.exe
1232 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
2336 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
2344 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
2352 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2360 C:\Windows\System32\igfxtray.exe
2372 C:\Windows\System32\hkcmd.exe
2380 C:\Windows\System32\igfxpers.exe
2452 C:\Program Files\Microsoft Security Essentials\msseces.exe
2464 C:\Users\Max\Downloads\TwoFingerScroll.exe
2488 C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
356 C:\Windows\System32\SearchIndexer.exe
3128 C:\Program Files (x86)\Launch Manager\LManager.exe
3316 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3556 C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
3592 C:\Program Files (x86)\Launch Manager\LMworker.exe
3664 C:\Windows\System32\wbem\unsecapp.exe
3816 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3884 C:\Program Files\Windows Media Player\wmpnetwk.exe
3904 WmiPrvSE.exe
4032 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3476 C:\Windows\System32\svchost.exe
4160 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4552 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
4680 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
3760 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
3168 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
428 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
4604 C:\Windows\System32\audiodg.exe
1864 C:\Windows\System32\svchost.exe
4460 taskhost.exe
3372 C:\Windows\System32\SearchProtocolHost.exe
4140 C:\Windows\System32\SearchFilterHost.exe
2068 C:\Windows\System32\SearchProtocolHost.exe
1840 C:\Users\Max\Desktop\MBRCheck.exe
4660 C:\Windows\System32\conhost.exe
5112 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000BEVT-22A0RT0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

 

[Broni]

Read all of my instructions very carefully.

Can you check, if IE is having same issue?

 

[MaxS]

Oops, sorry about that. I had checked before posting, just forgot to mention it =/
I opened IE and sure enough Google links do redirect, however, I didn't keep it open or browse long enough to notice if I had pop ups. I don't really use IE tbh....

 

[Broni]

Ok, we have to fix your MBR first.

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

• Place a blank CD in your CD drive.
• Double click on NTBR_CD.exe file and a folder of the same name will appear.
• Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
• Follow the prompts to burn the CD.

• Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
• If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

• Insert the newly created CD into your infected PC and reboot your computer.
• Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
• Read the warning and then continue as prompted.
• You first need to select your keyboard layout - press Enter for English.
• Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
• On the following screen enter 5 to select Install Standard MBR code.
• Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
• When asked to confirm please do so.
• Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
• Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

 

[MaxS]

I have no CD rom drive (thin and light laptop). Can I load this file onto a USB drive and have it boot off of that? Please let me know if there are additional steps to be taken. I think that's going to be it for me for tonight, but I will continue with this tomorrow.

Thanks!

 

[Broni]

1. Create Vista/7 Recovery Disc.

Windows 7 from USB: http://www.intowindows.com/how-to-r...h-drive-repair-without-installation-dvd-disc/

2. Boot from created USB.

Vista users. At first screen click on Repair your computer:

Windows 7 users. At first screen click on Install now:

Select your language and click next:

Click the button for "Use recovery tools":

The following applies to both, Vista and Windows 7 users.

This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:

After this, it will present you with a list of options including startup repair, system restore and command prompt:

Select Command Prompt

Type in:
bootrec /FixMbr (<--- there is a "space" after "bootrec")
and then press Enter

Once completed then type Exit, press Enter and restart computer.

Post fresh MBRCheck log.

 

[MaxS]

So I ran the repair and now my computer doesn't seem to want to start up... It gets to the windows logo and then I see a flash of a BSOD and it restarts again. It's now running Startup Repair to see what it can do...

Not sure what went wrong here =\

 

[MaxS]

Start up repair has been running for a good 10 minutes now and hasn't done anything =\

Help! =\

 

[MaxS]

Startup Repair cannot repair this computer automatically

Sending more information can help Microsoft create solutions.

Send information about this problem (recommended)
Don't send

Show problem:

Problem signature:
-Problem Signature 01: StartupRepairOffline
-Problem Signature 02: 6.1.7600.16385
-Problem Signature 03: 6.1.7600.16385
-Problem Signature 04: unknown
-Problem Signature 05: 21200755
-Problem Signature 05: AutoFailover
-Problem Signature 06: 2
-Problem Signature 07: NoRootCause
-OS Version: 6.1.7600.2.0.0.256.1
-Locale ID: 1033

Read our privacy statement online:
http://go.microsoft.com/fwlink/>linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
X:\windows\system32\en-US\erofflps.txt

 

[Broni]

Run MBR fix one more time please.

 

[MaxS]

I'm unable to boot into windows....
As I said, when I try to boot up, it goes to the windows logo, spins for a second and then a quick BSOD and then it recommends I boot up with Launch Startup Repair....

 

[Broni]

Re-run procedure from my reply #8.

 

[MaxS]

Once I exit I want to change to boot drive to the hard drive correct? If that's the case, then it's not working. I get the windows logo, it freezes and then quick BSOD and a reboot. =\

 

[Broni]

Once I exit I want to change to boot drive to the hard drive correct?

No, you don't have too change anything.
Did you retry a whole procedure?

 

[MaxS]

Yes I retried the whole procedure from step 8. It doesn't seem to work and in fact seems to have made things worse

 

[Broni]

Let's try something else.
Since you don't have CD drive, adjust the manual listed below by reading here: http://forums.majorgeeks.com/showthread.php?t=216844 (how to create OTLPE on USB drive).

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

• When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
• Reboot your system using the boot CD you just created.
  • Note : If you do not know how to set your computer to boot from CD follow the steps here
• Your system should now display a REATOGO-X-PE desktop.
• Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
• Double-click on the OTLPE icon.
• When asked Do you wish to load the remote registry, select Yes
• When asked Do you wish to load remote user profile(s) for scanning, select Yes
• Ensure the box Automatically Load All Remaining Users" is checked and press OK
• OTL should now start.
• Press Run Scan to start the scan.
• When finished, the file will be saved in drive C:\OTL.txt
• Copy this file to your USB drive if you do not have internet connection on this system
• Please post the contents of the OTL.txt file in your reply.

 

[MaxS]

One question, before I proceed. You linked me to OTLPENet.exe where as in the thread on how to create OTLPE on USB drive, they're talking about OTLPEStd. Should I just follow the steps, but use the program you linked?

 

[Broni]

Way to go
Always ask, if in doubt.
Follow instructions from my link first to create bootable USB.

Then, boot from the USB and follow MY instructions, starting with this line:

Your system should now display a REATOGO-X-PE desktop.

 

[MaxS]

I'm running into an error when using PeToUSB. When I try to start the program it gives me an error: FormatEx Error[11]: An Error Occured Formating the Drive.

From what I've read I believe it's because the version of PeToUSB linked in that post is version 3.0.0.7 and it doesn't support usb drives bigger than 2gb. Unfortunatly, all I have is an 8 Gb drive. What do I do now? =\

 

[Broni]

We really don't have too many options here...
You'll need to get smaller drive. You should be able to get 2GB drive for maybe 10 bucks.

 

[MaxS]

You don't have any software that can substitute PeToUSB, or maybe software that will allow me to partition my USB drive so that it has a 2gb partition, thus "fooling" the software?

 

[Broni]

Not really.
Maybe you can get hold on external USB CD drive?

 

[MaxS]

I have a cable to connect my pc's dvd drive via usb to my laptop. I suppose I can do that. I assume I'll follow the instructions in your previous post, however using OTLPEStd?